Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Spy Falcon (https://www.trojaner-board.de/27747-spy-falcon.html)

Darkfighter 22.03.2006 15:19
Spy Falcon
 
Hi
Ich hab mir leider irgendwo SpyFalcon 2.0 eingefangen und ich bekomm ihn einfach nicht runter.
Kann mir irgendjemand helfen.
Hier mein Hijackthis logfile:



Logfile of HijackThis v1.99.1
Scan saved at 15:06:53, on 22.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Norton AntiVirus\navapsvc.exe
D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mssearchnet.exe
D:\Programme\Logitech\G-series Software\LGDCore.exe
D:\Programme\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\Rundll32.exe
D:\Programme\MessengerPlus! 3\MsgPlus.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Logitech\Video\FxSvr2.exe
D:\Programme\Logitech\G-series Software\Applets\LCDClock.exe
D:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\Programme\Mindjet\MindManager 6\MMReminderService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\WINDOWS\RACLE~1\chkntfs.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\s?mbols\m?config.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
D:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programme\SpyFalcon\SpyFalcon.exe
C:\Programme\SpyFalcon\SpyFalcon.exe
D:\Programme\Opera\Opera.exe
D:\Programme\iTunes\iTunes.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Temp\wzccd0\HijackThis.exe

O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Programme\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "d:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ICQ Lite] d:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMReminderService] D:\Programme\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Programme\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "d:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [pdfSaver3] "C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Paoa] "C:\WINDOWS\RACLE~1\chkntfs.exe" -vt yax
O4 - HKCU\..\Run: [Burre] C:\WINDOWS\system32\s?mbols\m?config.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - D:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - D:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142068020718
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AFCD64B-4918-4D40-9936-03D757FDB010}: NameServer = 217.237.151.161,217.237.151.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AFCD64B-4918-4D40-9936-03D757FDB010}: NameServer = 217.237.151.161,217.237.151.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

BataAlexander 22.03.2006 16:04
Hallo,

scanne folgenden Dateien online bei Jotti und Virustotal (siehe Signatur)
C:\WINDOWS\RACLE~1\chkntfs.exe
C:\WINDOWS\system32\s?mbols\m?config.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\SYSTEM32\winwil32.dll

poste die positven Ergebnisse hier.

desweiteren tummelt sich bei Dir auch MSsearch und den MessengerPlus solltest Du über die Systemsteuerung / Software deinstallieren.


O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
Zlob
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MessengerPlus3] "d:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SpyFalcon] C:\Programme\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [MessengerPlus3] "d:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Paoa] "C:\WINDOWS\RACLE~1\chkntfs.exe" -vt yax
O4 - HKCU\..\Run: [Burre] C:\WINDOWS\system32\s?mbols\m?config.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll

alles fixen , und das System mit Ewido genauer untersucht werden, den Report dann bitte posten.

Gruß

Schrulli

Darkfighter 22.03.2006 18:24
ok
mach ich

Darkfighter 22.03.2006 18:48
Zitat:
Zitat von Schrulli

scanne folgenden Dateien online bei Jotti und Virustotal

C:\WINDOWS\RACLE~1\chkntfs.exe
Virustotal:

-Keine Viren gefunden

Jottis:

- kein viren gefunden

Zitat:
Zitat von Schrulli
C:\WINDOWS\system32\s?mbols\m?config.exe
Virustotal:

This is a report processed by VirusTotal on 03/22/2006 at 17:57:19 (CET) after scanning the file "m_config.exe" file.

Antivirus Version Update Result
AntiVir 6.34.0.14 03.22.2006 TR/Dldr.Puri.AP.1.A
AVG 386 03.22.2006 Adware Generic.MDR
Avira 6.34.0.53 03.22.2006 TR/Dldr.Puri.AP.1.A
Ewido 3.5 03.22.2006 Adware.PurityScan
Fortinet 2.71.0.0 03.22.2006 Adware/ValueAd
Kaspersky 4.0.2.24 03.22.2006 not-a-virus:AdWare.Win32.PurityScan.ec
McAfee 4723 03.21.2006 potentially unwanted program Adware-ValueAd
NOD32v2 1.1455 03.22.2006 a variant of Win32/Adware.MediaTickets
Norman 5.70.10 03.22.2006 W32/PurityScan.RB
Panda 9.0.0.4 03.21.2006 Suspicious file
TheHacker 5.9.6.117 03.21.2006 Adware/PurityScan.ec
UNA 1.83 03.22.2006 Adware.PurityScan
VBA32 3.10.5 03.22.2006 AdWare.Win32.PurityScan.ec

