|
Was ist das für ein Eintrag im Logfile? Hallo an alle! Ich habe mal eine Frage an euch. Ich habe heute einen Logfile gemacht und soweit ist alles in Ordnung. Der einzigste Eintrag wo ein Problem aufgetaucht ist ist dieser: O2 - BHO: (no name) - {B66A2D33-3722-47F2-A56E-4D6448D7F10D} - C:\WINDOWS\system32\mqg4dmod.dll Unbekannt Einige Programme sind hier schlecht. Das eingegebene Programm ([B66A2D33-3722-47F2-A56E-4D6448D7F10D] - Treffer: ) wurde überprüft. Trefferquote: 0,00% Es liegt noch keine Besucherbewertung vor! Nicht bekanntes Programm. Kann mir vielleicht einer sagen was das sein könnte? Ich hoffe nichts böses :( Danke und Liebe Grüße xela |
Hallo, sieht bösartig aus, überprüfe mal die Datei C:\WINDOWS\system32\mqg4dmod.dll hier und poste das Ergebnis. Poste außerdem das komplette HijackThis Log. Grüße wildone |
Danke für den Tip, jetzt kommt aber schon das nächste Problem. Ich bin der Englischen Sprache nicht wirklich mächtig. Zumindest nicht so auf Computer etc. bezogen. Bitte nicht auslachen, aber es wäre nett wenn du mir sagen könntest, wo genau ich was machen muss. Danke und sorry. Hier ein Logfile von heute: Logfile of HijackThis v1.99.1 Scan saved at 18:11:59, on 10.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCD.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINDOWS\system32\RunDll32.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\avmwlanstick\wlangui.exe C:\WINDOWS\system32\pctspk.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Unzipped\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iphpbb.com/board/fs-81104762nx18147.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=: R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {B66A2D33-3722-47F2-A56E-4D6448D7F10D} - C:\WINDOWS\system32\mqg4dmod.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall\persfw.exe |
Zitat:
auf den Link von Wildone klicken, im neuen Fenster den Button "Durchsuchen" klicken. Diese Datei suchen: -->C:\WINDOWS\system32\mqg4dmod.dll dann den Button "Öffnen" (das Fenster schliesst sich!), dann den Button "SEND", und abwarten bis die Auswertung der Datei fertig ist! (das Fenster geöffnet lassen!) Dann folgende Tastenkombinationen nacheinander ausführen: Strg+A (Bildschirm wird blau!) Strg+C (jetzt hat er alles kopiert!) und jetzt die Seite vom "Trojaner-Board" öffnen, bzw. einen Beitrag hier schreiben und die Tastenkombination "Strg+V" benutzen! Dann sollte der gesamte Inhalt erscheinen! Gruß Daniel |
Danke Sunny für die wirklich idiotensichere Beschreibung. So hab ich es auch verstanden. Hier die Auswertung und ich glaube das sieht gar nicht gut aus :heulen: VirusTotal VirusTotal is a free file analisys service that works using several antivirus engines. Select file : Distribute SSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send. Menu: * News Hot news in the virus/antivirus sector. * Estadisticas Statistics of VirusTotal procesing. * Virustotal More info about Virustotal. STATUS: FINISHED Complete scanning result of "mqg4dmod.dll", received in VirusTotal at 06.11.2006, 12:08:20 (CET). Antivirus Version Update Result AntiVir 6.35.0.10 06.10.2006 ADSPY/Stud.A.1 Authentium 4.93.8 06.09.2006 no virus found Avast 4.7.844.0 06.09.2006 Win32:Trojano-3384 AVG 386 06.09.2006 Adware Generic.LRH BitDefender 7.2 06.11.2006 Trojan.Downloader.Agent.RG CAT-QuickHeal 8.00 06.10.2006 no virus found ClamAV devel-20060426 06.09.2006 no virus found DrWeb 4.33 06.10.2006 Trojan.DownLoader.6588 eTrust-InoculateIT 23.72.33 06.10.2006 no virus found eTrust-Vet 12.6.2250 06.09.2006 no virus found Ewido 3.5 06.10.2006 Downloader.Small.cgu Fortinet 2.77.0.0 06.11.2006 W32/Small.CGU!tr F-Prot 3.16f 06.09.2006 no virus found Ikarus 0.2.65.0 06.09.2006 AdWare.Stud.A Kaspersky 4.0.2.24 06.11.2006 not-a-virus:AdWare.Win32.Stud.a McAfee 4781 06.09.2006 potentially unwanted program Adware-KeenValue Microsoft 1.1441 06.11.2006 no virus found NOD32v2 1.1592 06.11.2006 Win32/Adware.BHO.AA Norman 5.90.21 06.09.2006 W32/Stud.B Panda 9.0.0.4 06.10.2006 Adware/KeenValue Sophos 4.06.0 06.10.2006 no virus found Symantec 8.0 06.11.2006 no virus found TheHacker 5.9.8.157 06.10.2006 Adware/Stud.a UNA 1.83 06.09.2006 Adware.Stud VBA32 3.11.0 06.11.2006 suspected of Trojan-Downloader.Agent.49 Aditional Information File size: 14241 bytes MD5: 6fec2900b0bbc00f91763f23ae6a9f06 SHA1: 8265fe011b7dc6f04f46af07e716a2febecc5d13 VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com Ich befürchte das Schlimmste |
