Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   looksky trojaner, kein task-manager, ie spinnt (https://www.trojaner-board.de/43950-looksky-trojaner-kein-task-manager-ie-spinnt.html)

Itche 26.09.2007 18:58
looksky trojaner, kein task-manager, ie spinnt
 
Hi,

ich habe seit kurzem folgendes Problem:

Ich kriege von McAfee und Windows eine Virus/Trojaner Meldung. Von Windows das Bekannte: looksky, sicherheitsstufe 5. Dazu spinnt mein Internetexplorer und will andauernd Malware entfernen helfen, usw... Natürlich alles schön missachtet und natürlich nichts gemacht und mich direkt mal mit eScan und HijackThis dran begeben.

Hier sind die Post:

HijackThis:
Code:
Logfile of HijackThis v1.99.1
Scan saved at 16:54:47, on 26.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\DOKUME~1\Tobi\LOKALE~1\Temp\mexe.com
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Tobi\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h++p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h++p://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h++p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h++p://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: MSVPS System - {428FA4A4-C8EC-427C-85DE-11C80F67893A} - C:\WINDOWS\mscore.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7AFD0D43-D35A-4C7A-8DEB-E8D47CD0B218} - C:\WINDOWS\system32\twext32.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\programme\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programme\Google\Google Notebook\gnotes1.0.2.19--1455092513.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Programme\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Google Notizbuch - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programme\Google\Google Notebook\gnotes1.0.2.19--1455092513.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Programme\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Programme\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Notiz erstellen (Google Notizbuch) - res://C:\Programme\Google\Google Notebook\gnotes1.0.2.19--1455092513.dll/gn_menu2.html
O8 - Extra context menu item: Notiz mit dieser Seite erstellen (Google Notizbuch) - res://C:\Programme\Google\Google Notebook\gnotes1.0.2.19--1455092513.dll/gn_menu1.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{3040484B-E383-4FB0-BD4E-F45B59573D4F}: NameServer = 132.147.160.99,132.147.160.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{353EB249-E396-4278-A974-B2A2BAE3FC8A}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D63BE87-6613-4415-A39E-60DA65580F8D}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: drvsvp - {D9006025-C38C-436F-9B79-ACB39609A61E} - C:\WINDOWS\drvsvp.dll
O21 - SSODL: msduo2 - {1A77EC8B-AE10-46A7-BE8C-EA442B356727} - C:\WINDOWS\msduo2.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programme\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Programme\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Programme\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Programme\xampp\service.exe
und hier das von eScan mit find.bat:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
find.bat Version 2007.06.16.01

