| |
| |||||||
Mülltonne: Hilfe!!! Habe Worm.Win32.NetSky!!Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
10.02.2008, 10:45
| #1 |
| |  Hilfe!!! Habe Worm.Win32.NetSky!! habe seit heute in der früh immer fehlermeldungen in bezug auf Worm.Win32.NetSky! habe im forum gelesen das man mit HijackThis ein logfile machen soll und es posten soll!Hier also das log-file! Ware super wenn mir jemand helfen könnte das Problem zu beheben habe nämlich keine Lust meinen Laptop neu zu formatieren! Was soll ich jetzt weiteres machen?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:11, on 10.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Novell\XTAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Programme\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Macrogaming\SweetIM\SweetIM.exe C:\Programme\App's\DAEMON Tools Pro\DTProAgent.exe C:\Programme\DNA\btdna.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Borland\InterBase\bin\ibguard.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\TwinCAT\EventLogger\TcEventLogger.exe C:\TwinCAT\TCATSysSrv.exe C:\Programme\App's\vcd8\System\VC8SecS.exe C:\Programme\Gemeinsame Dateien\Siemens\sws\almsrv\almsrvx.exe C:\Programme\Borland\InterBase\bin\ibserver.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Programme\MSN Messenger\livecall.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.direkt.at R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.aon.at R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.50.252:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\App's\BitComet\tools\BitCometBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SXG Advisor - {A07DAFB6-2697-4528-A41B-6D77C1D63396} - C:\WINDOWS\dmdqdrxltr.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: emotrlq - {8D3E6E15-CA58-4534-B681-6962B23CD4B3} - C:\WINDOWS\emotrlq.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [bm] "C:\Programme\Gemeinsame Dateien\SichererAntivirus\bm.exe" dm=http://sichererantivirus.com ad=http://sichererantivirus.com sd=http://amesser.sichererantivirus.com O4 - HKLM\..\Run: [ptask] C:\Programme\SichererAntivirus\ptask.exe O4 - HKLM\..\Run: [AAWTray] C:\Programme\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKLM\..\RunOnce: [RVAXO] RVAXO.bat O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\App's\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\App's\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\App's\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\App's\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download with NetPumper - C:\Programme\App's\NetPumper\AddUrl.htm O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Programme\Windows Live Toolbar\Components\en-ie\msntabres.dll.mui/229?90a20ddd120f4fd597acd55b54fa4857 O8 - Extra context menu item: Open in new foreground tab - res://C:\Programme\Windows Live Toolbar\Components\en-ie\msntabres.dll.mui/230?90a20ddd120f4fd597acd55b54fa4857 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_01\bin\npjpi141_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_01\bin\npjpi141_01.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\App's\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\App's\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file:///C:/Programme/proeWildfire%203.0/i486_nt/obj/pvx_install.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5ED5F3D6-B829-413B-A5D9-7523D35D45A3}: NameServer = 192.168.50.253 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O21 - SSODL: bdmnopx - {30AEE9D5-A8B9-49F8-A3BD-E5A3579BEA8C} - C:\WINDOWS\bdmnopx.dll O21 - SSODL: admggxp - {6831336C-693B-400A-80BA-0B11ED7C2B27} - C:\WINDOWS\admggxp.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automation License Key Service (almservice) - SIEMENS AG - C:\Programme\Gemeinsame Dateien\Siemens\sws\almsrv\almsrvx.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Programme\Borland\InterBase\bin\ibserver.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TcEventLogger - Unknown owner - C:\TwinCAT\EventLogger\TcEventLogger.exe O23 - Service: TwinCAT System Service - BECKHOFF Automation - C:\TwinCAT\TCATSysSrv.exe O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\App's\vcd8\System\VC8SecS.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe -- End of file - 13390 bytes |
| Themen zu Hilfe!!! Habe Worm.Win32.NetSky!! |
| 0 bytes, ad-aware, adobe, appinit_dlls, bho, browser, components, drivers, explorer, firefox, helfen, heulen, hijack, hijackthis, hilfe!!, hilfe!!!, hkus\s-1-5-18, internet, internet explorer, internet security, kaspersky, konvertieren, log-file, logfile, mozilla, mozilla firefox, pdf, pdf-datei, problem, rundll, s-1-5-18, security, senden, software, super, sweetim, system, windows, windows xp, windows\system32\drivers, wmid, worm.win32.netsky |
Linear-Darstellung
