|
Log-Analyse und Auswertung: HILFE! System-Performance-Monitor and more! :(Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.07.2008, 15:36 | #1 |
| HILFE! System-Performance-Monitor and more! :( Also gestern war mein Bruder am Pc und hat irgendwie ein paar Viren ( runtergeladen ?) bekommen.... Dann erschiehn der System Performance Monitor , von dem ich weiss das das ein Trojaner ist. Dann hab ich Kaspersky suchen lassen der hat dann ca. 1000 Viren gefunden!! Die meisten waren von den Programm QuickTime..was immer das ist ich habe es nicht installiert. Dann ist da noch so ein Programm das "WArning Center" heißt und wenn ich versuche das zu deinstallieren , steht da das ich den Computer rebooten muss. Was soll ich tun?Ich bin voll hiflos! und hier noch das HiJackThis-Log O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [V0330Cfg.exe] V0330Cfg.exe /d:3 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Macao\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - h**p://www.gateforietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - h**p://www.gateforietool.com/redirect.php(file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{651A84C3-8672-4054-8994-03C785F3ACAB}: NameServer = 195.50.140.252 195.50.140.114 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CS11\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) und sry Sunny bin neu hier und an alle DANKE schonmal Geändert von prEc (01.07.2008 um 15:55 Uhr) |
01.07.2008, 15:40 | #2 |
/// AVZ-Toolkit Guru | HILFE! System-Performance-Monitor and more! :( Erste Hilfe:
__________________- Dieser Anleitung folgen: SmitFraudFix -> Rapport posten. - Stelle bei Kaspersky die höchste Sicherheitsstufe ein und update die Signaturen. - Wechsel in den abgesicherten Modus und führe dort einen Vollscan durch. So wird der abgesicherte Modus am einfachsten aufgerufen: KLICK mich Entferne alles was gefunden wird! - Starte wieder im normalen Modus. - Überprüfe dein System mit SUPERAntiSpyware und Anti-Malware und poste die logs. - Räume mit CCleaner auf. Punkt 1 & 2- - Poste ein vernünftiges HJT log. Erstellung eines Hijacklog -Hier gibt es das Tool -> HijackThis -Speichere es in einem eigenen Ordner! (z.B.: c:\Hijackthis\) -Suche die Datei HiJackThis.exe und benenne sie um in 'This.com' (Klick rechte Maustaste -> umbenennen) -Starte nun mit Doppelklick auf This.com -Klicke auf den rot markierten Button Do a system scan and save a log file -Nach dem Scan öffnet sich ein Editor Fenster, kopiere nun dieses Logfile ab und füge es in deinen Beitrag im Forum mit ein) - Wichtig: Durchsuche das Log-File nach persönlichen Informationen, wie z.B. deinen Realname, und editiere diese, bevor Du es postest. - Alle Links im Log-File sollten wie folgt editiert werden -> z.B. h**p://meine-seite.de. Einfach, damit niemand auf die Idee kommt, auf die Links zu klicken. Eine bebilderte Anleitung findet sich in unserem FAQ-Bereich: HJT-Anleitung
__________________ |
01.07.2008, 19:36 | #3 |
| HILFE! System-Performance-Monitor and more! :( so....habe jetzt durchgemacht und nachdemich smitfraudfix benutzt habe , war ich schon erleichtert, denn "system performance monitor" war weg. dann hab ich SUPERAntiSpyware und Anti-Malware mal laufen lassen. die haben auch ein paar trojaner gefunden.
__________________hier sind die logs SuperAntiSpyware: UPERAntiSpyware Scan Log SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! Generated 07/01/2008 at 07:47 PM Application Version : 4.15.1000 Core Rules Database Version : 3494 Trace Rules Database Version: 1485 Scan type : Complete Scan Total Scan Time : 01:26:29 Memory items scanned : 694 Memory threats detected : 0 Registry items scanned : 6948 Registry threats detected : 55 File items scanned : 124930 File threats detected : 15 Trojan.FakeAlert-IEBT HKLM\Software\Classes\CLSID\{85BDD81D-31FD-4A6B-A73C-3955B128D2EC} HKCR\CLSID\{85BDD81D-31FD-4A6B-A73C-3955B128D2EC} HKCR\CLSID\{85BDD81D-31FD-4A6B-A73C-3955B128D2EC} HKCR\CLSID\{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}\Implemented Categories HKCR\CLSID\{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}\InprocServer32 HKCR\CLSID\{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}\InprocServer32#ThreadingModel C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBR.DLL HKLM\Software\Classes\CLSID\{B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} HKCR\CLSID\{B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} HKCR\CLSID\{B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1}#ddd HKCR\CLSID\{B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1}\InprocServer32 HKCR\CLSID\{B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1}\InprocServer32#ThreadingModel C:\PROGRAM FILES\WEB TECHNOLOGIES\IEBT.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{85BDD81D-31FD-4A6B-A73C-3955B128D2EC} HKCR\CLSID\{B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} Adware.Tracking Cookie C:\Users\Macao\AppData\Roaming\Microsoft\Windows\Cookies\macao@atdmt[4].txt C:\Users\Macao\AppData\Roaming\Microsoft\Windows\Cookies\macao@atdmt[1].txt ad.yieldmanager.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .toplist.cz [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .gjacket.adbureau.net [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .doubleclick.net [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .atdmt.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .msnportal.112.2o7.net [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .adfarm1.adition.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] cpx.mediascale.de [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .komtrack.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .komtrack.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] mediamgr.ugo.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .imrworldwide.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .imrworldwide.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .fastclick.net [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .fastclick.net [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .fastclick.net [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .fastclick.net [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .fastclick.net [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .mediaplex.