|
Plagegeister aller Art und deren Bekämpfung: SPR/WildTangent.B.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.08.2006, 17:31 | #1 |
| SPR/WildTangent.B.1 Hallo, als ich heute meinen Virencheck (von Antivir) laufen gelassen hab, kommt die meldung, das Antivir nen Virus entdeckt hat ... die Datei heißt: npwthost.dll! sie wurde entdeckt unter folgendem Link: C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll wenn ich dann die Eigenschaften von der "Datei" aufrufe, steht da: Betriebssystem: Windows NT/200/XP Workstation Suchengine: 7.01.01.02 Virendefinitionsdatei: 6.35.01.84 Meldung: Enthält Signatur des SPR/WildTangent.B.1-Programmes so... ich weiß nich ob die Datei gefährlich ist, geschweige denn, was ich tun soll. Bitte um antwort!!! |
14.08.2006, 17:37 | #2 |
| SPR/WildTangent.B.1 mOIn Tyria Thor,
__________________lasse Datei hier Virustotal oder hier Jotti überprüfen (kann bisschen dauern), poste die Ergebnisse mit der Angabe der größe der hochgeladenen Datei, auch wenn nichts gefunden wurde. MFG |
14.08.2006, 19:04 | #3 |
| SPR/WildTangent.B.1 also.. ich hab die datei jetzt in Quarantäne.. soll ich die da wirklich wieder rausholen?!
__________________ |
14.08.2006, 19:30 | #4 |
| SPR/WildTangent.B.1 mOIn nochma ich meine du kannst sie aus der Quarantäne direkt hochladen ohne sie darausholen zu müssen. MFG |
14.08.2006, 22:10 | #5 |
| SPR/WildTangent.B.1 Kurz einmisch: Hier etwas zu Wildtangens . @Tyria Thor, deinstalliere über Systemsteuerung/Software --> Wildtangens oder ähnlich lautende Sioftware sowie weitere Dir unbekannte Programme. Downloade Dir clearprog 1.4.1 final. Adaware Spybot S&D Adaware und Spybot installieren und updaten. Starte Clearprog --> Häkchen bei alles Löschen und auf Löschen klicken. Scanne danach nacheinander Dein System mit Adaware und Spybot. Poste ansch. ein Hijackthis-Logfile. dartus
__________________ Kein Support per PN |
15.08.2006, 08:07 | #6 |
| SPR/WildTangent.B.1 hi! hab jetz mit adaware gescannt, das kam dabei heraus: der hat 22 objekte gefunden, die zur MRU-Listr gehören.. übrigens, beim scannen mit adaware kam von Antivir wieder ne Meldung: dieses mal steht bei Meldung: SPR/WildTangent.B.1! Bei der Datei davor, stand: enthält SIGNATUR des SPR/WildTangent.B.1... um nochmal auf adaware zurrückzukommen soll ich die in Quarantäne verschieben? mfg... |
15.08.2006, 11:23 | #7 |
| SPR/WildTangent.B.1 das hier war logfile bei adaware: Ad-Aware SE Build 1.06r1 Logfile Created onienstag, 15. August 2006 08:44:48 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R118 07.08.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):22 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 15.08.2006 08:44:48 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\NICK\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\automap\9.0\findmru Description : list of recently used find queries used in microsoft automap-based products MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\office\10.0\word\recent templates Description : list of recent templates used by microsoft word MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 296 ThreadCreationTime : 15.08.2006 06:17:37 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 344 ThreadCreationTime : 15.08.2006 06:17:41 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 368 ThreadCreationTime : 15.08.2006 06:17:42 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 412 ThreadCreationTime : 15.08.2006 06:17:43 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 424 ThreadCreationTime : 15.08.2006 06:17:43 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 580 ThreadCreationTime : 15.08.2006 06:17:43 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 636 ThreadCreationTime : 15.08.2006 06:17:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 672 ThreadCreationTime : 15.08.2006 06:17:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 728 ThreadCreationTime : 15.08.2006 06:17:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 744 ThreadCreationTime : 15.08.2006 06:17:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 836 ThreadCreationTime : 15.08.2006 06:17:44 BasePriority : Normal FileVersion : 2.1.10.2 ProductVersion : 2.1.10.2 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 852 ThreadCreationTime : 15.08.2006 06:17:44 BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:13 