IE Fenster öffnen sich von alleine.Brauch dringend Hilfe!!!

Sam2504 · 21.02.2008, 16:58

Hi
Bei mir öffnen sich IE fenster von ganz alleine!
Das geht mir mittlerweile tierisch auf die Nerven...

Helft mir bitte!!!

Logfile of HijackThis v1.99.1
Scan saved at 16:55:18, on 21/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\libusbd-nt.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = h**p://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.tele2.lu/redirect/startpage/adsl/fra
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\System32\drvxis.dll,startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [700ec599] rundll32.exe "C:\WINDOWS\System32\ndtdkile.dll",b
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\xdciielh.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

Chris4You · 21.02.2008, 17:19

Hi,

bevor ich mich verkünstelte, comboFix und danach noch mal ein HJ-Log;

Lade es von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Danach HJ-Log;

Folgende Dateien sind verdächtig (mal sehen ob sie combofix sie eleminiert):
C:\WINDOWS\System32\xdciielh.exe (ev. schon gelöscht)
C:\WINDOWS\System32\ndtdkile.dll
C:\WINDOWS\System32\drvxis.dll

Fixe die Einträge mit "h**p://search.imesh.com/..." im HJ-Log;

Was ist das hier für ein Programm:
C:\Program Files\AdVantage\AdVantage.exe <- könnte was sein, Prozess killen und dann von Platte löschen/umbennen..

Es sind noch einige Rest von Trojanern in der Registry...

chris

boston · 21.02.2008, 17:42

hallo chris4you,
ob eine bereinigung
bei zlob
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
mit sp2 sinnvoll ist, darüber gibts ja geteilte meinungen.
aber bei sp1?
und außer zlob ist da ja noch einiges anderes im argen.

Chris4You · 21.02.2008, 18:11

Hi,

ja mal sehen was noch so zum Vorschein kommt...
Ziel sollte sein, den Rechner soweit sauber zu bekommen, dass ein "gefahrloses" Backup der Daten möglich ist mit anschließendem Neuaufsetzen...

chris

boston · 21.02.2008, 18:28

@chris4you
ahh, ich verstehe.
aber dann weiß sam2504 zumindest, worauf es hinausläuft.

Sam2504 · 21.02.2008, 19:55

Hi nochmal
Hab nur das mit dem combofix gemacht
Das hat schon alles weggeputzt =D
Vielen dank an alle!

Chris4You · 22.02.2008, 08:10

Hi,

langsam, bitte das ComboLog einstellen, damit wir sehen was sonst noch auf der Platte rumlungerte...
Wie von boston vorgeschlagen, solltest Du (wahrscheinlich) komplett neu aufsetzten, da die kleinen Viecher Dir schon wichtige Systemeinstellungen/Security geändert haben (Ports geöffnet etc.), u. U. hatten auch schon Häcker Zugriff und sich Daten besorgt (Passwörter etc.)...

chris

Sam2504 · 20.03.2008, 18:18

Hi nochmal
hab seitdem nicht mehr vorbeigeschaut...
jetzt geht's wieder los =(

Also...

Mein HJ log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:44, on 20/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.tele2.lu/redirect/startpage/adsl/fra
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1203550067.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MIME Type Support Dll - {ED045E50-1DD5-4FA1-B468-E624CC585D3A} - C:\WINDOWS\System32\mimtcore.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\System32\drvxis.dll,startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: jgxwwnoz - jgxwwnoz.dll (file missing)
O20 - Winlogon Notify: jqjpoxkh - jqjpoxkh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - h**p://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

--
End of file - 8322 bytes

ComboFix:
ComboFix 08-03-18.1 - xxx 2008-03-20 18:00:18.3 - NTFSx86
Endroit: C:\Documents and Settings\xxx\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
.

