|
Log-Analyse und Auswertung: Seltsamer Schädling, brauche HilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
23.02.2008, 22:54 | #1 |
| Seltsamer Schädling, brauche Hilfe hallo ihr lieben Leute. Ich hab mir nun (leider) einen Virus eingefangen... Habe einen Codec runtergeladen und installiert. während der ganzen Installation hat avast net gemeckert... Nun kommt beim öffnen von Ordnern folgende Fehlermeldung: . Spybot hat was gefunden, habs auch gelöscht, hat garnix gebracht... Ich hab den Installer mal testen lasen, hier das Ergebnis: Klick mich. Kann mir jemand helfen wie ich das Schei.ding wieder lsowerden kann? Hier is der Log von Hijackthis: Code:
ATTFilter Logfile of HijackThis v1.99.1 Scan saved at 22:04:49, on 23.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Razer_Pro_Solutions\razerhid.exe C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\RocketDock\RocketDock.exe C:\Dokumente und Einstellungen\User\Desktop\YODM3D\Yodm3D.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\Programme\Razer_Pro_Solutions\razerofa.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Programme\WinRAR\WinRAR.exe C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 80.239.151.231 db1.rapidshare.com O1 - Hosts: 80.239.151.232 db2.rapidshare.com O1 - Hosts: 80.239.151.233 db3.rapidshare.com O1 - Hosts: 80.239.151.234 db4.rapidshare.com O1 - Hosts: 80.239.151.235 db5.rapidshare.com O1 - Hosts: 80.239.151.253 games.rapidshare.com O1 - Hosts: 80.239.151.251 images.rapidshare.com O1 - Hosts: 80.239.151.240 images2.rapidshare.com O1 - Hosts: 82.129.39.245 kvm1.rapidshare.com O1 - Hosts: 82.129.39.246 kvm2.rapidshare.com O1 - Hosts: 82.129.39.247 kvm3.rapidshare.com O1 - Hosts: 82.129.39.248 kvm4.rapidshare.com O1 - Hosts: 82.129.39.249 kvm5.rapidshare.com O1 - Hosts: 80.239.151.250 mail.rapidshare.com O1 - Hosts: 80.239.151.250 ns1.rapidshare.com O1 - Hosts: 80.239.151.234 ns2.rapidshare.com O1 - Hosts: 80.239.151.250 pay.rapidshare.com O1 - Hosts: 80.239.151.240 rem1.rapidshare.com O1 - Hosts: 82.129.39.2 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.3 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.4 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.5 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.6 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.7 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.8 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.9 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.10 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.11 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.12 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.13 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.14 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.15 rs0cg.rapidshare.com O1 - Hosts: 82.129.35.2 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.3 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.4 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.5 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.6 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.7 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.8 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.9 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.10 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.11 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.12 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.13 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.14 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.15 rs0cg2.rapidshare.com O1 - Hosts: 80.152.62.2 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.3 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.4 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.5 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.6 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.7 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.8 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.9 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.10 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.11 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.12 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.13 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.14 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.15 rs0dt.rapidshare.com O1 - Hosts: 64.215.245.2 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.3 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.4 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.5 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.6 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.7 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.8 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.9 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.10 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.11 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.12 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.13 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.14 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.15 rs0gc.rapidshare.com O1 - Hosts: 207.138.168.2 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.3 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.4 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.5 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.6 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.7 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.8 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.9 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.10 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.11 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.12 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.13 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.14 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.15 rs0gc2.rapidshare.com O1 - Hosts: 80.239.151.2 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.3 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.4 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.5 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.6 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.7 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.8 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.9 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.10 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.11 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.12 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.13 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.14 rs0l3.rapidshare.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: MS Video Control 1.0 - {CBC3486E-92D1-419D-BEBF-D3D972B87902} - C:\WINDOWS\msvidc32.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [razer] C:\Programme\Razer_Pro_Solutions\razerhid.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Yodm3D] C:\Dokumente und Einstellungen\User\Desktop\YODM3D\Yodm3D.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe |
