hijackthis wo wir uns nicht sicher sind, was meint ihr ? |
||
---|---|---|
#0
| ||
06.06.2008, 09:16
Member
Beiträge: 36 |
||
|
||
06.06.2008, 10:38
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo,
1. http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move Zitat C:\WINDOWS\eksplorasi.exeKlicke auf den Roten MoveIt! 2. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. + starte den Rechner neu. Zitat F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"PC neustarten 3. starte in den abgesicherten Modus, scanne mit sdfix, dann wieder im Normalmodus, poste den repeort http://virus-protect.org/artikel/tools/sdfix.html 4. scanne mit http://virus-protect.org/findqoologic.html poste dann den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2008, 11:15
Member
Themenstarter Beiträge: 36 |
#3
ok haben die sachen die du uns geschrieben hast erfolgreich gemacht, hier sind die logs von dem dritten und vierten schritt:
SDFix: Version 1.188 Run by Administrator on 06.06.2008 at 10:58 Microsoft Windows XP [Version 5.1.2600] Running From: C:\RETTET~1\sdfix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 11:04:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler " "C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programme\\devolo\\informer\\devinf.exe"="C:\\Programme\\devolo\\informer\\devinf.exe:*:Enabled:devolo Informer" "C:\\Programme\\devolo\\easyshare\\easyshare.exe"="C:\\Programme\\devolo\\easyshare\\easyshare.exe:*:Enabled:devolo EasyShare" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Dokumente und Einstellungen\\andrej\\Lokale Einstellungen\\Temp\\usmt\\migwiz.exe"="C:\\Dokumente und Einstellungen\\andrej\\Lokale Einstellungen\\Temp\\usmt\\migwiz.exe:*:Enabled:Assistent zum šbertragen von Dateien und Einstellungen" "C:\\Programme\\Alice\\Signup\\AliceCnn.exe"="C:\\Programme\\Alice\\Signup\\AliceCnn.exe:*:Enabled:AliceCnn" "C:\\Programme\\devolo\\dlan\\dlanconf\\dlanconf.exe"="C:\\Programme\\devolo\\dlan\\dlanconf\\dlanconf.exe:*:Enabled:dLAN-Konfigurationsassistent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : Files with Hidden Attributes : Fri 16 May 2008 6,104,632 A..H. --- "C:\Programme\Picasa2\setup.exe" Tue 31 Oct 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys" Wed 4 Jun 2008 457 ..SH. --- "C:\WINDOWS\system32\boothide.reg" Wed 4 Jun 2008 172 ..SH. --- "C:\WINDOWS\system32\bootrun.reg" Wed 29 Nov 2006 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak" Sun 5 Aug 2007 36,864 ...H. --- "C:\Dokumente und Einstellungen\andrej\Anwendungsdaten\Microsoft\Vorlagen\~WRL2334.tmp" Wed 29 Nov 2006 4,348 A..H. --- "C:\Dokumente und Einstellungen\andrej\Eigene Dateien\Eigene Musik\Lizenzsicherung\drmv1key.bak" Wed 29 Nov 2006 20 A..H. --- "C:\Dokumente und Einstellungen\andrej\Eigene Dateien\Eigene Musik\Lizenzsicherung\drmv1lic.bak" Tue 28 Nov 2006 312 A.SH. --- "C:\Dokumente und Einstellungen\andrej\Eigene Dateien\Eigene Musik\Lizenzsicherung\drmv2key.bak" Finished! ------------------------ Find Qoologic last edited 8/30/2005 PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. some examples are MRT.EXE NTDLL.DLL. »»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» If this string search find's both and an exe and dat it's bad. »»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» * aspack C:\WINDOWS\System32\MRT.EXE * aspack C:\WINDOWS\System32\NTDLL.DLL »»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»» (fstarts by IMM - test ver. 0.001) NOT using address check -- 0x7c91df5e Global Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart . .. desktop.ini User Startup: C:\Dokumente und Einstellungen\andrej\Startmenü\Programme\Autostart . .. desktop.ini »»»»» Search by size and name... »»»»» Files found by this method are not necessarily bad... »»»»» Example PNGFILT.DLL ctl3d32.dll are windows files... |
|
|
||
06.06.2008, 11:43
Ehrenmitglied
Beiträge: 29434 |
#4
«
entferne mit cleaner alle temporären dateien http://www.ccleaner.de/?protecus.de « wende combofix an, klicke die warnmeldung weg+ poste den report http://virus-protect.org/artikel/tools/combofix.html « poste ein neues log von HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2008, 11:58
Member
Themenstarter Beiträge: 36 |
#5
habe ich gemacht hier der log:
