|
Zweiter Rechner ^^ So und das der zweite Rechner, hat dauernd Popups mit Jamba und so nen Schmarrn.... Schädlingsbefall: Ne Menge Ad und Spyware... Mädels müssen sich immer alles runter laden -.- Logfile of HijackThis v1.99.1 Scan saved at 06:02:24, on 22.07.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\MultiRes\MultiRes.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Messenger\msmsgs.exe D:\games\half-life 2\valve\steam\steam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\sndvol32.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\FileZilla\FileZilla.exe C:\PROGRA~1\LOLIFOX\LOLIFOX.EXE G:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {62AEF030-28E3-BA0B-CC0A-3D2BD8DCBD0C} - C:\DOCUME~1\ADMINI~1\APPLIC~1\BendHelp\Signmail.ex e (file missing) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe" O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Gpl 4 Manager View] C:\Documents and Settings\All Users\Application Data\coolballgpl4\drv axis.exe O4 - HKLM\..\Run: [7ed5e159.exe] C:\WINDOWS\system32\7ed5e159.exe O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AL38XCZU\WinAntiVirusPro2006Free Install[1].exe" -nag O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "d:\games\half-life 2\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe O4 - HKCU\..\Run: [fzwi] C:\stub_113_4_0_4_0.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [7ed5e159.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\7ed5e159.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google-Suche - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Verweisseiten - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O15 - Trusted Zone: http://*.billingnow.com O15 - Trusted Zone: http://*.reliablestats.com O15 - Trusted Zone: http://*.winnanny.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\itmon.dll (file missing) O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\guard.tmp (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) |
Hallo nochmal, lade dir als erstes folgendes Tool: 1.) Look2MeFix, fahre gleich mit Punkt (2) fort, und poste anschliessend den Report. (nach Abschluss des Scans öffnet sich ein notepad-Fenster, diesen Text in einen Beitrag kopieren! 2.) dann das System mit eScan, Ad-Aware sowie Spybot S&D scannen. (mit Spybot zusätzlich noch das System immunisieren!) Dann den bericht von eScan mit Hilfe der "find.bat" posten sowie ein neues Hijacklog... Gruß Daniel |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:22 Uhr. |
Copyright ©2000-2025, Trojaner-Board