Windows explorer.exe hat ein Problem festgestellt und muss beendet werden.

#0
02.05.2008, 11:19
...neu hier

Beiträge: 6
#1 Hi!

Ich habe mich schon durch einige Foren gelesen, aber niemand genau das gleich Problem wie ich. Bei mir ist es so: Ich habe einen neuen Ordner in die Eigenen Dateien-Eigene Musik gestellt. Danach habe ich über das Programm utorrent ein paar Lieder gedownloadet und sie in diesen Ordner speichern lassen. Seit dem kann ich den Ordner nicht öffnen. Sobald ich mit dem Mauszeiger dürberfahre kommt die Meldung: "Windows explorer.exe hat ein Problem festgestellt und muss beendet werden." Danach schließt sich der Ordner. Ich wollte ihn schon löschen, aber das funktioniert nicht. Und da ich mich mit solchen Dingen leider gar nicht auskenne, hoffe ich hier Hilfe zu bekommen.

Logfile of HijackThis v1.99.1
Scan saved at 10:58:22, on 02.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HP\QuickPlay\QPService.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Comodo\Firewall\CPF.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\itunes\iTunesHelper.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\HiJackThis\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Geburtstagskalender] "C:\Dokumente und Einstellungen\Maggy\Desktop\GebTag.exe" /check
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202927556265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202927656062
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD83F4D-36E5-44F0-97CB-8B0E219A8B83}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O17 - HKLM\System\CS3\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\Comodo\Firewall\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Erklärt mir bitte verständlich, was ich tun soll... ich kenn mich wirklich nicht aus ;)

glg maggy
Seitenanfang Seitenende
02.05.2008, 11:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo,

deine Internetverbindung wird in die Ukraine umgeleitet.... ;)

alle 017-Einträge sind zu fixen ..
ausser
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD83F4D-36E5-44F0-97CB-8B0E219A8B83}: NameServer = 192.168.0.1

--------------------

1.
wende cleaner an
http://www.ccleaner.de/?protecus.de

2.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked.

Zitat

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)


O17 - HKLM\System\CCS\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15

O17 - HKLM\System\CS1\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15

O17 - HKLM\System\CS2\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15

O17 - HKLM\System\CS3\Services\Tcpip\..\{16C74840-4065-4439-9F4F-CBE0DEC8CF2A}: NameServer = 85.255.116.163,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15

3.
wende fixwareout an + poste hier den report
http://virus-protect.org/artikel/tools/fixwareout.html

4.
wende avz an + poste den report
http://virus-protect.org/artikel/tools/avz.html

5.
wende combofix an , Warnmeldung wegklicken + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.05.2008, 14:35
...neu hier

Themenstarter

Beiträge: 6
#3 hi!
also erstmal vielen dank für die schnelle antwort!

hier der fixwareout report:
Username "Maggy" - 02.05.2008 13:54:11 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Der DNS-Auflösungscache wurde geleert.



~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdwlu.ren 71246 25.03.2006

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"hpWirelessAssistant"="C:\\Programme\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Programme\\HP\\QuickPlay\\QPService.exe\""
"HP Software Update"="C:\\Programme\\Hp\\HP Software Update\\HPWuSchd2.exe"
"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\
74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\
68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\
61,72,74,00
"Cpqset"="C:\\Programme\\Hewlett-Packard\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"COMODO Firewall Pro"="\"C:\\Programme\\Comodo\\Firewall\\CPF.exe\" /background"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"Geburtstagskalender"="\"C:\\Dokumente und Einstellungen\\Maggy\\Desktop\\GebTag.exe\" /check"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BDMCon"="C:\\PROGRA~1\\Softwin\\BITDEF~2\\bdmcon.exe"
"BDAgent"="\"C:\\Programme\\Softwin\\BitDefender10\\bdagent.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /installquiet /nodetect"
"ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\itunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"GMX SMS-Manager"="C:\\Programme\\GMX\\GMX SMS-Manager\\SMSMngr.exe"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


hier der avz report:

AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 02.05.2008 14:05:20
Database loaded: signatures - 162333, NN profile(s) - 2, microprograms of healing - 55, signature database released 02.05.2008 10:46
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 70774
Heuristic analyzer mode: Medium heuristics level
Healing mode: enabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Function kernel32.dll:LoadLibraryA (578) intercepted, method APICodeHijack.JmpTo[10003086]
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Function ws2_32.dll:accept (1) intercepted, method APICodeHijack.JmpTo[10002F26]
Function ws2_32.dll:bind (2) intercepted, method APICodeHijack.JmpTo[10003016]
Function ws2_32.dll:closesocket (3) intercepted, method APICodeHijack.JmpTo[10003056]
Function ws2_32.dll:connect (4) intercepted, method APICodeHijack.JmpTo[10002D96]
Function ws2_32.dll:gethostbyname (52) intercepted, method APICodeHijack.JmpTo[10002D66]
Function ws2_32.dll:listen (13) intercepted, method APICodeHijack.JmpTo[10002A56]
Function ws2_32.dll:recvfrom (17) intercepted, method APICodeHijack.JmpTo[10002C96]
Function ws2_32.dll:send (19) intercepted, method APICodeHijack.JmpTo[10002A96]
Function ws2_32.dll:sendto (20) intercepted, method APICodeHijack.JmpTo[10002D06]
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Function rasapi32.dll:RasDialA (21) intercepted, method APICodeHijack.JmpTo[10003B26]
Function rasapi32.dll:RasDialW (22) intercepted, method APICodeHijack.JmpTo[10003CB6]
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=0846E0)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055B6E0
KiST = 80503A70 (284)
Function NtConnectPort (1F) intercepted (805A31EA->F3CB50D2), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtCreateFile (25) intercepted (80577F46->F3CB7302), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtCreatePort (2E) intercepted (805A3D06->F3CB502C), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtCreateSection (32) intercepted (805A9FE4->F3CB5AAE), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtCreateThread (35) intercepted (805CFA78->F3CB4D12), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtDeleteFile (3E) intercepted (80575B2C->F3CB6CB0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtDeleteKey (3F) intercepted (80622762->F3CB5EC0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtDeleteValueKey (41) intercepted (80622932->F3CB5DDA), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtOpenProcess (7A) intercepted (805C9EBA->F3CB5B94), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtOpenSection (7D) intercepted (805A9008->F3CB59E0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtOpenThread (80) intercepted (805CA146->F3CB5CB0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtSetContextThread (D5) intercepted (805D019A->F3CB4BB4), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtSetInformationFile (E0) intercepted (80579EAC->F3CB6DE0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtSetValueKey (F7) intercepted (80620992->F3CB526A), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtShutdownSystem (F9) intercepted (80611012->F3CB5FA0), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtTerminateProcess (101) intercepted (805D13E4->F3CB4F66), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtWriteFile (112) intercepted (8057BD6A->F3CB714A), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Function NtWriteFileGather (113) intercepted (8057C34E->F3CB6FB4), hook C:\WINDOWS\System32\DRIVERS\cmdmon.sys, driver recognized as trusted
Functions checked: 284, intercepted: 18, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
Checking - complete
2. Scanning memory
Number of processes found: 58
Number of modules loaded: 475
Scanning memory - complete
3. Scanning disks
Direct reading C:\Dokumente und Einstellungen\Maggy\Lokale Einstellungen\Temp\~DF4A54.tmp
Direct reading C:\Dokumente und Einstellungen\Maggy\Lokale Einstellungen\Temp\~DF55D7.tmp
Direct reading C:\Dokumente und Einstellungen\Maggy\Lokale Einstellungen\Temp\~DFCD49.tmp
Direct reading C:\Dokumente und Einstellungen\Maggy\Lokale Einstellungen\Temp\~DFFD04.tmp
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\Programme\Bonjour\mdnsNSP.dll --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Bonjour\mdnsNSP.dll>>> Behavioural analysis
Behaviour typical for keyloggers not detected
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Latent loading of libraries through AppInit_DLLs suspected: "sockspy.dll"
>>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote-Registrierung)
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 112014, extracted from archives: 91729, malicious software found 0, suspicions - 0
Scanning finished at 02.05.2008 14:29:17
Time of scanning: 00:23:58
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

hier der combofix report:

ComboFix 08-05-01.1 - Maggy 2008-05-02 14:32:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.471 [GMT 2:00]
ausgeführt von:: C:\Programme\combofix\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-02 bis 2008-05-02 ))))))))))))))))))))))))))))))
.

2008-05-02 13:59 . 2008-05-02 14:27 <DIR> d-------- C:\Programme\fixwareout
2008-05-02 13:59 . 2008-05-02 13:59 <DIR> d-------- C:\Programme\AVZ
2008-05-02 13:51 . 2008-05-02 14:27 <DIR> d-------- C:\Programme\combofix
2008-05-02 13:46 . 2008-05-02 13:59 <DIR> d-------- C:\fixwareout
2008-05-02 13:35 . 2008-05-02 13:36 <DIR> d-------- C:\Programme\CCleaner
2008-04-08 10:30 . 2008-04-08 10:30 <DIR> d-------- C:\Programme\Disc2Phone