Jottis:

AntiVir Trojan/Dldr.Puri.AP.1.A gefunden
AVG Antivirus Generic.MDR gefunden
Fortinet Adware/ValueAd gefunden
Kaspersky Anti-Virus not-a-virus:AdWare.Win32.PurityScan.ec gefunden NOD32 a variant of Win32/Adware.MediaTickets application gefunden
Norman Virus Control W32/PurityScan.RB gefunden
VBA32 AdWare.Win32.PurityScan.ec gefunden

Zitat:
Zitat von Schrulli
C:\WINDOWS\system32\msiexec.exe
Virustotal:

-keine viren gefunden

Jottis:

- keine viren gefunden

Zitat:
Zitat von Schrulli
C:\WINDOWS\SYSTEM32\winwil32.dll
Virustotal:

AntiVir 6.34.0.14 03.22.2006 TR/Dldr.Small.cml.7
Avira 6.34.0.53 03.22.2006 TR/Dldr.Small.cml.7
eTrust-Vet 12.4.2129 03.22.2006 Win32/SillyDl.AGG
Ewido 3.5 03.22.2006 Downloader.Small.cml
Fortinet 2.71.0.0 03.22.2006 W32/BDoor.CML!dldr
Kaspersky 4.0.2.24 03.22.2006 Trojan-Downloader.Win32.Small.cml
McAfee 4724 03.22.2006 BackDoor-CVT

AntiVir Trojan/Dldr.Small.cml.7 gefunden
Fortinet W32/BDoor.CML!dldr gefunden
Kaspersky Anti-Virus Trojan-Downloader.Win32.Small.cml gefunden

Sunny 22.03.2006 18:53
ohne Schrulli etwas vorweg zunehmen : KLICK MICH

kannst Dir ja denken was als nächstes geschieht !

Gruß
Daniel

Darkfighter 23.03.2006 20:32
danke für die tipps ich hab ihn runterbekommen

Sunny 24.03.2006 04:48
Morgen,

poste uns doch nochmal ein HijackLOG !

Gruß
Daniel

Darkfighter 29.03.2006 21:15
Mittlerweile is er wieder da und heißt jetzt Spyware Quake

Logfile of HijackThis v1.99.1
Scan saved at 22:13:34, on 29.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Programme\ewido anti-malware\ewidoctrl.exe
D:\Programme\ewido anti-malware\ewidoguard.exe
D:\Programme\Norton AntiVirus\navapsvc.exe
D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Logitech\G-series Software\LGDCore.exe
D:\Programme\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\Programme\Logitech\G-series Software\Applets\LCDClock.exe
D:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iPod\bin\iPodService.exe
D:\Programme\Mindjet\MindManager 6\MMReminderService.exe
D:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
D:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Temp\wze71f\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com/
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Programme\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMReminderService] D:\Programme\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [ICQ Lite] d:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - D:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - D:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142068020718
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AFCD64B-4918-4D40-9936-03D757FDB010}: NameServer = 217.237.151.161,217.237.151.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AFCD64B-4918-4D40-9936-03D757FDB010}: NameServer = 217.237.151.161,217.237.151.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

irrlicht 29.03.2006 21:30
Hallo Darkfighter,
häng dich unten an den Thread "Spyware Quake " ab Post 12 von Sabina.
Ratschläge ausführen ,nicht reinposten !
Irrlicht

Darkfighter 31.03.2006 21:29
Hier ist nochmal mein Logfile und könnt ihr mir sagen ob ihr da noch irgendwas verdächtiges seht?

Logfile of HijackThis v1.99.1
Scan saved at 22:28:27, on 31.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Programme\ewido anti-malware\ewidoctrl.exe
D:\Programme\ewido anti-malware\ewidoguard.exe
D:\Programme\Norton AntiVirus\navapsvc.exe
D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
D:\Programme\Logitech\G-series Software\LGDCore.exe
D:\Programme\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Programme\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\Programme\Mindjet\MindManager 6\MMReminderService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Logitech\Video\FxSvr2.exe
D:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\MSN Messenger\msnmsgr.exe
D:\Programme\Teamspeak2_RC2\TeamSpeak.exe
D:\Programme\Opera\Opera.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Temp\wz4827\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ircspy.com/
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Programme\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MMReminderService] D:\Programme\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [ICQ Lite] d:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - D:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - D:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142068020718
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AFCD64B-4918-4D40-9936-03D757FDB010}: NameServer = 217.237.151.161,217.237.151.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AFCD64B-4918-4D40-9936-03D757FDB010}: NameServer = 217.237.151.161,217.237.151.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131