Hallo "xela", gehe folgende Punkte Schritt für Schritt durch: 1.) Systemwiederherstllung deaktivieren --> so wirds gemacht 2.) Lade die folgende Tools: --> Killbox und Ad-Aware 3.) Benutze die Killbox, lösche damit folgende Datei, sie befindet sich hier: C:\WINDOWS\system32\mqg4dmod.dll (Haken bei "delete on reboot" Datei suchen, löschen, dann wirst du gefragt: Neustart(Restart)? Mit "yes" antworten. 4.) lass dann "Ad-Aware" über dein System laufen, und poste den Inhalt der Report Datei die am Ende des Scans erstellt wird! (genauso wie du es bei der Auswertung mit Virustotal gemacht hast!) 5.) Poste dann nochmal ein aktuelles Hijacklog (Anleitung nochmal in meiner Signatur zum nachlesen!) Gruß Daniel |
So hier mein File von Ad-Aware Teil 1 Ad-Aware SE Build 1.06r1 Logfile Created on:Montag, 12. Juni 2006 10:08:32 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R111 08.06.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):38 total references Tracking Cookie(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 12.06.2006 10:08:32 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Ich\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\ahead\cover designer\recent file list Description : list of recently used files in ahead cover designer MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\office\9.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1292428093-789336058-1957994488-1004\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 572 ThreadCreationTime : 12.06.2006 07:39:15 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 624 ThreadCreationTime : 12.06.2006 07:39:17 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 648 ThreadCreationTime : 12.06.2006 07:39:17 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 692 ThreadCreationTime : 12.06.2006 07:39:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 704 ThreadCreationTime : 12.06.2006 07:39:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 848 ThreadCreationTime : 12.06.2006 07:39:18 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 908 ThreadCreationTime : 12.06.2006 07:39:18 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 948 ThreadCreationTime : 12.06.2006 07:39:18 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 984 ThreadCreationTime : 12.06.2006 07:39:19 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1068 ThreadCreationTime : 12.06.2006 07:39:19 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1188 ThreadCreationTime : 12.06.2006 07:39:20 BasePriority : Normal FileVersion : 8.16 ProductVersion : 8.16 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1224 ThreadCreationTime : 12.06.2006 07:39:20 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1232 ThreadCreationTime : 12.06.2006 07:39:20 BasePriority : Normal FileVersion : 8.16 ProductVersion : 8.16 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:14 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1368 ThreadCreationTime : 12.06.2006 07:39:21 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:15 [sched.exe] FilePath : C:\Programme\AntiVir PersonalEdition Classic\ ProcessID : 1452 ThreadCreationTime : 12.06.2006 07:39:21 BasePriority : Normal #:16 [avguard.exe] FilePath : C:\Programme\AntiVir PersonalEdition Classic\ ProcessID : 1464 ThreadCreationTime : 12.06.2006 07:39:21 BasePriority : Normal #:17 [igdctrl.exe] FilePath : C:\Programme\FRITZ!DSL\ ProcessID : 1484 ThreadCreationTime : 12.06.2006 07:39:21 BasePriority : Normal FileVersion : 1.00.01.2004 ProductVersion : 1.00.01.2004 