ComboFix 08-06-05.3 - andrej 2008-06-06 11:47:26.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.147 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\andrej\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000003_.tmp.dll C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000011_.tmp.dll C:\WINDOWS\system32\_000012_.tmp.dll C:\WINDOWS\system32\_000013_.tmp.dll C:\WINDOWS\system32\_000019_.tmp.dll E:\Autorun.inf . ((((((((((((((((((((((( Dateien erstellt von 2008-05-06 bis 2008-06-06 )))))))))))))))))))))))))))))) . 2008-06-06 10:56 . 2008-06-06 10:56 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-06 10:50 . 2006-11-01 06:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen 2008-06-06 10:50 . 2006-11-01 06:56 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen 2008-06-06 10:50 . 2006-11-01 06:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung 2008-06-06 10:50 . 2006-11-01 06:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen 2008-06-06 10:50 . 2006-11-01 06:56 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Favoriten 2008-06-06 10:50 . 2006-11-01 06:56 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien 2008-06-06 10:50 . 2006-11-01 06:56 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung 2008-06-06 10:50 . 2006-11-01 06:56 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView 2008-06-06 10:50 . 2007-09-08 07:27 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten 2008-06-06 10:50 . 2008-06-06 10:50 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator 2008-06-06 10:42 . 2008-06-06 10:42 <DIR> d-------- C:\_OTMoveIt 2008-06-06 09:20 . 2008-06-06 09:20 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-06-06 09:19 . 2008-06-06 09:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-06-06 09:01 . 2008-06-06 11:09 <DIR> d-------- C:\rettet den pc 2008-06-04 14:33 . 2008-06-04 14:33 <DIR> d-------- C:\Programme\Avira 2008-06-04 14:33 . 2008-06-04 14:33 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-06-04 07:49 . 2008-06-04 16:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-04 07:49 . 2008-06-04 07:49 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-04 07:49 . 2008-06-04 07:49 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-06-04 07:41 . 2008-06-04 07:41 <DIR> d-------- C:\Programme\AVG 2008-06-04 07:15 . 2008-06-04 07:15 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-06-04 07:13 . 2008-06-04 16:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg8 2008-05-27 22:20 . 2008-06-03 16:17 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-09 13:41 . 2008-06-04 14:37 457 ---hs---- C:\WINDOWS\system32\boothide.reg 2008-05-09 13:41 . 2008-06-04 14:39 172 ---hs---- C:\WINDOWS\system32\bootrun.reg 2008-05-09 13:41 . 2008-05-26 23:21 5 --a------ C:\WINDOWS\system32\scvhost.ini 2008-05-08 14:52 . 2008-05-08 14:53 <DIR> d-------- C:\xampplite . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 05:27 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-06-03 14:17 --------- d-----w C:\Programme\Google 2008-06-03 14:01 --------- d-----w C:\Programme\Sonic 2008-06-03 13:59 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2008-06-03 13:46 --------- d-----w C:\Programme\Gemeinsame Dateien\Real 2008-06-03 13:45 --------- d-----w C:\Programme\Kaspersky Lab 2008-06-03 13:43 --------- d-----w C:\Programme\ICQToolbar 2008-06-03 13:41 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-06-03 13:39 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-06-03 13:22 --------- d-----w C:\Dokumente und Einstellungen\andrej\Anwendungsdaten\Skype 2008-05-16 16:42 --------- d-----w C:\Programme\Picasa2 2008-05-09 19:57 --------- d-----w C:\Programme\Macromedia 2008-05-09 19:57 --------- d-----w C:\Programme\Gemeinsame Dateien\Macromedia 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2006-12-25 14:18 23,336 ----a-w C:\Dokumente und Einstellungen\andrej\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2005-11-04 09:25 40,960 ----a-w C:\Programme\Uninstall_CDS.exe 2006-10-31 21:58 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208] "PowerBar"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975] "PTHOSTTR"="C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 11:56 122880] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784] "QlbCtrl"="C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 15:39 131072] "Cpqset"="C:\Programme\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 15:51 1187840] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-01-23 16:11 802816] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 15:43 892928] "NWEReboot"="" [] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 20:04 761945] "emMON"="emMON.exe" [2006-05-30 21:24 61440 C:\WINDOWS\emMON.exe] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 20:41 40960 C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-16 23:11 49152 C:\Programme\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2006-02-14 10:49 454656 C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-12-08 17:35 32768 C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2007-05-11 13:20 23395880 C:\Programme\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2005-05-20 10:11 925696 C:\Programme\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] --a------ 2005-11-08 12:59 184320 C:\Programme\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "C:\\Programme\\ICQLite\\ICQLite.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\devolo\\informer\\devinf.exe"= "C:\\Programme\\devolo\\easyshare\\easyshare.