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 12:33 --------- d-----w C:\Dokumente und Einstellungen\Maggy\Anwendungsdaten\Skype
2008-05-02 12:30 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-28 12:38 --------- d-----w C:\Programme\PartyGaming
2008-03-10 20:05 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller
2008-03-10 20:01 --------- dcsh--w C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller
2008-03-10 20:01 --------- d-----w C:\Programme\Windows Live
2008-03-10 12:30 --------- d-----w C:\Programme\itunes
2008-03-10 12:30 --------- d-----w C:\Programme\iPod
2008-03-10 12:30 --------- d-----w C:\Programme\Bonjour
2008-03-10 12:29 --------- d-----w C:\Programme\QuickTime
2008-03-06 09:13 --------- d-----w C:\Programme\NetWaiting
2008-03-06 09:12 --------- d-----w C:\Programme\CONEXANT
2008-03-05 13:00 --------- d-----w C:\Programme\Google
2008-03-02 02:21 --------- d-----w C:\Programme\Google Earth
2008-03-02 02:11 --------- d--h--w C:\Programme\InstallShield Installation Information
2006-12-17 11:54 502 ----a-w C:\Dokumente und Einstellungen\Maggy\Anwendungsdaten\wklnhst.dat
2006-12-11 21:45 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00 15360]
"GMX SMS-Manager"="C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 12:17 3539968]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-03-30 13:34 25263144]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
"hpWirelessAssistant"="C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 21:03 36975]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946]
"QPService"="C:\Programme\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400]
"HP Software Update"="C:\Programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840]
"Cpqset"="C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"COMODO Firewall Pro"="C:\Programme\Comodo\Firewall\CPF.exe" [2007-04-01 15:59 1115728]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"Geburtstagskalender"="C:\Dokumente und Einstellungen\Maggy\Desktop\GebTag.exe" [ ]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01 155648]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Programme\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-28 00:50 81920]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programme\itunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 06:00 15360]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Photosmart Premier - Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Programme\\Limewire\\LimeWire.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\itunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 22:39]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 01:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab1e3160-d3bb-11dc-9b9e-00163698c399}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - UTI1NJQ2
.
Inhalt des "geplante Tasks" Ordners
"2008-04-14 10:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 14:33:24
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????<?@?????????????Y?@?????<?@

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\uti1njq2]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\uti1njq2.sys"
.
Zeit der Fertigstellung: 2008-05-02 14:34:01
ComboFix-quarantined-files.txt 2008-05-02 12:33:56

13 Verzeichnis(se), 78,613,823,488 Bytes frei
18 Verzeichnis(se), 78,597,361,664 Bytes frei

129


nachdem ich das alles gemacht habe konnte ich diesen ordner problemlos entfernen... es kommt keine fehlermeldung mehr!!!

VIELEN DANK!!!!

glg
Seitenanfang Seitenende
02.05.2008, 15:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 ««

1.
http://virus-protect.org/artikel/tools/regsearch.html

und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

uti1njq2

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

------------

2.
poste ein neues Log vom Hijackthis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.05.2008, 15:35
...neu hier

Themenstarter

Beiträge: 6
#5 hier der text vom notepad:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 02.05.2008 15:32:55 for strings:
; 'uti1njq2'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2\0000]
"Service"="uti1njq2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2\0000\Control]
"ActiveService"="uti1njq2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2\0000]
"Service"="uti1njq2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2\0000\Control]
"ActiveService"="uti1njq2"

; End Of The Log...


und hier nochmal der log von hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:34:15, on 02.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HP\QuickPlay\QPService.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programme\Comodo\Firewall\CPF.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\HiJackThis\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Geburtstagskalender] "C:\Dokumente und Einstellungen\Maggy\Desktop\GebTag.exe" /check
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202927556265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202927656062
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD83F4D-36E5-44F0-97CB-8B0E219A8B83}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\Comodo\Firewall\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Seitenanfang Seitenende
02.05.2008, 15:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 ««

Virustotal http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\Drivers\uti1njq2.sys


Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren ->hier kopieren

-------
««
fixe noch mal mit hijacktHis

Zitat

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15
+ PC neustarten

poste ein neues log von hijackThus
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.05.2008, 15:39
...neu hier

Themenstarter

Beiträge: 6
#7 hab gerade gesehen, dass diese zeile noch vorkam...

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.15

die habe ich jetzt mit hilfe des hijackthis noch gelöscht... so wie du es mir oben gezeigt hast. ich hoffe, das war richtig so...

glg
Seitenanfang Seitenende
02.05.2008, 15:40
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 da haben sich wohl unsere Antworten überschnitten ;)
prüfe die sys und poste den report

--
+
ein neues Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.05.2008, 15:42
...neu hier

Themenstarter

Beiträge: 6
#9 ich habe es zweimal probiert... und es kam immer diese meldung:

0 bytes size received / Se ha recibido un archivo vacio

neuer hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 15:46:39, on 02.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HP\QuickPlay\QPService.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programme\Comodo\Firewall\CPF.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\itunes\iTunesHelper.exe
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\HiJackThis\hijackthis_199\HijackThis.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Geburtstagskalender] "C:\Dokumente und Einstellungen\Maggy\Desktop\GebTag.exe" /check
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202927556265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202927656062
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD83F4D-36E5-44F0-97CB-8B0E219A8B83}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\Comodo\Firewall\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Dieser Beitrag wurde am 02.05.2008 um 15:50 Uhr von maggy editiert.
Seitenanfang Seitenende
02.05.2008, 17:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 ««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern



Zitat

KILLALL::

Driver::
uti1njq2

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTI1NJQ2]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTI1NJQ2]

File::
C:\WINDOWS\system32\Drivers\uti1njq2.sys
Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

PC neustarten


dann sollte wieder alles i.o. sein
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.05.2008, 17:41
...neu hier

Themenstarter

Beiträge: 6
#11 danke!!!

alles wieder in ordnung!

lg maggy
Seitenanfang Seitenende