ProductName : AVM IGD Service CompanyName : AVM Berlin FileDescription : AVM IGD Service InternalName : igdctrl LegalCopyright : © AVM Berlin 2004-2005 OriginalFilename : igdctrl.exe #:18 [wlannetservice.exe] FilePath : C:\Programme\avmwlanstick\ ProcessID : 1508 ThreadCreationTime : 12.06.2006 07:39:21 BasePriority : Normal FileVersion : 1, 0, 17, 0 ProductVersion : 1, 0, 17, 0 ProductName : AVM AVMWlanService CompanyName : AVM Berlin InternalName : AVMWlanService LegalCopyright : Copyright © AVM Berlin 2005 OriginalFilename : AVMWlanService.exe #:19 [incdsrv.exe] FilePath : C:\Programme\Ahead\InCD\ ProcessID : 1576 ThreadCreationTime : 12.06.2006 07:39:21 BasePriority : Normal FileVersion : 4, 0, 1, 24 ProductVersion : 4, 0, 1, 24 ProductName : AHEAD Software incdsrv CompanyName : AHEAD Software FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright © 2003 OriginalFilename : incdsrv.exe |
Teil 2 #:20 [persfw.exe] FilePath : C:\Programme\Kerio\Personal Firewall\ ProcessID : 1696 ThreadCreationTime : 12.06.2006 07:39:22 BasePriority : Normal FileVersion : 2, 1, 5, 0 ProductVersion : 2, 1, 5, 0 ProductName : Kerio Personal Firewall CompanyName : Kerio Technologies FileDescription : Kerio Personal Firewall Engine InternalName : PERSFW LegalCopyright : Copyright © 2002 OriginalFilename : PERSFW.exe #:21 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1808 ThreadCreationTime : 12.06.2006 07:39:23 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:22 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1868 ThreadCreationTime : 12.06.2006 07:39:23 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:23 [incd.exe] FilePath : C:\Programme\Ahead\InCD\ ProcessID : 1980 ThreadCreationTime : 12.06.2006 07:39:25 BasePriority : Normal FileVersion : 4, 0, 1, 24 ProductVersion : 4, 0, 1, 24 ProductName : InCD CompanyName : Ahead Software AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright (C) 2003 Ahead Software and its licensors LegalTrademarks : InCD TM OriginalFilename : InCD.exe #:24 [instan~1.exe] FilePath : C:\PROGRA~1\TEXTBR~1.0\Bin\ ProcessID : 1992 ThreadCreationTime : 12.06.2006 07:39:25 BasePriority : Normal #:25 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2020 ThreadCreationTime : 12.06.2006 07:39:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:26 [jusched.exe] FilePath : C:\Programme\Java\jre1.5.0_06\bin\ ProcessID : 2040 ThreadCreationTime : 12.06.2006 07:39:25 BasePriority : Normal #:27 [realsched.exe] FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\ ProcessID : 132 ThreadCreationTime : 12.06.2006 07:39:25 BasePriority : Normal FileVersion : 0.1.0.3249 ProductVersion : 0.1.0.3249 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:28 [pptd40nt.exe] FilePath : C:\progra~1\scansoft\paperp~1\ ProcessID : 160 ThreadCreationTime : 12.06.2006 07:39:26 BasePriority : Normal FileVersion : 6.5 ProductVersion : 6.5 ProductName : PaperPort CompanyName : Scansoft Inc. FileDescription : PaperPort Print to Desktop for NT InternalName : PPTD40NT LegalCopyright : Copyright © 1993-1999 Scansoft Inc. OriginalFilename : PPTD40NT.EXE #:29 [datalayer.exe] FilePath : C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\ ProcessID : 168 ThreadCreationTime : 12.06.2006 07:39:26 BasePriority : Normal FileVersion : 6, 60, 109, 3 ProductVersion : 6, 0 ProductName : Nokia PC Suite CompanyName : Nokia Mobile Phones Ltd. FileDescription : DataLayer 2.0 Module InternalName : DataLayer 2.0 LegalCopyright : Copyright (c) 2005. Nokia. All rights reserved. OriginalFilename : DataLayer.exe #:30 [wlangui.exe] FilePath : C:\Programme\avmwlanstick\ ProcessID : 232 ThreadCreationTime : 12.06.2006 07:39:26 BasePriority : Normal FileVersion : 1, 0, 2, 18 ProductVersion : 1, 0, 0, 53 ProductName : AVM FRITZ!WLAN CompanyName : AVM GmbH Berlin FileDescription : FRITZ!WLAN LegalCopyright : Copyright © 2005 OriginalFilename : WLANGui.exe Comments : $ProjectRevision: 1.55 $ #:31 [pctspk.