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] .apmebf.com [ C:\Users\Macao\AppData\Roaming\Mozilla\Firefox\Profiles\l3v4h184.default\cookies.txt ] Adware.180solutions/Seekmo HKCR\AppId\SeekmoSA_df.exe HKCR\AppId\SeekmoSA_df.exe#AppID HKCR\AppId\{4A40E8FC-C7E4-4F57-9FA4-85DD77402897} HKU\S-1-5-21-1224570434-3455587005-421831642-1003\Software\seekmosa C:\Users\Macao\AppData\Roaming\Seekmo C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Uninstall Instructions.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo Trojan.DNSChanger-Codec HKCR\VideoKey HKCR\VideoKey\CLSID HKU\S-1-5-21-1224570434-3455587005-421831642-1003\Software\VideoKey C:\Users\Macao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoKey Trojan.Media-Codec/V4 HKCR\videoPl.chl HKCR\videoPl.chl\CLSID Adware.Zango/ShoppingReport HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32 HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32 HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32 HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version HKU\S-1-5-21-1224570434-3455587005-421831642-1003\Software\ShoppingReport HKLM\Software\ShoppingReport HKLM\Software\ShoppingReport#affid HKLM\Software\ShoppingReport#Version HKLM\Software\ShoppingReport#ProductName HKLM\Software\ShoppingReport#requestor HKLM\Software\ShoppingReport#SG_Not_Set C:\Program Files\ShoppingReport\Bin\2.5.0 C:\Program Files\ShoppingReport\Bin C:\Program Files\ShoppingReport Adware.Vundo Variant/Rel HKU\S-1-5-21-1224570434-3455587005-421831642-1003\Software\Microsoft\rdfa Rogue.AntiVirus 2008 Pro HKU\S-1-5-21-1224570434-3455587005-421831642-1003\Software\antivirus 2008 pro C:\Users\Macao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk Adware.180solutions/Seekmo/Zango C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPCLNTAX_SEEKMOSA.DLL Anti-Malware: Malwarebytes' Anti-Malware 1.19 Datenbank Version: 911 Windows 6.0.6001 Service Pack 1 20:24:52 01.07.2008 mbam-log-7-1-2008 (20-24-46).txt Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 151855 Scan Dauer: 53 minute(s), 14 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 18 Infizierte Registrierungswerte: 2 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 10 Infizierte Dateien: 14 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b8301af7-d00e-4ea4-87c1-5ff4644fbba1} (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8301af7-d00e-4ea4-87c1-5ff4644fbba1} (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Antivirus 2008 PRO (Rogue.Antivirus2008) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> No action taken. HKEY_CLASSES_ROOT\videokey (Trojan.DNSChanger) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\VideoKey (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> No action taken. Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken. C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken. C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoKey (Trojan.DNSChanger) -> No action taken. C:\Users\Macao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoKey (Trojan.DNSChanger) -> No action taken. C:\Users\Macao\AppData\Roaming\Seekmo (AdWare.Agent) -> No action taken. C:\ProgramData\SeekmoSA (Adware.Seekmo) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo (Adware.Seekmo) -> No action taken. C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken. C:\Users\Macao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus 2008 PRO (Rogue.Antivirus2008) -> No action taken. Infizierte Dateien: C:\Program Files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll (Adware.Zango) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoKey\Uninstall.lnk (Trojan.DNSChanger) -> No action taken. C:\ProgramData\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> No action taken. C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht (Adware.Seekmo) -> No action taken. C:\ProgramData\SeekmoSA\SeekmoSAau.dat (Adware.Seekmo) -> No action taken. C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht (Adware.Seekmo) -> No action taken. C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat (Adware.Seekmo) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Reset Cursor.lnk (Adware.Seekmo) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk (Adware.Seekmo) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seekmo\Seekmo Uninstall Instructions.lnk (Adware.Seekmo) -> No action taken. C:\Users\Macao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk (Rogue.Antivirus2008) -> No action taken. C:\Users\Macao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> No action taken. und noch HiJackThis: Logfile of HijackThis v1.99.1 Scan saved at 20:34:09, on 01.07.2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Users\Macao\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Macao\Desktop\this.com.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\http://www.samsungcomputer.com]SAMSUNG NOTEBOOK PC R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [V0330Cfg.exe] V0330Cfg.exe /d:3 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Macao\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{651A84C3-8672-4054-8994-03C785F3ACAB}: NameServer = 195.50.140.252 195.50.140.114 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.82 85.255.112.88 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) ich hoffe ich hab nix falsches gemacht. und besonderen dank an undoreal , da er so schnell geantwortet hat : DANKE! |
01.07.2008, 21:23 | #4 |
/// AVZ-Toolkit Guru | HILFE! System-Performance-Monitor and more! :( Führe den Anti-Malware Scan nochmal aus und lasse alles löschen was gefunden wird! -- Rogue Spyware -- * Downloade RVAXO.exe von hier --> http://home.hetnet.nl/~stefsmeenk/RVAXO.exe * Speichere es auf dem Desktop. * starte die RVAXO.exe mit einem Doppelklick * eventuell öffnet sich ein Uninstaller * schliesse ihn nicht, lass das Programm laufen * Starte deinen Rechner danach neu * nach dem Neustart mach einen Doppelklick auf die RVAXO.exe * ist sehr wichtig! * das Logfile findest du hier: C:\RVAXO-results.log
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
Themen zu HILFE! System-Performance-Monitor and more! :( |
adobe, agere systems, avp, avp.exe, bonjour, computer, cs3, defender, hijack, icq, jusched.exe, kaspersky, microsoft, monitor, mssql, neu, performance, programm, schutz, software, suche, svchost.exe, system, unknown file in winsock lsp, viren, warning, windows, windows defender, winlogon, wmp |