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 888 ThreadCreationTime : 15.08.2006 06:17:44 BasePriority : Normal FileVersion : 2.1.10.2 ProductVersion : 2.1.10.2 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:14 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1064 ThreadCreationTime : 15.08.2006 06:17:45 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:15 [sched.exe] FilePath : C:\Programme\AntiVir PersonalEdition Classic\ ProcessID : 1248 ThreadCreationTime : 15.08.2006 06:18:52 BasePriority : Normal #:16 [avguard.exe] FilePath : C:\Programme\AntiVir PersonalEdition Classic\ ProcessID : 1260 ThreadCreationTime : 15.08.2006 06:18:52 BasePriority : Normal #:17 [ccproxy.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1284 ThreadCreationTime : 15.08.2006 06:18:52 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:18 [mdm.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\ ProcessID : 1364 ThreadCreationTime : 15.08.2006 06:18:53 BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:19 [nprotect.exe] FilePath : C:\Programme\Norton Internet Security Professional\Norton AntiVirus\AdvTools\ ProcessID : 1400 ThreadCreationTime : 15.08.2006 06:18:53 BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright (C) 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:20 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1560 ThreadCreationTime : 15.08.2006 06:18:56 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:21 [symlcsvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\ ProcessID : 1608 ThreadCreationTime : 15.08.2006 06:18:56 BasePriority : Normal FileVersion : 1, 8, 48, 77 ProductVersion : 1, 8, 48, 77 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright (C) 2003 OriginalFilename : symlcsvc.exe #:22 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1640 ThreadCreationTime : 15.08.2006 06:18:56 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:23 [symwsc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\ ProcessID : 1704 ThreadCreationTime : 15.08.2006 06:18:56 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe |
15.08.2006, 11:23 | #8 |
| SPR/WildTangent.B.1 #:24 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1960 ThreadCreationTime : 15.08.2006 06:18:58 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:25 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2580 ThreadCreationTime : 15.08.2006 06:21:03 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:26 [atiptaxx.exe] FilePath : C:\Programme\ATI Technologies\ATI Control Panel\ ProcessID : 2672 ThreadCreationTime : 15.08.2006 06:21:18 BasePriority : Normal FileVersion : 6.14.10.5102 ProductVersion : 6.14.10.5102 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright (C) 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:27 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 2680 ThreadCreationTime : 15.08.2006 06:21:18 BasePriority : Normal FileVersion : 5.0.12 ProductVersion : 5.0.12 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001-2002 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager #:28 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 2728 ThreadCreationTime : 15.08.2006 06:21:18 BasePriority : Normal FileVersion : 2.1.10.2 ProductVersion : 2.1.10.2 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:29 [jusched.exe] FilePath : C:\Programme\Java\jre1.5.0_06\bin\ ProcessID : 2780 ThreadCreationTime : 15.08.2006 06:21:19 BasePriority : Normal #:30 [avgnt.exe] FilePath : C:\Programme\AntiVir PersonalEdition Classic\ ProcessID : 2796 ThreadCreationTime : 15.08.2006 06:21:19 BasePriority : Normal #:31 [point32.exe] FilePath : C:\Programme\Microsoft Hardware\Mouse\ ProcessID : 2812 ThreadCreationTime : 15.08.2006 06:21:19 BasePriority : Normal #:32 [lgdcore.exe] FilePath : D:\Programme\Logitech G15\ ProcessID : 2904 ThreadCreationTime : 15.08.2006 06:21:21 BasePriority : Normal FileVersion : 1.01.112 ProductVersion : 1.01.112 ProductName : G-series Software CompanyName : Logitech Inc. FileDescription : Logitech G-series Profiler InternalName : LGDCore LegalCopyright : © 2004-2005 Logitech. All rights reserved. LegalTrademarks : Logitech, the Logitech logo, and other Logitech marks are owned by Logitech and may be registered. All other trademarks are the property of their respective