Home » Spyware & Browser Hijacker Support Forum » Windows explorer.exe hat ein Problem festgestellt und muss beendet werden. » Themenansicht
Windows explorer.exe hat ein Problem festgestellt und muss beendet werden. |
||
|---|---|---|
| #0
| ||
|
02.05.2008, 11:19
...neu hier
Beiträge: 6 |
||
 
|
|
|
|
02.05.2008, 11:38
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo,
deine Internetverbindung wird in die Ukraine umgeleitet....  alle 017-Einträge sind zu fixen .. ausser O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD83F4D-36E5-44F0-97CB-8B0E219A8B83}: NameServer = 192.168.0.1 -------------------- 1. wende cleaner an http://www.ccleaner.de/?protecus.de 2. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. Zitat R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)3. wende fixwareout an + poste hier den report http://virus-protect.org/artikel/tools/fixwareout.html 4. wende avz an + poste den report http://virus-protect.org/artikel/tools/avz.html 5. wende combofix an , Warnmeldung wegklicken + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.05.2008, 14:35
...neu hier
Themenstarter Beiträge: 6 |
#3
hi!
also erstmal vielen dank für die schnelle antwort! hier der fixwareout report: Username "Maggy" - 02.05.2008 13:54:11 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Der DNS-Auflösungscache wurde geleert. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Other C:\WINDOWS\Temp\kdwlu.ren 71246 25.03.2006 ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "hpWirelessAssistant"="C:\\Programme\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "MsmqIntCert"="regsvr32 /s mqrt.dll" "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "QPService"="\"C:\\Programme\\HP\\QuickPlay\\QPService.exe\"" "HP Software Update"="C:\\Programme\\Hp\\HP Software Update\\HPWuSchd2.exe" "QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\ 74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\ 68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\ 61,72,74,00 "Cpqset"="C:\\Programme\\Hewlett-Packard\\Default Settings\\cpqset.exe" "RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe" "COMODO Firewall Pro"="\"C:\\Programme\\Comodo\\Firewall\\CPF.exe\" /background" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "Geburtstagskalender"="\"C:\\Dokumente und Einstellungen\\Maggy\\Desktop\\GebTag.exe\" /check" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "BDMCon"="C:\\PROGRA~1\\Softwin\\BITDEF~2\\bdmcon.exe" "BDAgent"="\"C:\\Programme\\Softwin\\BitDefender10\\bdagent.exe\"" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "nwiz"="nwiz.exe /installquiet /nodetect" "ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start" "QuickTime Task"="\"C:\\Programme\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\itunes\\iTunesHelper.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "GMX SMS-Manager"="C:\\Programme\\GMX\\GMX SMS-Manager\\SMSMngr.exe" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ hier der avz report: AVZ Antiviral Toolkit log; AVZ version is 4.30 Scanning started at 02.05.2008 14:05:20 Database loaded: signatures - 162333, NN profile(s) - 2, microprograms of healing - 55, signature database released 02.05.2008 10:46 Heuristic microprograms loaded: 370 SPV microprograms loaded: 9 Digital signatures of system files loaded: 70774 Heuristic analyzer mode: Medium heuristics level Healing mode: enabled Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights System Restore: enabled 1. Searching for Rootkits and programs intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Function kernel32.dll:LoadLibraryA (578) intercepted, method APICodeHijack.JmpTo[10003086] Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Function ws2_32.dll:accept (1) intercepted, method APICodeHijack.JmpTo[10002F26] Function ws2_32.dll:bind (2) intercepted, method APICodeHijack.JmpTo[10003016] Function ws2_32.dll:closesocket (3) intercepted, method APICodeHijack.JmpTo[10003056] Function ws2_32.dll:connect (4) intercepted, method APICodeHijack.JmpTo[10002D96] Function ws2_32.dll:gethostbyname (52) intercepted, method APICodeHijack.JmpTo[10002D66] Function ws2_32.dll:listen (13) intercepted, method APICodeHijack.JmpTo[10002A56] Function ws2_32.dll:recvfrom (17) intercepted, method APICodeHijack.JmpTo[10002C96] Function ws2_32.dll:send (19) intercepted, method APICodeHijack.JmpTo[10002A96] Function ws2_32.dll:sendto (20) intercepted, method APICodeHijack.JmpTo[10002D06] Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Function rasapi32.dll:RasDialA (21) intercepted, method APICodeHijack.JmpTo[10003B26] Function rasapi32.dll:RasDialW (22) intercepted, method APICodeHijack.JmpTo[10003CB6] Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=0846E0) Kernel ntkrnlpa.exe found in memory at address 804D7000 SDT = 8055B6E0 KiST = 80503A70 (284) Function NtConnectPort (1F) intercepted (805A31EA->F3CB50D2), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtCreateFile (25) intercepted (80577F46->F3CB7302), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtCreatePort (2E) intercepted (805A3D06->F3CB502C), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtCreateSection (32) intercepted (805A9FE4->F3CB5AAE), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtCreateThread (35) intercepted (805CFA78->F3CB4D12), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtDeleteFile (3E) intercepted (80575B2C->F3CB6CB0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtDeleteKey (3F) intercepted (80622762->F3CB5EC0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtDeleteValueKey (41) intercepted (80622932->F3CB5DDA), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtOpenProcess (7A) intercepted (805C9EBA->F3CB5B94), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtOpenSection (7D) intercepted (805A9008->F3CB59E0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtOpenThread (80) intercepted (805CA146->F3CB5CB0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtSetContextThread (D5) intercepted (805D019A->F3CB4BB4), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtSetInformationFile (E0) intercepted (80579EAC->F3CB6DE0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtSetValueKey (F7) intercepted (80620992->F3CB526A), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtShutdownSystem (F9) intercepted (80611012->F3CB5FA0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtTerminateProcess (101) intercepted (805D13E4->F3CB4F66), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtWriteFile (112) intercepted (8057BD6A->F3CB714A), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Function NtWriteFileGather (113) intercepted (8057C34E->F3CB6FB4), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted Functions checked: 284, intercepted: 18, restored: 0 1.3 Checking IDT and SYSENTER Analysis for CPU 1 Analysis for CPU 2 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Driver loaded successfully 1.5 Checking of IRP handlers Checking - complete 2. Scanning memory Number of processes found: 58 Number of modules loaded: 475 Scanning memory - complete 3. Scanning disks Direct reading C:\Dokumente und Einstellungen\Maggy\Lokale Einstellungen\Temp\~DF4A54.tmp Direct reading C:\Dokumente und Einstellungen\Maggy\Lokale Einstellungen\Temp\~DF55D7.tmp Direct reading C:\Dokumente und Einstellungen\Maggy\Lokale Einstellungen\Temp\~DFCD49.tmp Direct reading C:\Dokumente und Einstellungen\Maggy\Lokale Einstellungen\Temp\~DFFD04.tmp 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) C:\Programme\Bonjour\mdnsNSP.dll --> Suspicion for Keylogger or Trojan DLL C:\Programme\Bonjour\mdnsNSP.dll>>> Behavioural analysis Behaviour typical for keyloggers not detected Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs 6. Searching for opened TCP/UDP ports used by malicious programs Checking disabled by user 7. Heuristic system check Latent loading of libraries through AppInit_DLLs suspected: "sockspy.dll" >>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability) Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: RemoteRegistry (Remote-Registrierung) >> Services: potentially dangerous service allowed: TermService (Terminaldienste) >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service) >> Services: potentially dangerous service allowed: Schedule (Taskplaner) >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe) >> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun are allowed >> Autorun from network drives are allowed >> Removable media autorun are allowed Checking - complete Files scanned: 112014, extracted from archives: 91729, malicious software found 0, suspicions - 0 Scanning finished at 02.05.2008 14:29:17 Time of scanning: 00:23:58 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference hier der combofix report: ComboFix 08-05-01.1 - Maggy 2008-05-02 14:32:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.471 [GMT 2:00] ausgeführt von:: C:\Programme\combofix\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((( Dateien erstellt von 2008-04-02 bis 2008-05-02 )))))))))))))))))))))))))))))) . 2008-05-02 13:59 . 2008-05-02 14:27 <DIR> d-------- C:\Programme\fixwareout 2008-05-02 13:59 . 2008-05-02 13:59 <DIR> d-------- C:\Programme\AVZ 2008-05-02 13:51 . 2008-05-02 14:27 <DIR> d-------- C:\Programme\combofix 2008-05-02 13:46 . 2008-05-02 13:59 <DIR> d-------- C:\fixwareout 2008-05-02 13:35 . 2008-05-02 13:36 <DIR> d-------- C:\Programme\CCleaner 2008-04-08 10:30 . 2008-04-08 10:30 <DIR> d-------- C:\Programme\Disc2Phone . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-02 12:33 --------- d-----w C:\Dokumente und Einstellungen\Maggy\Anwendungsdaten\Skype 2008-05-02 12:30 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-03-28 12:38 --------- d-----w C:\Programme\PartyGaming 2008-03-10 20:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller 2008-03-10 20:01 --------- dcsh--w C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller 2008-03-10 20:01 --------- d-----w C:\Programme\Windows Live 2008-03-10 12:30 --------- d-----w C:\Programme\itunes 2008-03-10 12:30 --------- d-----w C:\Programme\iPod 2008-03-10 12:30 --------- d-----w C:\Programme\Bonjour 2008-03-10 12:29 --------- d-----w C:\Programme\QuickTime 2008-03-06 09:13 --------- d-----w C:\Programme\NetWaiting 2008-03-06 09:12 --------- d-----w C:\Programme\CONEXANT 2008-03-05 13:00 --------- d-----w C:\Programme\Google 2008-03-02 02:21 --------- d-----w C:\Programme\Google Earth 2008-03-02 02:11 --------- d--h--w C:\Programme\InstallShield Installation Information 2006-12-17 11:54 502 ----a-w C:\Dokumente und Einstellungen\Maggy\Anwendungsdaten\wklnhst.dat 2006-12-11 21:45 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00 15360] "GMX SMS-Manager"="C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 12:17 3539968] "Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-03-30 