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 312 ThreadCreationTime : 12.06.2006 07:39:26 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : pctvoice Application FileDescription : pctvoice MFC Application InternalName : pctvoice LegalCopyright : Copyright (C) 2001 OriginalFilename : pctvoice.EXE #:32 [em_exec.exe] FilePath : C:\Programme\Logitech\MouseWare\system\ ProcessID : 404 ThreadCreationTime : 12.06.2006 07:39:28 BasePriority : Normal FileVersion : 9.79.025 ProductVersion : 9.79.025 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : (C) 1987-2003 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team #:33 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2920 ThreadCreationTime : 12.06.2006 07:39:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:34 [servic~1.exe] FilePath : C:\PROGRA~1\GEMEIN~1\PCSuite\Services\ ProcessID : 2956 ThreadCreationTime : 12.06.2006 07:39:51 BasePriority : Normal FileVersion : 6, 60, 36, 1 ProductVersion : 6.0 ProductName : Nokia Connectivity Library CompanyName : Nokia. FileDescription : ServiceLayer Module InternalName : ServiceLayer LegalCopyright : Copyright © 2002-2005 Nokia. All Rights Reserved. OriginalFilename : ServiceLayer.exe #:35 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3760 ThreadCreationTime : 12.06.2006 07:40:01 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:36 [spider.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3744 ThreadCreationTime : 12.06.2006 07:53:59 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Spider InternalName : Spider LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : Spider #:37 [winword.exe] FilePath : C:\Programme\Microsoft Office\Office\ ProcessID : 1048 ThreadCreationTime : 12.06.2006 08:04:53 BasePriority : Normal #:38 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2540 ThreadCreationTime : 12.06.2006 08:08:06 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 38 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 38 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 38 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 38 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : ich@ehg-lexmark.hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\WINDOWS\Temp\Cookies\ich@ehg-lexmark.hitbox[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : ich@hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\WINDOWS\Temp\Cookies\ich@hitbox[1].txt Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 40 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 2 entries scanned. New critical objects:0 Objects found so far: 40 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 40 10:22:47 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:14:14.689 Objects scanned:140494 Objects identified:2 Objects ignored:0 New critical objects:2 |
Und mein Hijack Logfile of HijackThis v1.99.1 Scan saved at 10:46:24, on 12.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCD.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINDOWS\system32\RunDll32.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\Programme\avmwlanstick\wlangui.exe C:\WINDOWS\system32\pctspk.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spider.exe C:\Programme\Microsoft Office\Office\WINWORD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Unzipped\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iphpbb.com/board/fs-81104762nx18147.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=: R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {B66A2D33-3722-47F2-A56E-4D6448D7F10D} - C:\WINDOWS\system32\mqg4dmod.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall\persfw.exe |
Hallo "Xela" fixe jetzt noch mit HijackThis folgende Zeillen: (wenn das deine Startseite bleiben soll, NICHT FIXEN!!!) Zitat:
Zitat:
Um aber auf Nummer sicher zu gehen, lies dir folgende Anleitung gut durch: --> http://www.trojaner-board.de/showthread.php?t=24192 und poste dann anschliessend das ergebnis mit Hilfe der find.bat! Gruß Daniel |
