Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Blick drauf setzen

Blick drauf setzen


Log-Analyse und Auswertung: Blick drauf setzen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.08.2007, 17:10   #1
BataAlexander
> MalwareDB
 
Blick drauf setzen - Standard

Blick drauf setzen


OT:
Zitat:
Dann hat Rene-gad wieder was vorgeschlagen.
:aplaus:

Unabhänig von den Virustotal Logs ist Dein HijackThis Logfile sehr unvollständig. Gab es beim ausführen Probleme?
Hier noch mal eine bebilderte Anleitung zum nachlesen.

Bata

Alt 15.08.2007, 17:36   #2
Das Perd mit dem Virus
 
Blick drauf setzen - Standard

Blick drauf setzen


So ist der aber richtig.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:20, on 15.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\McAfee\MSK\MskAgent.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Programme\SiteAdvisor\6066\SiteAdv.exe
C:\Programme\Virtual CD v8\System\VC8Play.exe
C:\WINDOWS\system32\ppfsys.exe
C:\windows\hffext\hffsrv.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\BitTorrent\bittorrent.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Virtual CD v8\System\VC8Tray.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\McAfee\MSK\MskSrver.exe
C:\Programme\McAfee\MPS\mpsevh.exe
C:\Programme\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Virtual CD v8\System\VC8SecS.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Game Cam v1.4\GameCam.exe
C:\WINDOWS\ISW\alice\signup\connctas.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Dokumente und Einstellungen\Pascal\Desktop\HiJackThis202.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.treiber.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [System: PPFSYS.EXE Don`t remove it!] ppfsys.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2346CCE-F250-4B72-9D6D-2E7D26C1BAAE}: NameServer = 213.191.74.18 213.191.92.86
O18 - Protocol: bw+0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw+0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw-0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw-0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw00 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw00s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw10 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw10s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw20 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw20s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw30 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw30s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw40 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw40s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw50 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw50s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw60 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw60s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw70 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw70s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw80 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw80s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw90 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw90s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwa0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwa0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwb0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwb0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwc0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwc0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwd0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwd0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwe0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwe0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwf0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwf0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwg0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwh0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwh0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwi0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwi0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwj0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwj0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwk0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwk0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwl0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwl0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwm0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwm0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwn0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwn0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwo0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwo0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwp0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwp0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwq0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwq0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwr0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwr0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bws0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bws0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwt0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwt0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwu0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwu0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwv0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwv0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bww0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bww0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwx0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwx0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwy0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwy0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwz0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwz0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: offline-8876480 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0034391187186331) (0034391187186331mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\003439~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programme\SiteAdvisor\6066\SAService.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe

--
End of file - 18908 bytes
__________________
Alt 15.08.2007, 17:56   #3
BataAlexander
> MalwareDB
 
Blick drauf setzen - Standard

Blick drauf setzen


Fixe diese Einträge:
Zitat:
O4 - HKLM\..\Run: [System: PPFSYS.EXE Don`t remove it!] ppfsys.exe
O18 - Protocol: bw+0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw+0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw-0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw-0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw00 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw00s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw10 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw10s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw20 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw20s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw30 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw30s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw40 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw40s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw50 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw50s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw60 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw60s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw70 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw70s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw80 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw80s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw90 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw90s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwa0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwa0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwb0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwb0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwc0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwc0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwd0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwd0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwe0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwe0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwf0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwf0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwg0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwh0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwh0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwi0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwi0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwj0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwj0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwk0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwk0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwl0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwl0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwm0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwm0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwn0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwn0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwo0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwo0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwp0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwp0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwq0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwq0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwr0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwr0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bws0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bws0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwt0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwt0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwu0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwu0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwv0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwv0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bww0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bww0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwx0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwx0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwy0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwy0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwz0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwz0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: offline-8876480 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
Lösche die Datei
C:\WINDOWS\system32\ppfsys.exe
mittels Killbox, benutze es wie angegeben.

Danach poste ein neues HJT Logfile.

Bata
__________________
Alt 15.08.2007, 18:29   #4
Das Perd mit dem Virus
 
Blick drauf setzen - Standard

Blick drauf setzen


So habe die datei mit der Killbox gelöscht.
Bitte erklär mir was du meinst mit Fixe diese Einträge wo und wie mache ich dass
bitte ganz genau erklären.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:13, on 15.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\McAfee\MSK\MskAgent.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Programme\SiteAdvisor\6066\SiteAdv.exe
C:\Programme\Virtual CD v8\System\VC8Play.exe
C:\windows\hffext\hffsrv.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\BitTorrent\bittorrent.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Virtual CD v8\System\VC8Tray.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\McAfee\MSK\MskSrver.exe
C:\Programme\SiteAdvisor\6066\SAService.exe
C:\Programme\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Virtual CD v8\System\VC8SecS.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ISW\alice\signup\connctas.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Dokumente und Einstellungen\Pascal\Desktop\HiJackThis202.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Treiber.de: Aktuelle Treiber für alle Systeme
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/...an_unicode.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2346CCE-F250-4B72-9D6D-2E7D26C1BAAE}: NameServer = 213.191.74.18 213.191.92.86
O18 - Protocol: bw+0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw+0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw-0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw-0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw00 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw00s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw10 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw10s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw20 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw20s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw30 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw30s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw40 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw40s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw50 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw50s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw60 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw60s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw70 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw70s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw80 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw80s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw90 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bw90s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwa0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwa0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwb0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwb0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwc0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwc0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwd0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwd0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwe0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwe0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwf0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwf0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwg0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwh0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwh0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwi0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwi0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwj0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwj0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwk0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwk0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwl0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwl0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwm0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwm0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwn0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwn0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwo0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwo0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwp0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwp0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwq0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwq0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwr0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwr0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bws0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bws0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwt0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwt0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwu0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwu0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwv0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwv0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bww0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bww0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwx0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwx0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwy0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwy0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwz0 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: bwz0s - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: offline-8876480 - {D85AF060-4670-4EC0-8CC6-77D8EBA2F1FF} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programme\SiteAdvisor\6066\SAService.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe

--
End of file - 18543 bytes
Geändert von Das Perd mit dem Virus (15.08.2007 um 18:50 Uhr)

Alt 15.08.2007, 18:37   #5
BataAlexander
> MalwareDB
 
Blick drauf setzen - Standard

Blick drauf setzen


Editiere das Log bitte noch, da gibt es einen Button "editieren".
Fixen kannst Du mit HJT, nachdem Du das System gescannt hast, es reicht "do a system scan only" Haken setzen und dann "Fix checked" wählen.