owners. OriginalFilename : LGDCore.exe Comments : Created by Interactive Entertainment. #:33 [arcor.exe] FilePath : C:\Programme\ArcorOnline\ ProcessID : 2932 ThreadCreationTime : 15.08.2006 06:21:22 BasePriority : Normal FileVersion : 5.00.0004 ProductVersion : 5.00.0004 ProductName : Arcor-Online Butler Version 5.004 CompanyName : Arcor AG & Co. KG FileDescription : Arcor-Online Butler Version 5.004 InternalName : Arcor LegalCopyright : © 2005 Arcor AG & Co. KG LegalTrademarks : Arcor AG & Co. KG OriginalFilename : Arcor.exe Comments : Ihr Arcor-Online Butler 5.004 für Modem, ISDN, DSL und LAN. #:34 [lcdmon.exe] FilePath : D:\Programme\Logitech G15\ ProcessID : 2940 ThreadCreationTime : 15.08.2006 06:21:22 BasePriority : Normal FileVersion : 1.01.112 ProductVersion : 1.01.112 ProductName : G-series Software CompanyName : Logitech Inc. FileDescription : Logitech G-series LCD Monitor InternalName : LCDMon LegalCopyright : © 2004-2005 Logitech. All rights reserved. LegalTrademarks : Logitech, the Logitech logo, and other Logitech marks are owned by Logitech and may be registered. All other trademarks are the property of their respective owners. OriginalFilename : LCDMon.exe Comments : Created by Interactive Entertainment. #:35 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2976 ThreadCreationTime : 15.08.2006 06:21:23 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:36 [lcdmedia.exe] FilePath : D:\Programme\Logitech G15\Applets\ ProcessID : 3072 ThreadCreationTime : 15.08.2006 06:21:24 BasePriority : Normal FileVersion : 1.01.112 ProductVersion : 1.01.112 ProductName : G-series Software CompanyName : Logitech Inc. FileDescription : Logitech G-series Media Display InternalName : LCDMedia LegalCopyright : © 2004-2005 Logitech. All rights reserved. LegalTrademarks : Logitech, the Logitech logo, and other Logitech marks are owned by Logitech and may be registered. All other trademarks are the property of their respective owners. OriginalFilename : LCDMedia.exe Comments : Created by Interactive Entertainment. #:37 [lcdclock.exe] FilePath : D:\Programme\Logitech G15\Applets\ ProcessID : 3088 ThreadCreationTime : 15.08.2006 06:21:24 BasePriority : Normal FileVersion : 1.01.112 ProductVersion : 1.01.112 ProductName : G-series Software CompanyName : Logitech Inc. FileDescription : Logitech G-series LCD Clock InternalName : LCDClock LegalCopyright : © 2004-2005 Logitech. All rights reserved. LegalTrademarks : Logitech, the Logitech logo, and other Logitech marks are owned by Logitech and may be registered. All other trademarks are the property of their respective owners. OriginalFilename : LCDClock.exe Comments : Created by Interactive Entertainment. #:38 [firefox.exe] FilePath : C:\Programme\Firefox\ ProcessID : 3528 ThreadCreationTime : 15.08.2006 06:21:37 BasePriority : Normal #:39 [teatimer.exe] FilePath : D:\Programme\Virenbekämpfung\Spybot - Search & Destroy\ ProcessID : 3020 ThreadCreationTime : 15.08.2006 06:38:17 BasePriority : Idle FileVersion : 1, 4, 0, 2 ProductVersion : 1, 4, 0, 3 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. #:40 [ad-aware.exe] FilePath : D:\Programme\Virenbekämpfung\Ad-Aware SE Personal\ ProcessID : 3632 ThreadCreationTime : 15.08.2006 06:42:36 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 22 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 22 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 22 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 22 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 22 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 22 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 22 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 22 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 22 09:01:16 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:16:27.922 Objects scanned:187091 Objects identified:0 Objects ignored:0 New critical objects:0 |
18.08.2006, 12:45 | #9 |