Hallo Daniel, den Explorer und damit auch die Startseite benutze ich eh nicht, da ich den Browser Mozialla Firefox benutze, also ist das zumindest egal. Aber die Seite ist schon ok. Ich habe jetzt den eScan gemacht, hat ganz schön lange gedauert und irgendwas scheint immernoch nicht ganz in Ordnung zu sein. Bitte schau nochmal drüber. Und ne Frage hab ich auch noch. Was ist denn mit der Systemwiederherstellung? Soll die deaktiviert bleiben? Hab nicht so wirklich nen Plan für was die gut ist und ob ich die brauche :dummguck: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Jun 13 11:46:30 2006 => System found infected with bookmarkexpress Spyware/Adware (bmupdate.ini)! Action taken: No Action Taken. Tue Jun 13 11:46:33 2006 => System found infected with bookmarkexpress Spyware/Adware (bmupdate.exe)! Action taken: No Action Taken. Tue Jun 13 11:46:38 2006 => System found infected with bookmarkexpress Spyware/Adware (C:\WINDOWS\system32\bmupdate.exe)! Action taken: No Action Taken. ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ Tue Jun 13 12:12:30 2006 => File C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TQPVSD79\teen[1].htm infected by "Trojan-Clicker.JS.Linker.h" Virus! Action Taken: No Action Taken. ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ Tue Jun 13 11:46:30 2006 => Offending file found: C:\WINDOWS\bmupdate.ini Tue Jun 13 11:46:33 2006 => Offending file found: C:\WINDOWS\system32\bmupdate.exe Tue Jun 13 11:46:38 2006 => Offending file found: C:\WINDOWS\system32\bmupdate.exe ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ Tue Jun 13 11:46:41 2006 => File C:\!KillBox\mqg4dmod.dll tagged as "not-a-virus:AdWare.Win32.Stud.a". Action Taken: No Action Taken. Tue Jun 13 13:27:23 2006 => File C:\WINDOWS\system32\BMUpdate.exe tagged as "not-a-virus:AdWare.Win32.BMCentral.a". Action Taken: No Action Taken. ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Jun 13 13:34:30 2006 => Total Errors: 6 Tue Jun 13 13:34:30 2006 => Time Elapsed: 01:50:20 Tue Jun 13 13:34:30 2006 => Total Objects Scanned: 70797 Tue Jun 13 11:25:50 2006 => Virus Database Date: 6/12/2006 Tue Jun 13 11:26:41 2006 => Virus Database Date: 6/13/2006 Tue Jun 13 11:42:24 2006 => Virus Database Date: 6/13/2006 Tue Jun 13 13:34:31 2006 => Virus Database Date: 6/13/2006 Tue Jun 13 13:42:59 2006 => Virus Database Date: 6/13/2006 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Und nu? Schlimm oder halb schlimm? Trau mich kaum noch was zu machen, besser gesagt meine Passwörter einzugeben. Hilfe! Bitte! |
Wenn die Systemwiederherstellung deaktiviert ist, gehe ind en Abgesicherten Modus und lösche mittels Killbox noch folgende Dateien (du weißt nun ja wie du mehrere hintereinander löschen kannst). Zitat:
Zitat:
Nun sollte das Gröbste weg sein. Poste ein neues HJT-File. mfg, Markus |
Hallo und Danke Markus! Hier mein neuster HJT Logfile of HijackThis v1.99.1 Scan saved at 10:02:53, on 15.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCD.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\WINDOWS\system32\RunDll32.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\avmwlanstick\wlangui.exe C:\WINDOWS\system32\pctspk.exe C:\Programme\Winamp\Winampa.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\progra~1\scansoft\paperp~1\pptd40nt.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Unzipped\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iphpbb.com/board/fs-81104762nx18147.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=: R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [routcnf] C:\Programme\Telekom\Eumex 504PC USB\routcnf.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall\persfw.exe Was das ist O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present weiß ich auch nicht? |
Hallo xela, dein O6-Eintrag stammt vermutlich daher :C:\Programme\avmwlanstick\WlanNetService.exe Wenn du dich in ein Drahtlos-Netzwerk einwählst,ist das ok. Irrlicht |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 13:05 Uhr. |
Copyright ©2000-2024, Trojaner-Board