| |
| |||||||
Log-Analyse und Auswertung: Google-Anfragen werden umgeleitet (eMule etc.)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.05.2009, 12:50
| #1 |
| |  Google-Anfragen werden umgeleitet (eMule etc.) Ich hab ein Problem: Mein neuerdings ziemlich Virenverseuchter Rechner leitet mich beim googlen gerne mal auf die Startseite von eMule oder Werbung für irgendeinen SAFEzilla oder so weiter. Auch unterbindet er Anfragen nach sich selbst und anderen Trojanern über Google. Ich scheine mir also einen DNS Changer (?) eingefangen zu haben. Gibt es eine Möglichkeit ihn ohne Neuaufsetzen loszuwerden? HijackThis Logfile: (Musste die HJT .exe umbenennen ums zu starten) Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48:22, on 30.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ALCFDRTM.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Trend Micro\HijackThis\Cpy of HijakThs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD3BBD8-70BF-41C3-B344-94F7C2E5EDBD}: NameServer = 85.255.112.155,85.255.112.153 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 6153 bytes Ich hoffe mir kann jemand helfen! Geändert von Infiziert (30.05.2009 um 12:51 Uhr) Grund: fehlende Klammer |
|
30.05.2009, 13:19
| #2 |
| Gesperrt | Google-Anfragen werden umgeleitet (eMule etc.) Ich rate Dir mal neuaufzusetzen (falls Du nicht aus der Ukraine bist)
__________________Deine IP wird zur Zeit umgeleitet (besser gesagt übernommen) Rechner Neuaufsetzen halte ich für die beste Lösung. www.wieistmeineip.de Code:
ATTFilter O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD3BBD8-70BF-41C3-B344-94F7C2E5EDBD}: NameServer = 85.255.112.155,85.255.112.153
Geändert von Hansebanger (30.05.2009 um 14:00 Uhr) |
|
30.05.2009, 17:00
| #3 |
| | Google-Anfragen werden umgeleitet (eMule etc.) Hmmm... Aber wenn mein System doch sowieso hin ist, kann ich´s doch wenigstens mal versuchen:
__________________Hier mal ein Combofix-Log: Code:
ATTFilter ComboFix 09-05-29.01 - Snemelc 30.05.2009 17:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1033.18.3326.2933 [GMT 2:00]
ausgeführt von:: c:\documents and settings\Snemelc\Desktop\ComboFixe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Snemelc\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Snemelc\LOCALS~1\Temp\tmp2.tmp
C:\install.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\gxvxclitakasvsagppyxedvjsnqmmcrontjpp.sys
c:\windows\system32\gxvxctpenrdoslaksifiektfqigppnxlldfmm.dll
c:\windows\system32\gxvxcyqrgoquglmjshkralaextktpriyvqjuq.dll
c:\windows\system32\x64
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((( Dateien erstellt von 2009-04-28 bis 2009-05-30 ))))))))))))))))))))))))))))))
.
2009-05-30 11:46 . 2009-05-30 11:46 -------- d-----w c:\program files\Trend Micro
2009-05-28 16:42 . 2009-05-28 16:42 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-28 16:33 . 2009-05-29 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-28 16:32 . 2009-05-28 16:32 -------- d-----w c:\documents and settings\Snemelc\Local Settings\Application Data\iPodSoft
2009-05-28 16:26 . 2009-05-28 16:26 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-05-28 15:25 . 2009-05-28 15:25 130 ----a-w c:\documents and settings\Snemelc\Local Settings\Application Data\fusioncache.dat
2009-05-28 15:10 . 2009-05-28 15:10 -------- d-----w c:\program files\Total Video Converter
2009-05-28 12:12 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-28 12:12 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-28 12:12 . 2009-05-28 12:12 -------- d-----w c:\program files\iPod
2009-05-28 12:12 . 2009-05-28 12:12 -------- d-----w c:\program files\iTunes
2009-05-28 12:12 . 2009-05-28 12:12 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-28 12:11 . 2009-05-28 12:11 -------- d-----w c:\program files\Bonjour
2009-05-28 12:10 . 2009-05-28 12:10 -------- d-----w c:\program files\Apple Software Update
2009-05-28 12:10 . 2009-03-26 13:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-28 12:10 . 2009-03-26 13:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-28 12:10 . 2009-05-28 12:12 -------- d-----w c:\program files\Common Files\Apple