| SPR/WildTangent.B.1 das da oben war glaub ich net so hilfreich hier mal Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 13:42:56, on 18.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Microsoft Hardware\Mouse\point32.exe D:\Programme\Logitech G15\LGDCore.exe D:\Programme\Logitech G15\LCDMon.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Logitech G15\Applets\LCDMedia.exe D:\Programme\Logitech G15\Applets\LCDClock.exe D:\Programme\Virenbekämpfung\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\ArcorOnline\Arcor.exe C:\Programme\Firefox\firefox.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe D:\Downloads\Virenbekämpfung\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [HTpatch] REM C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Dit] REM Dit.exe O4 - HKLM\..\Run: [VOBRegCheck] REM C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [Microsoft Works Update Detection] REM C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Arcor Online] REM O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security Professional\UrlLstCk.exe O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ICQ Lite] REM D:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] REM "C:\Programme\nike\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] REM "C:\Programme\Spiele\i tunes\iTunesHelper.exe" O4 - HKLM\..\Run: [POINTER] C:\Programme\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [Launch LGDCore] "D:\Programme\Logitech G15\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "D:\Programme\Logitech G15\LCDMon.exe" O4 - HKCU\..\Run: [Start WingMan Profiler] REM O4 - HKCU\..\Run: [tunebite.exe] REM C:\Programme\Spiele\tunebite\tunebite.exe O4 - HKCU\..\Run: [windows media player zubehör] REM C:\WINDOWS\system32\wdfmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Virenbekämpfung\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: CAPIControl.lnk = ? O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU) O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1155BEB9-BE73-4757-9CC1-20170BC0A96A}: NameServer = 195.50.140.114 195.50.140.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{1155BEB9-BE73-4757-9CC1-20170BC0A96A}: NameServer = 195.50.140.114 195.50.140.252 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
20.08.2006, 09:57 | #10 | |
Administrator > Competence Manager | SPR/WildTangent.B.1 Hallo, lass mal bitte folgende Datei bei Virustotal auswerten: Zitat:
Gruß Sunny
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
20.08.2006, 11:27 | #11 |
entlassen | SPR/WildTangent.B.1 wdfmgr.exe = bestandteil des windows media player 10 und höher GUA |
20.08.2006, 11:42 | #12 | |
Administrator > Competence Manager | SPR/WildTangent.B.1Zitat:
Vertrauen ist gut, Kontrolle ist besser
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Stulti est se ipsum sapientem putare. |
20.08.2006, 15:06 | #13 | |
entlassen | SPR/WildTangent.B.1Zitat:
GUA |
20.08.2006, 16:39 | #14 |
| SPR/WildTangent.B.1 Complete scanning result of "wdfmgr.exe", received in VirusTotal at 08.20.2006, 15:49:52 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.20.2006 no virus found Authentium 4.93.8 08.19.2006 no virus found Avast 4.7.844.0 08.18.2006 no virus found AVG 386 08.18.2006 no virus found BitDefender 7.2 08.20.2006 no virus found CAT-QuickHeal 8.00 08.18.2006 no virus found ClamAV devel-20060426 08.20.2006 no virus found DrWeb 4.33 08.20.2006 no virus found eTrust-InoculateIT 23.72.102 08.20.2006 no virus found eTrust-Vet 30.3.3026 08.18.2006 no virus found Ewido 4.0 08.19.2006 no virus found Fortinet 2.77.0.0 08.20.2006 no virus found F-Prot 3.16f 08.18.2006 no virus found F-Prot4 4.2.1.29 08.19.2006 no virus found Ikarus 0.2.65.0 08.18.2006 no virus found Kaspersky 4.0.2.24 08.20.2006 no virus found McAfee 4832 08.18.2006 no virus found Microsoft 1.1560 08.17.2006 no virus found NOD32v2 1.1716 08.20.2006 no virus found Norman 5.90.23 08.18.2006 no virus found Panda 9.0.0.4 08.20.2006 no virus found Sophos 4.08.0 08.19.2006 no virus found Symantec 8.0 08.20.2006 no virus found TheHacker 5.9.8.195 08.18.2006 no virus found UNA 1.83 08.18.2006 no virus found VBA32 3.11.0 08.20.2006 no virus found VirusBuster 4.3.7:9 08.19.2006 no virus found Aditional Information File size: 38912 bytes MD5: 49501c6be752d5043ada8667ac774f7a SHA1: ebeb5be8b8ddf2e47fbced67c4ab8f4d721c611c |
25.08.2006, 10:53 | #15 |
| SPR/WildTangent.B.1 da ich jetzt seit 5 tagen keine antwort bekam... weiß ich echt nicht was ich noch machen soll.... |
Themen zu SPR/WildTangent.B.1 |
.dll, antivir, antwort, aufrufe, c:\windows, check, datei, eigenschaften, entdeck, entdeckt, enthält, files, folge, gefährlich, gen, heulen, heute, laufen, link, meldung, signatur, updates, virus, windows, works |