2008-03-20 17:48 . 2008-03-20 17:48 <REP> d-------- C:\Program Files\Trend Micro
2008-03-20 17:30 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-03-20 17:29 . 2005-01-18 14:23 628,736 --a------ C:\WINDOWS\system32\ltocx12n.ocx
2008-03-20 17:29 . 2005-01-18 17:35 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2008-03-20 17:29 . 2005-01-18 17:36 282,624 --a------ C:\WINDOWS\system32\camcpl.cpl
2008-03-20 17:29 . 2005-01-18 14:23 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2008-03-20 17:29 . 2005-01-18 14:23 192,512 --a------ C:\WINDOWS\system32\ltscr12n.ocx
2008-03-20 17:29 . 2003-06-09 19:39 29,795 --a------ C:\WINDOWS\system32\ITIG726.acm
2008-03-20 01:06 . 2008-03-20 01:51 <REP> d-------- C:\Program Files\MagicISO
2008-03-20 01:01 . 2008-03-20 01:52 <REP> d-------- C:\Program Files\SlySoft
2008-03-20 01:01 . 2008-03-20 01:01 24 --ahs---- C:\WINDOWS\SFAFF9EF0.tmp
2008-03-20 00:48 . 2008-03-20 00:48 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2008-03-20 00:48 . 2008-03-20 00:48 <REP> d-------- C:\Documents and Settings\xxx\Application Data\FotoWire
2008-03-20 00:06 . 2008-03-20 00:06 <REP> d-------- C:\Documents and Settings\xxx\Tracing
2008-03-20 00:06 . 2008-03-20 00:06 <REP> d-------- C:\Documents and Settings\xxx\Tracing
2008-03-19 06:09 . 2006-09-16 23:21 2,332,368 --a------ C:\WINDOWS\system\d3dx9_29.dll
2008-03-19 05:53 . 2008-03-19 05:53 <REP> d-------- C:\Program Files\Radical Games
2008-03-17 00:30 . 2008-03-20 01:49 <REP> d-------- C:\Program Files\SuperAVConverter
2008-03-17 00:29 . 2008-03-17 00:29 <REP> d-------- C:\Program Files\Real Alternative
2008-03-10 01:01 . 2008-03-10 22:35 <REP> d-------- C:\Program Files\eMule
2008-03-09 14:59 . 2002-12-12 02:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-29 11:37 . 2008-02-29 11:37 <REP> d-------- C:\Documents and Settings\xxx\Application Data\AVSMedia
2008-02-29 11:37 . 2008-02-29 11:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-02-29 11:34 . 2008-02-29 11:36 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-02-29 11:33 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-29 11:32 . 2008-02-29 11:32 <REP> d-------- C:\Program Files\AVSMedia
2008-02-26 01:36 . 2008-03-20 01:49 <REP> d-------- C:\Program Files\Project64 1.6
2008-02-21 00:27 . 2008-02-21 00:27 <REP> d-------- C:\Program Files\Sotfone
2008-02-21 00:27 . 2008-02-21 00:27 <REP> d-------- C:\Program Files\NetProject
2008-02-20 17:11 . 2008-02-20 17:11 18,944 --a------ C:\WINDOWS\system32\drvxis.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:55 --------- d-----w C:\Documents and Settings\xxx\Application Data\Skype
2008-03-20 16:28 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-03-20 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 16:27 --------- d-----w C:\Program Files\Logitech
2008-03-20 16:11 --------- d-----w C:\Documents and Settings\xxx\Application Data\Azureus
2008-03-20 00:51 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-19 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 23:08 --------- d-----w C:\Program Files\Windows Live
2008-03-19 12:56 --------- d-----w C:\Program Files\Azureus
2008-03-16 17:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-06 21:30 --------- d-----w C:\Documents and Settings\xxx\Application Data\LimeWire
2008-02-29 17:03 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-14 13:14 --------- d-----w C:\Program Files\Adusoft PSP Video Converter
2008-02-13 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-13 21:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-09 11:32 --------- d-----w C:\Documents and Settings\xxx\Application Data\VideoEgg
2008-02-09 03:45 --------- d-----w C:\Program Files\Rockstar Games
2008-02-09 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-08 02:37 28,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-08 02:28 --------- d-----w C:\Program Files\EA GAMES
2008-02-08 00:52 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-02-06 08:07 1,194,255 ----a-w C:\WINDOWS\system32\qrbfuefh.tmp
2008-02-06 08:04 90,688 ----a-w C:\WINDOWS\system32\hfeufbrq.dll
2008-02-04 11:43 --------- d-----w C:\Program Files\Easiestutils
2008-02-04 11:29 --------- d-----w C:\Program Files\Fichiers communs\Eltima Shared
2008-02-04 11:29 --------- d-----w C:\Program Files\Eltima Software
2008-02-04 11:29 --------- d-----w C:\Documents and Settings\xxx\Application Data\Eltima Software
2008-02-04 11:26 --------- d-----w C:\Program Files\FDRLab