2009-05-19 17:27 . 2009-05-19 17:27 20480 ----a-w c:\windows\system32\H@tKeysH@@k.DLL
2009-05-18 16:37 . 2009-05-19 16:50 -------- d-----w c:\program files\ArtMoney
2009-05-12 18:20 . 2009-05-12 18:30 -------- d-----w c:\program files\Thief - Deadly Shadows
2009-05-08 20:18 . 2009-05-08 20:18 -------- d-sh--w c:\documents and settings\*****\IETldCache
2009-05-08 06:53 . 2009-05-08 06:53 -------- d-----w c:\program files\A4Tech
2009-05-04 10:12 . 2008-04-25 17:41 218624 ----a-w c:\windows\system32\dllcache\uxtheme.dll
2009-05-01 13:05 . 2009-05-01 13:05 -------- d-----w c:\program files\Eidos
2009-05-01 13:04 . 2009-05-01 13:04 -------- d-sh--w c:\windows\ftpcache
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 14:49 . 2009-01-08 07:41 -------- d-----w c:\documents and settings\Snemelc\Application Data\Skype
2009-05-30 14:43 . 2009-01-08 07:43 -------- d-----w c:\documents and settings\Snemelc\Application Data\skypePM
2009-05-29 15:12 . 2008-04-25 13:07 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 13:50 . 2008-07-10 13:08 -------- d-----w c:\documents and settings\Snemelc\Application Data\Apple Computer
2009-05-28 15:25 . 2007-06-30 18:39 25416 ----a-w c:\documents and settings\Snemelc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 13:18 . 2008-04-16 13:35 -------- d-----w c:\documents and settings\Snemelc\Application Data\dvdcss
2009-05-28 12:11 . 2008-07-08 14:37 -------- d-----w c:\program files\QuickTime
2009-05-26 15:59 . 2009-02-21 12:07 1 ----a-w c:\documents and settings\Snemelc\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-18 16:09 . 2007-07-01 01:00 -------- d-----w c:\program files\FLVPlayer
2009-05-12 18:20 . 2007-06-30 21:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 15:38 . 2009-01-08 14:29 -------- d-----w c:\documents and settings\Snemelc\Application Data\Hamachi
2009-05-08 20:18 . 2008-10-11 11:37 25024 ----a-w c:\documents and settings\Elisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 13:50 . 2009-03-18 12:55 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-04-27 13:50 . 2009-03-18 12:55 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-24 07:45 . 2008-02-03 14:09 -------- d-----w c:\program files\Bethesda Softworks
2009-04-22 14:20 . 2009-04-22 14:20 78104 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-22 14:20 . 2009-04-22 14:20 -------- d-----w c:\program files\MSBuild
2009-04-18 17:26 . 2009-03-22 14:31 -------- d-----w c:\program files\Savage 2 - A Tortured Soul
2009-04-18 15:58 . 2009-04-18 15:46 2285056 ----a-w c:\windows\system32\TUKernel.exe
2009-04-18 15:48 . 2009-04-18 15:48 5536256 ----a-w c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
2009-04-18 15:30 . 2009-04-18 15:30 -------- d-----w c:\documents and settings\Snemelc\Application Data\TuneUp Software
2009-04-18 15:30 . 2009-04-18 15:30 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-18 15:29 . 2009-04-18 15:29 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-17 09:26 . 2009-04-17 09:26 -------- d-----w c:\program files\Smallvideosoft
2009-04-15 12:37 . 2008-03-25 19:26 -------- d-----w c:\program files\Ubisoft
2009-04-15 12:23 . 2008-03-25 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-04-13 13:28 . 2008-02-16 14:10 -------- d-----w c:\documents and settings\Snemelc\Application Data\gtk-2.0
2009-04-09 15:22 . 2008-12-15 15:57 -------- d-----w c:\program files\THQ
2009-04-08 11:33 . 2007-06-30 17:44 -------- d-----w c:\program files\Java
2009-04-08 11:32 . 2009-04-08 11:32 152576 ----a-w c:\documents and settings\Snemelc\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 07:59 . 2007-07-01 01:14 -------- d-----w c:\program files\Common Files\Real
2009-04-05 18:40 . 2009-01-08 14:29 17480 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-04 15:28 . 2008-02-13 10:10 -------- d-----w c:\program files\ICQToolbar
2009-04-04 15:27 . 2008-10-01 15:33 -------- d-----w c:\program files\AGEIA Technologies
2009-04-04 15:23 . 2009-02-12 08:46 -------- d-----w c:\program files\Netdevil
