| |
| |||||||
Mülltonne: befürchte mein System ist verseuchtWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
28.09.2006, 11:00
| #1 |
| |  befürchte mein System ist verseucht Logfile of HijackThis v1.99.1 Scan saved at 11:57:24, on 28.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\OfficeScan NT\ntrtscan.exe c:\WINDOWS\system32\o2flash.exe C:\Program Files\OfficeScan NT\tmlisten.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\TEMP\KQ2D3E.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\OfficeScan NT\pccntmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SkyTel.EXE C:\Program Files\Siemens\Card API\bin\siecacst.exe C:\WINDOWS\RTHDCPL.EXE C:\AddOn\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\CryptoEx\Common\CexTray.exe C:\Program Files\CryptoEx\Common\EASServer.exe C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\CryptoEx\Volume\CexVolumeWatcher.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UltraEdit-32\uedit32.exe C:\Program Files\OfficeScan NT\pccnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\VMware\VMware Workstation\vmware.exe C:\Program Files\VMware\VMware Workstation\bin\vmware-vmx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\kerckh\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://intranet.siemens.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://intranet.siemens.at R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = merlin.gud.siemens.at:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.siemens.at; *.siemens.net; *.siemens.de; *.siemenspro.at; merlin; azm; ;<local> O1 - Hosts: IWM_Server # IWM Installation O1 - Hosts: IWM_Server # IWM Installation O1 - Hosts: IWM_Server # IWM Installation O1 - Hosts: IWM_Server # IWM Installation O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL O3 - Toolbar: (no name) - {8C3887BA-3367-4297-B288-13472BD407E4} - (no file) O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PSUtility] c:\AddOn\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [CryptoExVolumeAutoMount] "C:\Program Files\CryptoEx\Volume\CexVolume.exe" /AutoMount O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AcroTray] "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=https://intranet.siemens.at O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = medpse.siemenspro.at O17 - HKLM\Software\..\Telephony: DomainName = medpse.siemenspro.at O17 - HKLM\System\CCS\Services\Tcpip\..\{5C788447-2CE7-42A9-B506-3E84B45EAC2D}: NameServer = 134.100.103.99 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A88CA42-8F07-4202-BDDD-7F58F14D7C10}: NameServer = 158.226.203.204,158.226.203.201,158.226.220.27,158.226.134.184 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = medpse.siemenspro.at O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = medpse.siemenspro.at,gud.siemens.at,ww300.siemens.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = medpse.siemenspro.at,gud.siemens.at,ww300.siemens.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O20 - Winlogon Notify: PSUTY - C:\WINDOWS\SYSTEM32\PSUWNP.dll O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: COM+ Component (COM+) - Unknown owner - C:\WINDOWS\system32\tree.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DirectPlay Communication Layer (DxDiag) - Unknown owner - C:\WINDOWS\system32\dxplay.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mateSuite cryptMate Service (mscmsvr) - Unknown owner - C:\Program Files\REINER SCT\mateSuite\mscmsvr.exe (file missing) O23 - Service: .NET Framework (MSDOTNET) - Unknown owner - C:\WINDOWS\system32\tree.exe O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing) O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - c:\WINDOWS\system32\o2flash.exe O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe O23 - Service: Siemens OPENLink 23.2-18 (Siemens_OPENLink_23.2-0) - Siemens Medical Solutions Health Services Corporation - C:\Program Files\Siemens\Siemens OPENLink\2320\BIN\OPEv230.exe O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing) O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe O23 - Service: UDMA Driver (udmadrv) - Unknown owner - C:\WINDOWS\system32\udma.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe (file missing) |
|
28.09.2006, 12:04
| #2 | |||||
 | befürchte mein System ist verseucht Hi,
__________________Bitte mal die bei Virustotal oder Jotti scannen lassen. Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Inzwischen kannst du ja mal erzählen, was an deinem PC so verseuchend angezeigt wird. Edit: Ach und lese bitte die NUB (siehe Sig) damit eine bessere Hilfe möglich ist. Edit2: Sonst kommt von den Experten nämlich nix. mfg Cleriker |
|
28.09.2006, 15:45
| #3 | |
| Administrator > Competence Manager  | befürchte mein System ist verseuchtZitat:
@Cleriker & Kitemaniac Es handelt sich hierbei um ein Produktivsystem, für gewerblich genutzte Rechner gibt es hier im Board keinen Support. @Kitemaniac, wende dich an einen Service Dienst deiner Wahl oder aber informiere den zuständigen Administrator welcher dein System verwaltet! EOD Gruß Sunny
__________________ |
| Themen zu befürchte mein System ist verseucht |
| adobe, application, bho, desktop, dll, excel, explorer, firefox, ftp, hijack, hijackthis, hotkey, internet, internet explorer, logfile, microsoft, monitor, mozilla, mozilla firefox, netgear, officescan, rundll, software, symantec, system, temp, trend micro, windows, windows xp |
Linear-Darstellung