13:34 25263144] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512] "hpWirelessAssistant"="C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 21:03 36975] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946] "QPService"="C:\Programme\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400] "HP Software Update"="C:\Programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "QlbCtrl"="C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840] "Cpqset"="C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "COMODO Firewall Pro"="C:\Programme\Comodo\Firewall\CPF.exe" [2007-04-01 15:59 1115728] "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800] "Geburtstagskalender"="C:\Dokumente und Einstellungen\Maggy\Desktop\GebTag.exe" [ ] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01 155648] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe" [2007-04-02 16:48 290816] "BDAgent"="C:\Programme\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016] "nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe] "ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184] "ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-28 00:50 81920] "QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Programme\itunes\iTunesHelper.exe" [2008-02-19 14:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 06:00 15360] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] HP Photosmart Premier - Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\StubInstaller.exe"= "C:\\Programme\\Limewire\\LimeWire.exe"= "C:\\Programme\\ICQLite\\ICQLite.exe"= "C:\\Programme\\Bonjour\\mDNSResponder.exe"= "C:\\Programme\\itunes\\iTunes.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 22:39] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 01:49] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab1e3160-d3bb-11dc-9b9e-00163698c399}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE *Newly Created Service* - CATCHME *Newly Created Service* - UTI1NJQ2 . Inhalt des "geplante Tasks" Ordners "2008-04-14 10:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programme\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 14:33:24 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????<?@?????????????Y?@?????<?@ Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\uti1njq2] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\uti1njq2.sys" . Zeit der Fertigstellung: 2008-05-02 14:34:01 ComboFix-quarantined-files.txt 2008-05-02 12:33:56 13 Verzeichnis(se), 78,613,823,488 Bytes frei 18 Verzeichnis(se), 78,597,361,664 Bytes frei 129 nachdem ich das alles gemacht habe konnte ich diesen ordner problemlos entfernen... es kommt keine fehlermeldung mehr!!! VIELEN DANK!!!! glg |
|
|
|
|
|
|
02.05.2008, 15:03
Ehrenmitglied
Beiträge: 29434 |
#4
««
1. http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) uti1njq2 in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. ------------ 2. poste ein neues Log vom Hijackthis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.05.2008, 15:35
...neu hier
Themenstarter Beiträge: 6 |
#5
hier der text vom notepad:
Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 02.05.2008 15:32:55 for strings: ; 'uti1njq2' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2\0000] "Service"="uti1njq2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2\0000\Control] "ActiveService"="uti1njq2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2\0000] "Service"="uti1njq2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2\0000\Control] "ActiveService"="uti1njq2" ; End Of The Log... und hier nochmal der log von hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 15:34:15, on 02.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Comodo\Firewall\cmdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\system32\mqsvc.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programme\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\HP\QuickPlay\QPService.exe C:\Programme\Hp\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programme\Comodo\Firewall\CPF.exe C:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe C:\Programme\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\itunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Programme\iPod\bin\iPodService.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programme\HiJackThis\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Geburtstagskalender] "C:\Dokumente und Einstellungen\Maggy\Desktop\GebTag.exe" /check O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\itunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202927556265 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202927656062 O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD83F4D-36E5-44F0-97CB-8B0E219A8B83}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\Comodo\Firewall\cmdagent.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) |
|
|
|
|
|
|
02.05.2008, 15:38
Ehrenmitglied
Beiträge: 29434 |
#6
««
Virustotal http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\Drivers\uti1njq2.sys Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren ->hier kopieren ------- «« fixe noch mal mit hijacktHis Zitat O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15+ PC neustarten poste ein neues log von hijackThus __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.05.2008, 15:39
...neu hier
Themenstarter Beiträge: 6 |
#7
hab gerade gesehen, dass diese zeile noch vorkam...