2008-02-04 05:56 --------- d-----w C:\Program Files\DVDVideoSoft
2008-02-04 05:48 --------- d-----w C:\Program Files\Xilisoft
2008-02-03 15:13 --------- d-----w C:\Documents and Settings\xxx\Application Data\Moyea
2008-02-03 15:10 --------- d-----w C:\Documents and Settings\xxx\Application Data\Ringtone
2008-02-03 13:13 --------- d-----w C:\Documents and Settings\xxx\Application Data\PC Tools
2008-02-03 12:45 15,872 ----a-w C:\WINDOWS\system32\drvdat.dll
2008-02-01 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-01 16:44 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2008-02-01 16:42 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-01 16:42 --------- d-----w C:\Documents and Settings\xxx\Application Data\Sony Corporation
2008-01-31 20:24 --------- d-----w C:\Program Files\Alwil Software
2008-01-30 08:24 --------- d-----w C:\Program Files\ECP Works
2008-01-30 08:09 --------- d-----w C:\Program Files\EA SPORTS
2008-01-29 22:32 --------- d--h--r C:\Documents and Settings\xxx\Application Data\SecuROM
2008-01-28 14:05 --------- d-----w C:\Program Files\Picasa2
2008-01-28 14:05 --------- d-----w C:\Program Files\Google
2008-01-25 01:23 --------- d-----w C:\Program Files\VideoLAN
2008-01-25 01:23 --------- d-----w C:\Documents and Settings\xxx\Application Data\vlc
2008-01-24 03:43 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-24 03:41 --------- d-----w C:\Documents and Settings\xxx\Application Data\DAEMON Tools
2008-01-24 03:39 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-22 05:39 --------- d-----w C:\Documents and Settings\xxx\Application Data\Media Player Classic
2008-01-22 05:32 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-12-29 02:22 4,096 ----a-w C:\WINDOWS\system32\Run32.dll
2007-12-29 02:13 307,200 ----a-w C:\WINDOWS\system32\MultLang.dll
2007-12-25 04:19 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2006-06-10 17:04 43,104 ----a-w C:\Documents and Settings\xxx\Application Data\GDIPFONTCACHEV1.DAT
2003-12-07 20:30 0 ---ha-w C:\Documents and Settings\xxx\Application Data\hpothb07.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}]
2008-02-21 00:27 14848 --a------ C:\Program Files\Sotfone\1203550067.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED045E50-1DD5-4FA1-B468-E624CC585D3A}]
C:\WINDOWS\System32\mimtcore.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 16:37 20053032]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 12:00 13312]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-03-20 17:28 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 13:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 13:16 741376 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 54784 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 11:05 212992]
"AME_CSA"="amecsa.cpl" [2002-09-10 08:55 692224 C:\WINDOWS\system32\AmeCSA.cpl]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"MSDisp32"="C:\WINDOWS\System32\drvxis.dll" [2008-02-20 17:11 18944]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-30 12:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-20 17:28:10 450560]
Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Sitecom WL-171 Wireless LAN Card\Installer\WLANUTL.exe [2007-03-29 19:33:55 913408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jgxwwnoz]
jgxwwnoz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jqjpoxkh]
jqjpoxkh.dll

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2004-04-15 19:53:13 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1065296879.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2008-03-20 18:03:36
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSControlService]
"ImagePath"="C:\WINDOWS\System32\windows"
.
Temps d'accomplissement: 2008-03-20 18:05:27
ComboFix-quarantined-files.txt 2008-03-20 17:05:17

Mellosun · 20.03.2008, 18:46

Zitat:

Zitat von Sam2504

Hi nochmal
hab seitdem nicht mehr vorbeigeschaut...
jetzt geht's wieder los =(

Das kommt davon wenn man mitten in der Bereinigung/Analyse abhaut und meint, es ist erledigt!

Ich glaub nicht, das Dir jetzt noch jemand helfen wird (ich würde es jedenfalls nicht tun)....und wie Chris4You
damals schon verlauten ließ, setze Deine Kiste neu auf.....folge dazu den Link in meiner SIG!
SP2 (in kürze sogar das SP3) ist pflicht!

IE Fenster öffnen sich von alleine.Brauch dringend Hilfe!!!

Log-Analyse und Auswertung: IE Fenster öffnen sich von alleine.Brauch dringend Hilfe!!!