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-09 03:19 . 2008-12-15 15:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2006-05-03 09:06 . 2008-12-18 16:52 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-12-18 16:52 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-12-18 16:52 216064 --sh--r c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"="c:\program files\ABIT\uGuru\uGuru.exe" [2006-10-24 417792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\Die Schlacht um Mittelerde II\\patchget.dat"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus.ex"=
"c:\\Program Files\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos\\Warhammer.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\Eidos\\Conflict Global Storm\\ConflictGlobal.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Online\\System\\SCDA_online.exe"=
"c:\\Program Files\\Bluebyte\\Die Siedler 4\\S4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [21.12.2008 11:32 14592]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [18.03.2009 14:55 108289]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20.07.2007 18:40 84992]
S1 ntiomin;ntiomin; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners
2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
SafeBoot-procexp90.Sys
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
FF - ProfilePath - c:\documents and settings\Snemelc\Application Data\Mozilla\Firefox\Profiles\uqmkooqm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://upload.wikimedia.org/wikipedia/commons/5/57/Color_icon_white.svg
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX Richtlinien ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 17:53
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1177238915-682003330-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{105AB42D-9E7F-77D2-CB81-F918402A4D63}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gajiodehemohim"=hex:61,69,6f,6d,66,69,6d,6f,6c,62,69,6f,6d,6f,6c,68,70,68,68,
6f,6a,68,62,6a,6c,6c,6d,6c,61,6e,6c,67,68,63,65,6b,65,65,6c,6c,66,64,63,70,\
[HKEY_USERS\S-1-5-21-1177238915-682003330-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ff,18,7f,35,d0,26,bb,37,fa,4a,3f,f5,f3,01,a2,12,a1,93,dc,b1,1a,1e,0e,
30,5d,50,5d,d9,53,36,21,8e,af,53,b1,f9,00,82,10,fc,ff,73,90,19,6b,44,bd,09,\
"??"=hex:01,88,ee,7b,84,89,8c,00,17,a7,e9,fd,25,b4,66,df
[HKEY_USERS\S-1-5-21-1177238915-682003330-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:b6,7d,97,a3,bf,f6,62,47,a4,e5,e5,5d,e3,15,93,6a,4e,14,c4,2b,e1,
b8,82,62,df,4c,f6,bb,ee,8b,64,e8,f3,33,6e,94,27,d9,a9,d5,98,7a,cc,9c,8d,5a,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2009-05-30 17:54
ComboFix-quarantined-files.txt 2009-05-30 15:54
Vor Suchlauf: 17.124.560.896 bytes free
Nach Suchlauf: 19.910.193.152 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
230 --- E O F --- 2009-05-13 18:24
Aktuelles HJT-Log Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59:47, on 30.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\Cpy of HijakThs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5340 bytes |
|
30.05.2009, 17:44
| #4 |
| | Google-Anfragen werden umgeleitet (eMule etc.) Neues HJT Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:15, on 30.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\ALCFDRTM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5838 bytes @Hansebanger Sieht sauber aus... Also entweder warst du zu voreilig oder der Virus ist noch da. Aber ich finde das Ergebnis für die eintägige Arbeit eines 15jährigen in Eigenregie ganz passabel  Ich habe erst Combofix (Fand 3 Rootkits) und dann Superantispyware (Fand 19 adcookies und 1 TrojanDNSChanger) benutzt. |
|
| Themen zu Google-Anfragen werden umgeleitet (eMule etc.) |
| antivir, antivir guard, avira, bho, bonjour, cs3, desktop, explorer, firefox, frage, google, hkus\s-1-5-18, internet, internet explorer, leitet, logfile, mozilla, object, plug-in, problem, software, starten, system, trojaner, werbung, windows, windows xp |
Linear-Darstellung