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= "C:\\Programme\\Alice\\Signup\\AliceCnn.exe"= "C:\\Programme\\devolo\\dlan\\dlanconf\\dlanconf.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-04 07:49] R2 ASChannel;Lokaler Verbindungskanal;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00] R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:34] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-04 07:49] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-04 07:49] R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\plcndis5.sys [2004-05-17 11:21] S3 CPen20;C-Pen 20;C:\WINDOWS\system32\Drivers\CPen20.sys [2005-02-16 09:53] S3 PDNMp50;PDNMp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNMp50.sys [2006-11-28 22:46] S3 PDNSp50;PDNSp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\PDNSp50.sys [2006-11-28 22:46] S3 pendfu;PenDfu (pendfu.sys);C:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 16:27] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS [] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54] S3 StMp3Rec;Treiber für Player-Wiederherstellungsgerät;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-02-15 14:14] S3 USB28xxBGA;USB 2861 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 21:21] S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-21 23:38] S3 w32n5223;w32n5223 Protocol Driver;C:\PROGRA~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{829750ea-d575-11db-a1f3-001641bbf560}] \shell\verb1\command - desktop.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{831c61d5-f134-11dc-a23d-0014a5f812e7}] \shell\verb1\command - F:\desktop.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e1cecb2-151e-11dd-a245-0014a5f812e7}] \shell\verb1\command - F:\desktop.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ceffd5-a26b-11db-a1d3-001641bbf560}] \shell\verb1\command - desktop.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0ef39da-dadf-11db-a1f4-001641bbf560}] \Shell\AutoRun\command - setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aabc360e-c972-11dc-a237-0014a5f812e7}] \shell\verb1\command - desktop.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6d4f171-6a8b-11db-a190-0014a5f812e7}] \Shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7ab848b-b3b8-11dc-a234-0014a5f812e7}] \shell\verb1\command - F:\desktop.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 11:52:45 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programme\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@?????PV??????(?@???????@ Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\dllhost.exe C:\Programme\HPQ\IAM\Bin\asghost.exe C:\rettet den pc\adaware\aawservice.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-06-06 11:56:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-06 09:56:30 13 Verzeichnis(se), 4,789,915,648 Bytes frei 19 Verzeichnis(se), 5,195,268,096 Bytes frei 219 --- E O F --- 2007-11-16 05:44:58 |
|
|
||
06.06.2008, 12:04
Ehrenmitglied
Beiträge: 29434 |
#6
««
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) PowerBar in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2008, 12:25
Member
Themenstarter Beiträge: 36 |
#7
REGEDIT4
; RegSrch.vbs © Bill James ; Registry search results for string "PowerBar" 06.06.2008 12:24:18 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\CyberLink\PowerBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerBar] @="C:\\Programme\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe" [HKEY_USERS\S-1-5-21-2987824900-1548203871-2700188097-1006\Software\CyberLink\PowerBar] [HKEY_USERS\S-1-5-21-2987824900-1548203871-2700188097-1006\Software\Microsoft\Windows\CurrentVersion\Run] "PowerBar"="" |
|
|
||
06.06.2008, 12:46
Ehrenmitglied
Beiträge: 29434 |
#8
««
wende sdfix im Normalmodus an RunThis.bat doppelt klicken reinschreiben: 3 3 : wird Sophos geladen bei Option 6 - erfolgt ein Fullscan + löschen der infizierten Dateien "SophosReport.txt" (im SDFix-Ordner) - abkopieren und in den Beitrag, -------- »» poste auch ein neues Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2008, 13:44
Member
Themenstarter Beiträge: 36 |
#9
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:16, on 06.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\HPQ\IAM\bin\asghost.exe C:\rettet den pc\adaware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\emMON.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Programme\Alice\Signup\AliceCnn.exe C:\Programme\Mozilla Firefox\firefox.exe C:\rettet den pc\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [emMON] emMON.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{230369AF-B8B8-4829-99E7-122F872530B1}: NameServer = 213.191.74.11 213.191.92.82 O17 - HKLM\System\CS1\Services\Tcpip\..\{230369AF-B8B8-4829-99E7-122F872530B1}: NameServer = 213.191.74.11 213.191.92.82 O17 - HKLM\System\CS2\Services\Tcpip\..\{230369AF-B8B8-4829-99E7-122F872530B1}: NameServer = 213.191.74.11 213.191.92.82 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: OneCard - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\rettet den pc\adaware\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe -- End of file - 8220 byte war es das ? ganz liebe grüße dennis und schon mal ein riesen dank von uns allen hier |