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15 die habe ich jetzt mit hilfe des hijackthis noch gelöscht... so wie du es mir oben gezeigt hast. ich hoffe, das war richtig so... glg |
|
|
|
|
|
|
02.05.2008, 15:40
Ehrenmitglied
Beiträge: 29434 |
#8
da haben sich wohl unsere Antworten überschnitten
prüfe die sys und poste den report -- + ein neues Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.05.2008, 15:42
...neu hier
Themenstarter Beiträge: 6 |
#9
ich habe es zweimal probiert... und es kam immer diese meldung:
0 bytes size received / Se ha recibido un archivo vacio neuer hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 15:46:39, on 02.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Comodo\Firewall\cmdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\HP\QuickPlay\QPService.exe C:\Programme\Hp\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programme\Comodo\Firewall\CPF.exe C:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe C:\Programme\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mqtgsvc.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\itunes\iTunesHelper.exe C:\Programme\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\HiJackThis\hijackthis_199\HijackThis.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Geburtstagskalender] "C:\Dokumente und Einstellungen\Maggy\Desktop\GebTag.exe" /check O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\itunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202927556265 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202927656062 O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD83F4D-36E5-44F0-97CB-8B0E219A8B83}: NameServer = 192.168.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\Comodo\Firewall\cmdagent.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Dieser Beitrag wurde am 02.05.2008 um 15:50 Uhr von maggy editiert.
|
|
|
|
|
|
|
02.05.2008, 17:23
Ehrenmitglied
Beiträge: 29434 |
#10
««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern  Zitat KILLALL::Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden. cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen  danach: Combofix noch einmal anwenden PC neustarten dann sollte wieder alles i.o. sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.05.2008, 17:41
...neu hier
Themenstarter Beiträge: 6 |
||
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
- » explorer.exe hat ein Problem festgestellt und muss beendet
- » explorer.exe hat ein Problem festgestellt und muss beendet werden
- » explorer. exe hat ein Problem festgestellt und muss beendet werden.
- » explorer.exe hat ein problem festgestellt und muss beendet werden
- » explorer.exe. hat ein problem festgestellt und muss beendet werden
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich habe mich schon durch einige Foren gelesen, aber niemand genau das gleich Problem wie ich. Bei mir ist es so: Ich habe einen neuen Ordner in die Eigenen Dateien-Eigene Musik gestellt. Danach habe ich über das Programm utorrent ein paar Lieder gedownloadet und sie in diesen Ordner speichern lassen. Seit dem kann ich den Ordner nicht öffnen. Sobald ich mit dem Mauszeiger dürberfahre kommt die Meldung: "Windows explorer.exe hat ein Problem festgestellt und muss beendet werden." Danach schließt sich der Ordner. Ich wollte ihn schon löschen, aber das funktioniert nicht. Und da ich mich mit solchen Dingen leider gar nicht auskenne, hoffe ich hier Hilfe zu bekommen.
Logfile of HijackThis v1.99.1
Scan saved at 10:58:22, on 02.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HP\QuickPlay\QPService.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Comodo\Firewall\CPF.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\itunes\iTunesHelper.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\HiJackThis\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Geburtstagskalender] "C:\Dokumente und Einstellungen\Maggy\Desktop\GebTag.exe" /check
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202927556265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202927656062
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD83F4D-36E5-44F0-97CB-8B0E219A8B83}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS3\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\Comodo\Firewall\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Erklärt mir bitte verständlich, was ich tun soll... ich kenn mich wirklich nicht aus
glg maggy