Microsoft Windows XP [Version 5.1.2600]
Bootmodus: NETWORK
   
eScan Version: 9.4.4
Sprache: English
Virus Database Date: 9/26/2007 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken.
 System found infected with flashfxp Spyware/Adware ({e5a1691b-d188-4419-ad02-90002030b8ee})! Action taken: No Action Taken.
 System found infected with image activex access Trojan ({a8954909-1f0f-41a5-a7fa-3b376d69e226})! Action taken: No Action Taken.
 System found infected with image activex access Trojan ({967a494a-6aec-4555-9caf-fa6eb00acf91})! Action taken: No Action Taken.
 System found infected with image activex access Trojan ({9692be2f-eb8f-49d9-a11c-c24c1ef734d5})! Action taken: No Action Taken.
 System found infected with seekseek Spyware/Adware (mscore.dll)! Action taken: No Action Taken.
 System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (moveex.exe)! Action taken: No Action Taken.
 System found infected with winfixer/errorsafe Adware (error cleaner.url)! Action taken: No Action Taken.
 System found infected with privacyprotector Corrupted Adware/Spyware (privacy protector.url)! Action taken: No Action Taken.
 System found infected with privacyprotector Corrupted Adware/Spyware (spyware&malware protection.url)! Action taken: No Action Taken.
 System found infected with winfixer/errorsafe Adware (error cleaner.url)! Action taken: No Action Taken.
 System found infected with privacyprotector Corrupted Adware/Spyware (privacy protector.url)! Action taken: No Action Taken.
 System found infected with privacyprotector Corrupted Adware/Spyware (spyware&malware protection.url)! Action taken: No Action Taken.
 System found infected with progent Trojan (mps.exe)! Action taken: No Action Taken.
 System found infected with progent Trojan (mps.exe)! Action taken: No Action Taken.
 System found infected with holistyc Dialer (C:\WINDOWS\icons)! Action taken: No Action Taken.
 Object "tencent qq Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "alureon Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
 Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
 File C:\90f7acc3fcbbddb84a\spuninst.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
 File C:\90f7acc3fcbbddb84a\spupdsvc.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
 File C:\90f7acc3fcbbddb84a\wudfhost.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
 File D:\Dateien\Fun Stuff\alkomat.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
 File C:\WINDOWS\system32\twext32.dll//UPX tagged as "not-a-virus:AdWare.Win32.Stud.d". Action Taken: No Action Taken.
 File C:\WINDOWS\system32\closeapp.exe tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: No Action Taken.
 File C:\WINDOWS\system32\twext32.dll//UPX tagged as "not-a-virus:AdWare.Win32.Stud.d". Action Taken: No Action Taken.
 File C:\WINDOWS\system32\closeapp.exe tagged as "not-a-virus:RiskTool.Win32.CloseApp.a". Action Taken: No Action Taken.
 File C:\WINDOWS\system32\twext32.dll//UPX tagged as "not-a-virus:AdWare.Win32.Stud.d". Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
 Offending file found: C:\WINDOWS\mscore.dll
 Offending file found: C:\WINDOWS\system32\moveex.exe
 Offending file found: C:\Dokumente und Einstellungen\Tobi\Desktop\error cleaner.url
 Offending file found: C:\Dokumente und Einstellungen\Tobi\Desktop\privacy protector.url
 Offending file found: C:\Dokumente und Einstellungen\Tobi\Desktop\spyware&malware protection.url
 Offending file found: C:\Dokumente und Einstellungen\Tobi\Favoriten\error cleaner.url
 Offending file found: C:\Dokumente und Einstellungen\Tobi\Favoriten\privacy protector.url
 Offending file found: C:\Dokumente und Einstellungen\Tobi\Favoriten\spyware&malware protection.url
 Offending file found: C:\WINDOWS\icons
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\common\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\detectmpsdll\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\emailscan\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\mcmscins\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\mcpscheduler\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\misp\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\mpsmisp\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\mpsppm\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\personal firewall\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\quickclean\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\shredder\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\spamkiller\mcinst
 Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mcafee\mclogs\virusscan\mcinst
~~~~~~~~~~~
Registry
~~~~~~~~~~~
 Offending Key found: HKLM\Software\tencent !!!
 Offending Key found: HKLM\Software\microsoft\videoplugin !!!
 Offending Key found: HKCR\magnet !!!
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
 C:\Programme\Microsoft Office\Office12\1031\OneNoteMobile.CAB not Scanned. Possibly password protected...
 C:\Programme\Microsoft Visual Studio 8\SDK\v2.0\CompactFramework\netcfsetupv2.msi not Scanned. Possibly password protected...
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
C:\WINDOWS\System32\drivers\etc\hosts :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 Total Critical Objects: 43
 Total Disinfected Objects: 0
 Total Objects Renamed: 0
 Total Deleted Objects: 0
 Total Errors: 151
 Time Elapsed: 03:25:07
 Total Objects Scanned: 245916
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
 Memory Check: Enabled
 Registry Check: Enabled
 System Folder Check: Enabled
 System Area Check: Disabled
 Services Check: Enabled
 Drive Check: Disabled
 All Drive Check :Enabled
 All Drive Check :Enabled
 
Batchstart: 19:54:25,81
Batchende: 19:56:19,75
Was muss ich nun tun?

Ich hoffe, ihr könnt mir helfen, brauch das Ding und schreib Klausur :headbang:

Vielen Dank schonmal,

Greetz Itche

BataAlexander 26.09.2007 19:18
Zwei Fragen für meine brennende Neugier

1. Wofür hast Du ein VM Installiert
2. Du hast Nero BackItUp

Mit 1. kann man prima spielen
Mit 2. kann man ein zerspieltes System prima wiederherstellen

:daumenhoc

Itche 26.09.2007 21:07
hi,

vm ware benutze ich um unter anderen auch ein linux zu betreiben und zum anderen halt als entwicklungsumgebungen zum programmieren.

und zum 2. das backup existiert zwar, ist mir aber ne nummer zu alt :-(

ansonsten wende ich mich gerade virustotal zu. Werde ergebnisse hier noch bekannt geben.

