| Retroman | 08.11.2010 18:46 |
Programm namens "Net Watcher"
Hallo liebe Board gemeinde.
Ich habe das problem das sich ein programm "Net watcher" bei mir eingenistet hat und ich nicht weiß woher es kommt es kam vom ein tag auf dem anderen.
Hier mal HJT Log Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:32, on 08.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\RemoteX\RemoteX.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Programme\VideoLAN\VLC\vlc.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\Mac Leopard\System\Finder\Styler Toolbar\TB\StylerTB.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\DSL-Manager\DslMgrSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: RemoteX Server (__RemoteX__) - PEEPLEware - C:\Programme\RemoteX\RemoteX.exe
--
End of file - 7001 bytes
Malwarebytes Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5059
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
08.11.2010 18:44:17
mbam-log-2010-11-08 (18-44-17).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138597
Laufzeit: 6 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und ccleaner Uninstall log Code:
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.1.85.3
Adobe Shockwave Player Adobe Systems Inc. 11.0.0.429
Alky for Applications (Windows XP) Falling Leaf Systems 1.0
Apple Application Support Apple Inc. 1.3.2
Apple Mobile Device Support Apple Inc. 3.2.0.47
Apple Software Update Apple Inc. 2.1.2.120
Audiosurf BestGameEver 1.00.0000
Avira AntiVir Personal – Free Antivirus Avira GmbH
AVS Update Manager 1.0 Online Media Technologies Ltd.
AVS Video Converter 7 Online Media Technologies Ltd.
AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd.
Bonjour Apple Inc. 2.0.3.0
CamStudio Lossless Codec
CCleaner Piriform 3.00
CursorXP
DebugMode Wax 2.0
Defraggler Piriform 1.21
DivX-Setup DivX, Inc. 2.1.2.2
DSL-Manager
DVDVideoSoftTB Toolbar
FlashFXP v3 IniCom Networks, Inc. 3.6.0.1240.4
Free Studio version 4.9.13 DVDVideoSoft Limited.
Google Chrome Google Inc. 7.0.517.44
HijackThis 2.0.2 TrendMicro 2.0.2
ICQ7.2 ICQ 7.2
Internet Explorer 7
Invision Invision 3.2
IrfanView (remove only) Irfan Skiljan 4.27
iTunes Apple Inc. 10.0.1.22
Java(TM) 6 Update 6 Sun Microsystems, Inc. 1.6.0.60
JDownloader AppWork UG (haftungsbeschränkt)
LogonStudio
Malwarebytes' Anti-Malware Malwarebytes Corporation
MediaCoder 0.7.5.4740 Broad Intelligence 0.7.5.4740
MediaPortal Team MediaPortal 1.1.1
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 4.0.30319
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
mIRC mIRC Co. Ltd. 7.14
Mozilla Firefox (3.6.12) Mozilla 3.6.12 (de)
Net Watcher
NVIDIA Drivers
NVIDIA Grafiktreiber 260.99 NVIDIA Corporation 260.99
NVIDIA nView 135.36 NVIDIA Corporation 135.36
NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 9.10.0514
Oracle VM VirtualBox 3.2.10 Oracle Corporation 3.2.10
QuickStores-Toolbar 1.1.0 AB-Tools.com 1.1.0
QuickTime Apple Inc. 7.68.75.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5.10.0.6167
RocketDock 1.3.5 Punk Software
Sereby's XP SP3 Updatepack Version 3.8.6 Sereby Version 3.8.6
SereneScreen Marine Aquarium 3 Prolific Publishing, Inc. 3.0
SnagIt 8 TechSmith Corporation 8.1.0
SpeedFan (remove only)
Spybot - Search & Destroy Safer Networking Limited 1.6.2
Stronghold Crusader Extreme Firefly Studios 1.20.0000
TightVNC 2.0.2 GlavSoft LLC. 2.0.2
Unlocker 1.9.0 Cedrick Collomb 1.9.0
VirtualCloneDrive Elaborate Bytes
VLC media player 1.1.4 VideoLAN 1.1.4
WhiteCap SoundSpectrum 5.4
Windows Sidebar Microsoft Corporation 6.0.6000.16386
WinRAR
xpize 5 Release 6 Franciso Moreno and David Rees 5.6
ZoneAlarm Check Point, Inc 7.0.362.000
Ich hoffe ihr könnt mir helfen
Mfg Retroman |
