Bitte um Logfile analyse

Dreamer333 · 30.03.2007, 19:32

So die Popups kommen schonmal nicht mehr wieder. Hier der neue Logfile :

ogfile of HijackThis v1.99.1
Scan saved at 20:29:28, on 30.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Bases_X\mwavscan.com
C:\Bases_X\ScanningProcess.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Kopie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169419684937
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A07EBD7-3846-411C-BDF5-DC81E895C9FC}: NameServer = 62.220.18.8 62.72.64.241
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\BMWgroup\ETKLokal\transbase\tbmux32.exe

Hier der von e-scan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Windows XP [Version 5.1.2600]
>
Fri Mar 30 16:56:03 2007 => Virus Database Date: 3/30/2007
Fri Mar 30 19:53:50 2007 => Virus Database Date: 3/30/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fri Mar 30 16:57:59 2007 => System found infected with flashget Unclassified ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: Entries Removed.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Fri Mar 30 17:10:20 2007 => File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\bis2.exe infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: File Deleted.
Fri Mar 30 17:55:14 2007 => File C:\RECYCLER\S-1-5-21-1123561945-113007714-725345543-500\Dc2\stopcool.exe infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: File Deleted.
Fri Mar 30 17:55:14 2007 => File C:\RECYCLER\S-1-5-21-1123561945-113007714-725345543-500\Dc3\dqctsfdn.exe infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: File Deleted.
Fri Mar 30 17:55:14 2007 => File C:\RECYCLER\S-1-5-21-1123561945-113007714-725345543-500\Dc3\FileDeafSign.exe infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: File Deleted.
Fri Mar 30 17:55:14 2007 => File C:\RECYCLER\S-1-5-21-1123561945-113007714-725345543-500\Dc3\GplMessRdr.exe infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: File Deleted.
Fri Mar 30 18:47:53 2007 => File E:\System Volume Information\_restore{E06E9A4F-5C20-4C62-A72B-5B1C9869F837}\RP36\A0005372.exe//UPX infected by "Trojan-Dropper.Win32.Small.bf" Virus! Action Taken: File Deleted.
Fri Mar 30 19:06:55 2007 => File E:\System Volume Information\_restore{E06E9A4F-5C20-4C62-A72B-5B1C9869F837}\RP68\A0012574.exe//UPX infected by "Trojan-Dropper.Win32.Small.bf" Virus! Action Taken: File Deleted.
Fri Mar 30 19:50:50 2007 => File F:\System Volume Information\_restore{84018962-7C24-4330-BC0D-A5381C496584}\RP52\A0004231.exe infected by "Trojan-Dropper.Win32.VB.lk" Virus! Action Taken: File Deleted.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Fri Mar 30 18:03:28 2007 => File D:\System Volume Information\_restore{83A7D480-92A0-4B5F-8685-0CB8406E8B57}\RP31\A0001344.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 18:03:28 2007 => File D:\System Volume Information\_restore{83A7D480-92A0-4B5F-8685-0CB8406E8B57}\RP31\A0001376.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 18:03:29 2007 => File D:\System Volume Information\_restore{83A7D480-92A0-4B5F-8685-0CB8406E8B57}\RP31\A0001392.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 18:39:45 2007 => File E:\System Volume Information\_restore{ABA982AE-C608-44D5-9F6C-7FEF08D540DF}\RP20\A0000983.exe tagged as "not-a-virus:AdWare.Win32.Trymedia.b". Action Taken: File Deleted.
Fri Mar 30 19:08:15 2007 => File F:\RECYCLER\S-1-5-21-1957994488-484763869-1343024091-500\Df2.3\mircG33.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 19:08:30 2007 => File F:\RECYCLER\S-1-5-21-1957994488-484763869-1343024091-500\Df3.4\mircG34.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 19:08:36 2007 => File F:\RECYCLER\S-1-5-21-1957994488-484763869-1343024091-500\Df4\mircG34.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 19:08:42 2007 => File F:\RECYCLER\S-1-5-21-1957994488-484763869-1343024091-500\Df5\mircG33.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 19:45:29 2007 => File F:\System Volume Information\_restore{186E066C-A6DE-495F-8525-3F478310E510}\RP22\A0002779.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 19:45:32 2007 => File F:\System Volume Information\_restore{186E066C-A6DE-495F-8525-3F478310E510}\RP22\A0002813.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 19:45:35 2007 => File F:\System Volume Information\_restore{186E066C-A6DE-495F-8525-3F478310E510}\RP22\A0002846.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 19:45:36 2007 => File F:\System Volume Information\_restore{186E066C-A6DE-495F-8525-3F478310E510}\RP22\A0002876.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken.
Fri Mar 30 19:51:20 2007 => File F:\System Volume Information\_restore{A30D3EE8-F1C6-40A2-B6FD-DD891E3340E4}\RP127\A0011933.exe//data0088 tagged as "not-a-virus:AdWare.Win32.Gator.c". Action Taken: File Deleted.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:

Bedanke mich schonmal für die Hilfe ....

Bitte um Logfile analyse

Log-Analyse und Auswertung: Bitte um Logfile analyse

Bitte um Logfile analyse

Ähnliche Themen: Bitte um Logfile analyse