//edit:

so hier kommt dann mal virus total:

Code:
Datei twext32.dll empfangen 2007.09.26 22:30:00 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 21/32 (65.63%)
       
Antivirus        Version        letzte aktualisierung        Ergebnis
AhnLab-V3        2007.9.22.0        2007.09.24        Win-AppCare/Stud.9728
AntiVir        7.6.0.15        2007.09.26        ADSPY/Stud.D
Authentium        4.93.8        2007.09.26        -
Avast        4.7.1043.0        2007.09.26        Win32:Trojano-3384
AVG        7.5.0.488        2007.09.26        Adware Generic.WNV
BitDefender        7.2        2007.09.26        Adware.Stud.I
CAT-QuickHeal        9.00        2007.09.26        AdWare.Stud.d (Not a Virus)
ClamAV        0.91.2        2007.09.26        Adware.BHO-15
DrWeb        4.33        2007.09.26        -
eSafe        7.0.15.0        2007.09.23        -
eTrust-Vet        31.2.5167        2007.09.26        -
Ewido        4.0        2007.09.25        Adware.Stud
FileAdvisor        1        2007.09.26        -
Fortinet        3.11.0.0        2007.09.26        -
F-Prot        4.3.2.48        2007.09.26        W32/Adware.IJT
F-Secure        6.70.13030.0        2007.09.26        -
Ikarus        T3.1.1.12        2007.09.26        not-a-virus:AdWare.Win32.Stud.d
Kaspersky        4.0.2.24        2007.09.26        not-a-virus:AdWare.Win32.Stud.d
McAfee        5128        2007.09.26        -
Microsoft        1.2803        2007.09.26        Trojan:Win32/Webprefix
NOD32v2        2552        2007.09.26        Win32/Adware.BHO.AA
Norman        5.80.02        2007.09.26        W32/Stud.Y
Panda        9.0.0.4        2007.09.26        -
Prevx1        V2        2007.09.26        -
Rising        19.42.22.00        2007.09.26        Adware.Win32.Stud.d
Sophos        4.21.0        2007.09.26        MapKon
Sunbelt        2.2.907.0        2007.09.26        -
Symantec        10        2007.09.26        Adware.Webprefix
TheHacker        6.2.6.071        2007.09.26        Adware/Stud.d
VBA32        3.12.2.4        2007.09.26        AdWare.Win32.Stud.d
VirusBuster        4.3.26:9        2007.09.26        Adware.BHO.EC
Webwasher-Gateway        6.0.1        2007.09.26        Ad-Spyware.Stud.D
weitere Informationen
File size: 22828 bytes
MD5: 2fe1caaba48421aaee2295d4e46a9607
SHA1: 9497a5f7d089ee5f908454fde5d176db34069bfc
packers: UPX
packers: UPX
packers: UPX
packers: UPX
Code:
Datei drvsvp.dll empfangen 2007.09.26 22:30:17 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 4/32 (12.5%)

Antivirus          Version          letzte aktualisierung          Ergebnis
AhnLab-V3        2007.9.22.0        2007.09.24        -
AntiVir        7.6.0.15        2007.09.26        -
Authentium        4.93.8        2007.09.26        -
Avast        4.7.1043.0        2007.09.26        -
AVG        7.5.0.488        2007.09.26        Downloader.Zlob.PGQ
BitDefender        7.2        2007.09.26        -
CAT-QuickHeal        9.00        2007.09.26        -
ClamAV        0.91.2        2007.09.26        -
DrWeb        4.33        2007.09.26        -
eSafe        7.0.15.0        2007.09.23        -
eTrust-Vet        31.2.5167        2007.09.26        -
Ewido        4.0        2007.09.25        -
FileAdvisor        1        2007.09.26        -
Fortinet        3.11.0.0        2007.09.26        -
F-Prot        4.3.2.48        2007.09.26        -
F-Secure        6.70.13030.0        2007.09.26        -
Ikarus        T3.1.1.12        2007.09.26        -
Kaspersky        4.0.2.24        2007.09.26        -
McAfee        5128        2007.09.26        -
Microsoft        1.2803        2007.09.26        Program:Win32/UltimateDefender
NOD32v2        2552        2007.09.26        Win32/Adware.Agent.NFV
Norman        5.80.02        2007.09.26        -
Panda        9.0.0.4        2007.09.26        Suspicious file
Prevx1        V2        2007.09.26        -
Rising        19.42.22.00        2007.09.26        -
Sophos        4.21.0        2007.09.26        -
Sunbelt        2.2.907.0        2007.09.26        -
Symantec        10        2007.09.26        -
TheHacker        6.2.6.071        2007.09.26        -
VBA32        3.12.2.4        2007.09.26        -
VirusBuster        4.3.26:9        2007.09.26        -
Webwasher-Gateway        6.0.1        2007.09.26        -
weitere Informationen
File size: 212992 bytes
MD5: 79339efd15d5b74b7eea9f883b937f70
SHA1: 5434983f445f353ac0e44d8754d677212a0f254d
Code:

Datei msduo2.dll empfangen 2007.09.26 22:30:27 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 4/32 (12.5%)

Antivirus          Version          letzte aktualisierung          Ergebnis
AhnLab-V3        2007.9.22.0        2007.09.24        -
AntiVir        7.6.0.15        2007.09.26        -
Authentium        4.93.8        2007.09.26        -
Avast        4.7.1043.0        2007.09.26        Win32:Agent-LTS
AVG        7.5.0.488        2007.09.26        Downloader.Zlob.PEB
BitDefender        7.2        2007.09.26        -
CAT-QuickHeal        9.00        2007.09.26        -
ClamAV        0.91.2        2007.09.26        -
DrWeb        4.33        2007.09.26        -
eSafe        7.0.15.0        2007.09.23        -
eTrust-Vet        31.2.5167        2007.09.26        -
Ewido        4.0        2007.09.25        -
FileAdvisor        1        2007.09.26        -
Fortinet        3.11.0.0        2007.09.26        -
F-Prot        4.3.2.48        2007.09.26        -
F-Secure        6.70.13030.0        2007.09.26        -
Ikarus        T3.1.1.12        2007.09.26        -
Kaspersky        4.0.2.24        2007.09.26        -
McAfee        5128        2007.09.26        -
Microsoft        1.2803        2007.09.26        Program:Win32/UltimateDefender
NOD32v2        2552        2007.09.26        Win32/Adware.Agent.NFV
Norman        5.80.02        2007.09.26        -
Panda        9.0.0.4        2007.09.26        -
Prevx1        V2        2007.09.26        -
Rising        19.42.22.00        2007.09.26        -
Sophos        4.21.0        2007.09.26        -
Sunbelt        2.2.907.0        2007.09.26        -
Symantec        10        2007.09.26        -
TheHacker        6.2.6.071        2007.09.26        -
VBA32        3.12.2.4        2007.09.26        -
VirusBuster        4.3.26:9        2007.09.26        -
Webwasher-Gateway        6.0.1        2007.09.26        -
weitere Informationen
File size: 229376 bytes
MD5: 47044017ad6bcd2b79b27f94c22ef551
SHA1: 8f769fdfbf276433d07cd1d0ae62bcc306fdb26d
Code:

Datei mscore.dll empfangen 2007.09.26 22:29:33 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 3/32 (9.38%)