|
|
||
06.06.2008, 14:20
Ehrenmitglied
Beiträge: 29434 |
#10
««
"SophosReport.txt" (im SDFix-Ordner) - abkopieren , und hier posten, bitte := __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2008, 14:24
Member
Themenstarter Beiträge: 36 |
#11
Sophos Anti-Virus
Version 4.30.0 [Win32/Intel] Virus data version 4.30E, June 2008 Includes detection for 424142 viruses, trojans and worms Copyright (c) 1989-2008 Sophos Plc, www.sophos.com System time 13:08:58, System date 06 June 2008 Command line qualifiers are: -f -remove -nc -nb -dn --stop-scan -idedir=C:\rettet den pc\sdfix\SDFix\IDE -p=C:\rettet den pc\sdfix\SDFix\SophosReport.txt Could not open C:\hiberfil.sys 2 boot sectors swept. 37776 files swept in 33 minutes and 35 seconds. 1 error was encountered. No viruses were discovered. Ending Sophos Anti-Virus. « |
|
|
||
06.06.2008, 14:30
Ehrenmitglied
Beiträge: 29434 |
#12
OTMoveIt
1. klicken: CleanUp! button 2. cleanup.txt wird vom Internet geladen (von Firewall zulassen!) 3. Begin cleanup process? klicke: Yes. - "Do you want to reboot?" klicke Yes ------------------------- Virustotal http://www.virustotal.com/flash/index_en.html F:\desktop.exe Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
ich bin gerade bei einem freund der super weit von mir wegsucht und wir haben uns den rechner von seiner schwester angeschaut, darauf haben wir ein paar verdächtige sachen gefunden. Wir haben dann versucht alle rechner zu reinigen. Hier ist ein hijackthis log, von seinem rechner, wir haben schon adaware drüberlaufen lassen und es hat nichts so schlimmes gefunden, 78 warnungen. Aber wir vermuten bei ein zwei einträgen das da was nicht stimmt.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:28, on 06.06.2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\SYSINFO\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programme\Lexmark X6100 Series\lxbfbmon.exe
C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\System32\wltrysvc.exe
c:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
E:\rettet den pc\hjackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice-dsl.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\SYSINFO\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Programme\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Programme\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: WLTRYSVC - Unknown owner - c:\WINDOWS\System32\wltrysvc.exe
--
End of file - 6677 bytes
was sagt ihr dazu?
Der rechner von der schwester ist glaube ich noch was schlimmer, ich poste den log davon gleich noch, lasse aber zuerst ein paar Standard sachen durchlaufen, vielleicht klappt es ja
hoffe ihr habt die gedult und die lust mir zu helfen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:08, on 06.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\emMON.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\rettet den pc\adaware\aawservice.exe
C:\rettet den pc\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2> <a href="http://search.yahoo.com/search/options?p=">advanced search</a> <a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1> </td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: < script language="JavaScript" type="text/javascript" src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr" >
O1 - Hosts: </script >
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O1 - Hosts: <p><center><hr noshade size=1 width="675"><table border=0 cellpadding=0 cellspacing=0><tr><td align=center valign=bottom width="100%"><font size="-2" face=arial>Copyright © 2003 <a href="http://www.yahoo.com" target="_top">Yahoo! Inc.</a> All rights reserved.<br><b>NOTICE: We collect personal information on this site. To learn more about how we use your information, see our <a href="http://privacy.yahoo.com/privacy/us/" target="_top">Yahoo Privacy Policy</a></b></font></td></tr></table></center>
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: OneCard - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\rettet den pc\adaware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
--
End of file - 15748 bytes
wenn ich hijackthis starte, kommt eine fehler meldung, ich habe sie mal abgeschrieben:
you have an particularly large amount of hijackthis domains. it´s probably better to delete the file itself then to fix each item (and create a backup..)
if you see the same ip address in all the reported 01 items, consider deleting your hosts file, which is located at
C:\WINDOWS\SYSTEM32\drivers\etc\hosts.
ganz liebe grüße Syriel
ps. wollte einmal danke sagen, für das was ihr hier macht, ihr könnt einem wirklich immer helfen wenn man nicht mehr weiter weiss . Das ist echt lobens wert .
bis bald