Dann ein neues Log posten. Killbox lief ohne Probleme durch? Da gibt es nun einen Ordner c:\Killbox! . Dort sollte ein Logfile liegen, dies auch posten, die Backups löschen.

Bata


Alt 15.08.2007, 18:48   #6
Das Perd mit dem Virus
 
Blick drauf setzen - Standard

Blick drauf setzen


Killbox lief ohne Probleme durch und die Backups sind nu gelöscht.



Mehr steht da nicht
Pocket Killbox version 2.0.0.881
Running on Windows XP as Pascal(Administrator)
was started @ Mittwoch, August 15, 2007, 7:12 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\ppfsys.exe


I Rebooted @ 7:19:43 PM
Killbox Closed(Exit) @ 7:20:08 PM
Geändert von Das Perd mit dem Virus (15.08.2007 um 19:02 Uhr)

Alt 15.08.2007, 18:59   #7
Das Perd mit dem Virus
 
Blick drauf setzen - Standard

Blick drauf setzen


So jetz hab ich dass gefixt.

Und ein neues Log hir:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:51, on 15.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\McAfee\MSK\MskAgent.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Programme\SiteAdvisor\6066\SiteAdv.exe
C:\Programme\Virtual CD v8\System\VC8Play.exe
C:\windows\hffext\hffsrv.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\BitTorrent\bittorrent.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Virtual CD v8\System\VC8Tray.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\McAfee\MSK\MskSrver.exe
C:\Programme\SiteAdvisor\6066\SAService.exe
C:\Programme\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Virtual CD v8\System\VC8SecS.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ISW\alice\signup\connctas.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Dokumente und Einstellungen\Pascal\Desktop\HiJackThis202.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.treiber.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2346CCE-F250-4B72-9D6D-2E7D26C1BAAE}: NameServer = 213.191.74.18 213.191.92.86
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programme\SiteAdvisor\6066\SAService.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe

--
End of file - 12634 bytes

Antwort

Themen zu Blick drauf setzen
ad-aware, antivir, dateien, desktop, einstellungen, explorer, firefox, hijack, hijackthis, internet, internet explorer, messenger, micro, microsoft, mozilla, mozilla firefox, msn, msn messenger, neustart., problem, programme, prozesse, siteadvisor, system, system32, trend micro, windows, windows xp


« Kein Rechtsklick mehr - keine Menüs anklickbar - Buffer Overrun | Ständig neue Popups- auch mit Adaware nicht zu löschen »


Ähnliche Themen: Blick drauf setzen


  1. Phisher setzen auf Geo-Blocking
    Nachrichten - 12.06.2015 (0)
  2. Akzente setzen nicht möglich
    Alles rund um Windows - 04.03.2011 (9)
  3. virus drauf, dachte entfernt, und dann doch wieder drauf, krieg den nicht runter
    Log-Analyse und Auswertung - 30.12.2010 (12)
  4. (Batch) Errorlevel auf 0 setzen
    Alles rund um Windows - 13.12.2008 (4)
  5. Wer wirft mal einen Blick drauf ?
    Log-Analyse und Auswertung - 18.11.2007 (6)
  6. seltsam. bitte mal einen blick drauf...
    Plagegeister aller Art und deren Bekämpfung - 12.11.2007 (17)
  7. Bitte ein blick drauf setzen
    Mülltonne - 15.08.2007 (3)
  8. Passwort setzen - Merkwürdigkeiten
    Alles rund um Windows - 19.06.2007 (3)
  9. Mal bitte nen Blick drauf werfen
    Mülltonne - 27.10.2006 (2)
  10. Verzeichnisrechte wie richtig setzen?
    Alles rund um Windows - 24.04.2006 (11)
  11. Bitte ein Blick drauf werfen
    Log-Analyse und Auswertung - 16.02.2006 (3)
  12. Könnt ihr da mal n Blick drauf werfen?
    Log-Analyse und Auswertung - 13.03.2005 (2)
  13. Bitte mal einen Blick drauf werfen
    Log-Analyse und Auswertung - 31.12.2004 (3)
  14. Kann mal jemand einen Blick drauf werfen?
    Log-Analyse und Auswertung - 27.12.2004 (1)
  15. Hijackthis log, wer kann mal einen Blick drauf werden?
    Log-Analyse und Auswertung - 27.09.2004 (8)
  16. Festplatte wieder auf 0 setzen
    Plagegeister aller Art und deren Bekämpfung - 22.04.2003 (19)
  17. Standardrechte setzen ...
    Alles rund um Mac OSX & Linux - 09.02.2003 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Blick drauf setzen - OT: Zitat: Dann hat Rene-gad wieder was vorgeschlagen. :aplaus: Unabhänig von den Virustotal Logs ist Dein HijackThis Logfile sehr unvollständig. Gab es beim ausführen Probleme? Hier noch mal eine bebilderte - Blick drauf setzen...
Archiv
Du betrachtest: Blick drauf setzen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131