Antivirus          Version          letzte aktualisierung          Ergebnis
AhnLab-V3        2007.9.22.0        2007.09.24        -
AntiVir        7.6.0.15        2007.09.26        -
Authentium        4.93.8        2007.09.26        -
Avast        4.7.1043.0        2007.09.26        -
AVG        7.5.0.488        2007.09.26        Downloader.Zlob.PGR
BitDefender        7.2        2007.09.26        -
CAT-QuickHeal        9.00        2007.09.26        -
ClamAV        0.91.2        2007.09.26        -
DrWeb        4.33        2007.09.26        -
eSafe        7.0.15.0        2007.09.23        -
eTrust-Vet        31.2.5167        2007.09.26        -
Ewido        4.0        2007.09.25        -
FileAdvisor        1        2007.09.26        -
Fortinet        3.11.0.0        2007.09.26        -
F-Prot        4.3.2.48        2007.09.26        -
F-Secure        6.70.13030.0        2007.09.26        -
Ikarus        T3.1.1.12        2007.09.26        -
Kaspersky        4.0.2.24        2007.09.26        -
McAfee        5128        2007.09.26        -
Microsoft        1.2803        2007.09.26        -
NOD32v2        2552        2007.09.26        Win32/Adware.Agent.NFV
Norman        5.80.02        2007.09.26        -
Panda        9.0.0.4        2007.09.26        -
Prevx1        V2        2007.09.26        -
Rising        19.42.22.00        2007.09.26        -
Sophos        4.21.0        2007.09.26        Mal/BHO-D
Sunbelt        2.2.907.0        2007.09.26        -
Symantec        10        2007.09.26        -
TheHacker        6.2.6.071        2007.09.26        -
VBA32        3.12.2.4        2007.09.26        -
VirusBuster        4.3.26:9        2007.09.26        -
Webwasher-Gateway        6.0.1        2007.09.26        -
weitere Informationen
File size: 217088 bytes
MD5: f5f98491b771637540afc8f0446d0ee6
SHA1: 6006e9aed684609525caa98dd82e48572a378838
Was soll ich nun machen?

Gruss

myrtille 26.09.2007 23:55
Hi,
SMF wurde aktualisiert, also einfach folgende Anleitung abarbeiten:
Anleitung SmitfraudFix:

Lade dir dieses Tool -> SmitfraudFix
-Boote im abgesicherten Modus
-Starte es dann und lass das System Reinigen. (Option 2)


http://www.castlecops.com/zx/sjpritch25/Fix01b.jpg

-Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans

Lösche nach dem Durchführen von Smitfraudfix die noch vorhandenen Dateien. Insbesondere C:\WINDOWS\system32\twext32.dll und fixe die entsprechenden Beiträge bei Hijackthis:
Zitat:
O2 - BHO: MSVPS System - {428FA4A4-C8EC-427C-85DE-11C80F67893A} - C:\WINDOWS\mscore.dll
O2 - BHO: (no name) - {7AFD0D43-D35A-4C7A-8DEB-E8D47CD0B218} - C:\WINDOWS\system32\twext32.dll
O21 - SSODL: drvsvp - {D9006025-C38C-436F-9B79-ACB39609A61E} - C:\WINDOWS\drvsvp.dll
O21 - SSODL: msduo2 - {1A77EC8B-AE10-46A7-BE8C-EA442B356727} - C:\WINDOWS\msduo2.dll
Wechsele danach in den normalen Modus und erstelle ein neues Hijackthislog und poste es hier.
Poste die Logs bitte nicht in [code]-tags, so sind sie nur schwer lesbar.

lg myrtille

Itche 27.09.2007 07:34
Hi,

hier ist das Ergebnis von SmitfraudFix.

Zitat:
SmitFraudFix v2.231

Scan done at 8:25:21,74, 27.09.2007
Run from C:\Dokumente und Einstellungen\xxx\Desktop\Neuer Ordner\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\msmdev.dll Deleted
msmdev not found.
C:\WINDOWS\msmhost.dll Deleted
msmhost not found.

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC - Paketplaner-Miniport
DNS Server Search Order: 132.147.160.99
DNS Server Search Order: 132.147.160.30

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Paketplaner-Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3040484B-E383-4FB0-BD4E-F45B59573D4F}: NameServer=132.147.160.99,132.147.160.30
HKLM\SYSTEM\CCS\Services\Tcpip\..\{353EB249-E396-4278-A974-B2A2BAE3FC8A}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D63BE87-6613-4415-A39E-60DA65580F8D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3040484B-E383-4FB0-BD4E-F45B59573D4F}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{353EB249-E396-4278-A974-B2A2BAE3FC8A}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D63BE87-6613-4415-A39E-60DA65580F8D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3040484B-E383-4FB0-BD4E-F45B59573D4F}: NameServer=132.147.160.99,132.147.160.30
HKLM\SYSTEM\CS2\Services\Tcpip\..\{353EB249-E396-4278-A974-B2A2BAE3FC8A}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8D63BE87-6613-4415-A39E-60DA65580F8D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3040484B-E383-4FB0-BD4E-F45B59573D4F}: NameServer=132.147.160.99,132.147.160.30
HKLM\SYSTEM\CS3\Services\Tcpip\..\{353EB249-E396-4278-A974-B2A2BAE3FC8A}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8D63BE87-6613-4415-A39E-60DA65580F8D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Das ist allerdings schon der 2. durchlauf gewesen. Beim ersten mal hab ichs nicht gerafft. Werd nu nochmal in den normalen MOdus wechseln und HijackThis wobbeln lassen. Kommt gleich.