24.02.2008, 01:27 | #2 |
> MalwareDB | Seltsamer Schädling, brauche Hilfe Anleitung SmitfraudFix:
__________________Lade dir dieses Tool -> SmitfraudFix -Boote im abgesicherten Modus -Starte es dann und lass das System Reinigen. (Option 2) |
24.02.2008, 11:42 | #3 |
| Seltsamer Schädling, brauche Hilfe damdamdam . Du hast was gut bei mir . Es hat offenbar gefunzt, die Meldng kam auch nach langem Klicken nciht mehr. Hier zur Sicherheit aber nochmal das Log von SmitfraudFix und von Highjackthis:
__________________SmitfraudFix: Code:
ATTFilter SmitFraudFix v2.294 Scan done at 11:30:05,43, 24.02.2008 Run from C:\Dokumente und Einstellungen\User\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost [hier stand einiges an RS-IPs, die hab ich mal rausgenommen, da der Post sonst zu lang werden würde] »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri C:\WINDOWS\msvidc32.dll deleted. »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB79529E-F5D9-4880-A3F5-374DDF903B3F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FB79529E-F5D9-4880-A3F5-374DDF903B3F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{FB79529E-F5D9-4880-A3F5-374DDF903B3F}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Der Highjackthis-Log: Code:
ATTFilter Logfile of HijackThis v1.99.1 Scan saved at 11:40:11, on 24.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Razer_Pro_Solutions\razerhid.exe C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Unlocker\UnlockerAssistant.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\RocketDock\RocketDock.exe C:\Dokumente und Einstellungen\User\Desktop\YODM3D\Yodm3D.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\Programme\Razer_Pro_Solutions\razerofa.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\HJT\HijackThis.exe O1 - Hosts: 80.239.151.231 db1.rapidshare.com O1 - Hosts: 80.239.151.232 db2.rapidshare.com O1 - Hosts: 80.239.151.233 db3.rapidshare.com O1 - Hosts: 80.239.151.234 db4.rapidshare.com O1 - Hosts: 80.239.151.235 db5.rapidshare.com O1 - Hosts: 80.239.151.253 games.rapidshare.com O1 - Hosts: 80.239.151.251 images.rapidshare.com O1 - Hosts: 80.239.151.240 images2.rapidshare.com O1 - Hosts: 82.129.39.245 kvm1.rapidshare.com O1 - Hosts: 82.129.39.246 kvm2.rapidshare.com O1 - Hosts: 82.129.39.247 kvm3.rapidshare.com O1 - Hosts: 82.129.39.248 kvm4.rapidshare.com O1 - Hosts: 82.129.39.249 kvm5.rapidshare.com O1 - Hosts: 80.239.151.250 mail.rapidshare.com O1 - Hosts: 80.239.151.250 ns1.rapidshare.com O1 - Hosts: 80.239.151.234 ns2.rapidshare.com O1 - Hosts: 80.239.151.250 pay.rapidshare.com O1 - Hosts: 80.239.151.240 rem1.rapidshare.com O1 - Hosts: 82.129.39.2 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.3 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.4 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.5 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.6 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.7 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.8 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.9 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.10 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.11 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.12 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.13 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.14 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.15 rs0cg.rapidshare.com O1 - Hosts: 82.129.35.2 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.3 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.4 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.5 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.6 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.7 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.8 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.9 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.10 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.11 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.12 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.13 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.14 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.15 rs0cg2.rapidshare.com O1 - Hosts: 80.152.62.2 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.3 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.4 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.5 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.6 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.7 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.8 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.9 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.10 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.11 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.12 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.13 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.14 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.15 rs0dt.rapidshare.com O1 - Hosts: 64.215.245.2 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.3 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.4 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.5 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.6 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.7 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.8 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.9 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.10 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.11 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.12 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.13 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.14 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.15 rs0gc.rapidshare.com O1 - Hosts: 207.138.168.2 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.3 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.4 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.5 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.6 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.7 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.8 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.9 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.10 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.11 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.12 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.13 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.14 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.15 rs0gc2.rapidshare.com O1 - Hosts: 80.239.151.2 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.3 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.4 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.5 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.6 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.7 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.8 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.9 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.10 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.11 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.12 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.13 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.14 rs0l3.rapidshare.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [razer] C:\Programme\Razer_Pro_Solutions\razerhid.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Yodm3D] C:\Dokumente und Einstellungen\User\Desktop\YODM3D\Yodm3D.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe |
24.02.2008, 18:49 | #4 |
> MalwareDB | Seltsamer Schädling, brauche Hilfe Gehe wiefolgt vor Deaktiviere den Tea Timer wie abgesicherten Modus."]hier[/URL] beschrieben. Bitte öffne Deine HijackThis nochmal und scanne. Check die klickboxen neben den Einträgen die untenstehend gelistet sind. O1 - Hosts: 80.239.151.231 db1.rapidshare.com O1 - Hosts: 80.239.151.232 db2.rapidshare.com O1 - Hosts: 80.239.151.233 db3.rapidshare.com O1 - Hosts: 80.239.151.234 db4.rapidshare.com O1 - Hosts: 80.239.151.235 db5.rapidshare.com O1 - Hosts: 80.239.151.253 games.rapidshare.com O1 - Hosts: 80.239.151.251 images.rapidshare.com O1 - Hosts: 80.239.151.240 images2.rapidshare.com O1 - Hosts: 82.129.39.245 kvm1.rapidshare.com O1 - Hosts: 82.129.39.246 kvm2.rapidshare.com O1 - Hosts: 82.129.39.247 kvm3.rapidshare.com O1 - Hosts: 82.129.39.248 kvm4.rapidshare.com O1 - Hosts: 82.129.39.249 kvm5.rapidshare.com O1 - Hosts: 80.239.151.250 mail.rapidshare.com O1 - Hosts: 80.239.151.250 ns1.rapidshare.com O1 - Hosts: 80.239.151.234 ns2.rapidshare.com O1 - Hosts: 80.239.151.250 pay.rapidshare.com O1 - Hosts: 80.239.151.240 rem1.rapidshare.com O1 - Hosts: 82.129.39.2 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.3 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.4 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.5 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.6 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.7 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.8 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.9 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.10 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.11 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.12 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.13 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.14 rs0cg.rapidshare.com O1 - Hosts: 82.129.39.15 rs0cg.rapidshare.com O1 - Hosts: 82.129.35.2 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.3 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.4 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.5 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.6 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.7 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.8 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.9 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.10 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.11 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.12 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.13 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.14 rs0cg2.rapidshare.com O1 - Hosts: 82.129.35.15 rs0cg2.rapidshare.com O1 - Hosts: 80.152.62.2 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.3 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.4 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.5 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.6 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.7 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.8 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.9 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.10 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.11 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.12 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.13 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.14 rs0dt.rapidshare.com O1 - Hosts: 80.152.62.15 rs0dt.rapidshare.com O1 - Hosts: 64.215.245.2 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.3 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.4 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.5 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.6 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.7 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.8 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.9 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.10 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.11 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.12 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.13 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.14 rs0gc.rapidshare.com O1 - Hosts: 64.215.245.15 rs0gc.rapidshare.com O1 - Hosts: 207.138.168.2 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.3 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.4 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.5 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.6 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.7 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.8 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.9 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.10 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.11 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.12 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.13 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.14 rs0gc2.rapidshare.com O1 - Hosts: 207.138.168.15 rs0gc2.rapidshare.com O1 - Hosts: 80.239.151.2 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.3 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.4 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.5 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.6 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.7 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.8 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.9 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.10 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.11 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.12 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.13 rs0l3.rapidshare.com O1 - Hosts: 80.239.151.14 rs0l3.rapidshare.com dann Klicke Fix Checked. Schließe HiJackThis. Dann berichte |
24.02.2008, 19:03 | #5 |
| Seltsamer Schädling, brauche Hilfe ... Die könt ich auch direkt aus der host-Datei löschen. ich hab sie dort eingetragen da der RS-Server zeitweise DNS-Probleme hatte. Das sollte doch keine Gefahr sein, oder? |
24.02.2008, 19:14 | #6 |
> MalwareDB | Seltsamer Schädling, brauche Hilfe Wenn dem so ist, ist das Log ok. |
Themen zu Seltsamer Schädling, brauche Hilfe |
antivirus, avast, avast!, bho, brauche hilfe, desktop, einstellungen, explorer, fehlermeldung, firefox, helfen, hijack, hijackthis, installation, internet, internet explorer, launch, locker, logfile, mozilla, mozilla firefox, nvidia, object, poweriso, rundll, schädling, shockwave, software, system, virus, windows, windows xp |