Gruss!

Itche 27.09.2007 08:04
So,

hier gibts dann auch noch mal die neue HijackThis log.

Also da ich mich gerade im normalen modus befinde, wieder einen taskmanager habe, keinen ("zwangsweise") offenen ie und keine Schädlingsmeldungen mehr bekomme, scheint es soweit schonmal ganz gut aus zu sehen.

Meldet mein Hijack noch etwas?

Zitat:
Logfile of HijackThis v1.99.1
Scan saved at 08:58:46, on 27.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\McAfee\MBK\MBackMonitor.exe
C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Programme\McAfee\MSK\MskSrver.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\VMware\VMware Workstation\vmware-tray.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\McAfee\MSK\MskAgent.exe
C:\Programme\McAfee\MBK\McAfeeDataBackup.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\U3\U3Launcher\LaunchU3.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\xxx\Desktop\Neuer Ordner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

h++p://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local;<local>
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame

Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -

C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7AFD0D43-D35A-4C7A-8DEB-E8D47CD0B218} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

c:\programme\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\programme\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Internet Explorer

Developer Toolbar\IEDevToolbar.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programme\Google\Google

Notebook\gnotes1.0.2.19--1455092513.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} -

C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Programme\Internet

Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Google Notizbuch - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} -

C:\Programme\Google\Google Notebook\gnotes1.0.2.19--1455092513.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Programme\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite

6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame

Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Programme\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -

h++p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren -

res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Notiz erstellen (Google Notizbuch) - res://C:\Programme\Google\Google

Notebook\gnotes1.0.2.19--1455092513.dll/gn_menu2.html
O8 - Extra context menu item: Notiz mit dieser Seite erstellen (Google Notizbuch) -

res://C:\Programme\Google\Google Notebook\gnotes1.0.2.19--1455092513.dll/gn_menu1.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren -

res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren -

res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -

C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: h++p://www.amsbeck.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{3040484B-E383-4FB0-BD4E-F45B59573D4F}: NameServer =

132.147.160.99,132.147.160.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{353EB249-E396-4278-A974-B2A2BAE3FC8A}: NameServer =

192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D63BE87-6613-4415-A39E-60DA65580F8D}: NameServer =

192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -

C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame

Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -

C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programme\Gemeinsame

Dateien\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco

Systems\VPN Client\cvpnd.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -

C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame

Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company -

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company -

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame

Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame

Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame

Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programme\Maxtor\Maxtor

Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Programme\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame

Dateien\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame

dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -

c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -

C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. -

C:\Programme\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero

BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame

Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -

C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -

%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Programme\VMware\VMware

Workstation\vmware-ufad.exe" -d "C:\Programme\VMware\VMware Workstation\\" -s ufad-p2v.xml (file

missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. -

C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. -

C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Programme\xampp\service.exe
Danke und tschöö....

myrtille 27.09.2007 09:36
Hi,
folgende Zeile kannst du noch entfenren:
Zitat:
O2 - BHO: (no name) - {7AFD0D43-D35A-4C7A-8DEB-E8D47CD0B218} - (no file)
Ansonsten ist alles sauber. :)

Hast du folgende Zeile selbst entfernt, oder wurde sie von SMF entfernt:
Zitat:
O21 - SSODL: msduo2 - {1A77EC8B-AE10-46A7-BE8C-EA442B356727} - C:\WINDOWS\msduo2.dll
lg myrtille

Itche 27.09.2007 09:59
Hi.

Das hört sich ja vielversprechend an. Hab bis jetzte auch noch kein Problem wieder gehabt.

Ich glaube die Zeile habe ich hinterher per Hand gelöscht. Bin mir aber nich 100 pro sicher.

Aber allen beteiligten erst einmal recht herzlichen Dank!

:Boogie::Boogie::Boogie:

Bis dann...


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131