Hi Leute? irgendwie ist mein PC verseucht!
Ist zwar glaub kein Milzbranderrerger wie im Pentagon aber trotzdem wäre es super wenn sich das mal jemand der sich mit auskennt anschauen könnte, und mir sagen könnte was ich machen muss.
Vielen Dank schon mal!
Logfile of HijackThis v1.99.1
Scan saved at 08:33:12, on 19.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\Winamp3\winampa.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\MMTray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
E:\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\The Cleaner\tca.exe
E:\The Cleaner\tcm.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Sitecom\Bluetooth Software\BTTray.exe
E:\ICQ\ICQ.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Norton Personal Firewall\ccPxySvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
G:\eMule\emule.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ecgszs.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realevent.exe
e:\WinZip\winzip32.exe
C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\HijackThis.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinampAgent] "e:\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] E:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Compliant] ecgszs.exe
O4 - HKLM\..\Run: [tcactive] e:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] e:\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [2VcXbkTV] C:\WINDOWS\wlsikphf.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Windows Compliant] ecgszs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Compliant] ecgszs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F56710CA-57E8-417A-BA05-8B2FC6321AD6}: NameServer = 62.27.27.62 62.27.53.66
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
HijackThis-Log File....Hilfe!!!!!!!!!!!!!!!
7 Beiträge • Seite 1 von 1
von Nikita am 19.03.2005, 11:17
Hallo@Andy25
Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann aktiviere sie wieder)
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.org/
Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit...
jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten
C:\WINDOWS\wlsikphf.exe
C:\WINDOWS\System32\ecgszs.exe
C:\WINDOWS\System32\taskmgr.exe
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O4 - HKLM\..\Run: [Windows Compliant] ecgszs.exe
O4 - HKLM\..\Run: [2VcXbkTV] C:\WINDOWS\wlsikphf.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Windows Compliant] ecgszs.exe
O4 - HKCU\..\Run: [Windows Compliant] ecgszs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
PC neustarten
KillBox
http://www.bleepingcomputer.com/files/killbox.php
•Delete File on Reboot <--anhaken
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
C:\WINDOWS\wlsikphf.exe
C:\WINDOWS\System32\ecgszs.exe
C:\Programme\ISTsvc\istsvc.exe
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
C:\WINDOWS\nem220.dll
PC neustarten
FxIstbar.exe --> lade das und scanne
http://bilder.informationsarchiv.net/Ni ... Istbar.exe
•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen
-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
+
das neue Log vom HijackTHis
Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann aktiviere sie wieder)
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.org/
Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit...
jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten
C:\WINDOWS\wlsikphf.exe
C:\WINDOWS\System32\ecgszs.exe
C:\WINDOWS\System32\taskmgr.exe
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O4 - HKLM\..\Run: [Windows Compliant] ecgszs.exe
O4 - HKLM\..\Run: [2VcXbkTV] C:\WINDOWS\wlsikphf.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Windows Compliant] ecgszs.exe
O4 - HKCU\..\Run: [Windows Compliant] ecgszs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
PC neustarten
KillBox
http://www.bleepingcomputer.com/files/killbox.php
•Delete File on Reboot <--anhaken
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
C:\WINDOWS\wlsikphf.exe
C:\WINDOWS\System32\ecgszs.exe
C:\Programme\ISTsvc\istsvc.exe
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
C:\WINDOWS\nem220.dll
PC neustarten
FxIstbar.exe --> lade das und scanne
http://bilder.informationsarchiv.net/Ni ... Istbar.exe
•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen
-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
+
das neue Log vom HijackTHis
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
nach 5 h rumprobierei
von Andy25 am 19.03.2005, 19:07
Hi Nikita!
Danke für deine schnelle Hilfe! Ich hab noch XoftSpy Drüberlaufen lassen, das hat einige Sachen gefunden hab die jetzt entfernen gelasst. Aber ich mach jetz mal das was du gesagt geschrieben hast noch schritt für schritt!
Denke aber dass durch das XoftSpy schon einige Böse Sachen weg sind!
Kannst mir sagen ob mein System jetzt wieder sicher ist?
C:\WINDOWS\wlsikphf.exe
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
Service load: 0% 100%
C:\WINDOWS\System32\ecgszs.exe
Die Exe gibts nicht mehr, ich glaube XoftSpy hat die entfernt!
File: taskmgr.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: -
AntiVir No viruses found (0.40 seconds taken)
Avast No viruses found (1.51 seconds taken)
AVG Antivirus No viruses found (0.55 seconds taken)
BitDefender No viruses found (0.52 seconds taken)
ClamAV No viruses found (0.62 seconds taken)
Dr.Web No viruses found (0.90 seconds taken)
F-Prot Antivirus No viruses found (0.09 seconds taken)
Fortinet No viruses found (0.47 seconds taken)
Kaspersky Anti-Virus No viruses found (1.01 seconds taken)
mks_vir No viruses found (0.26 seconds taken)
NOD32 No viruses found (0.50 seconds taken)
Norman Virus Control No viruses found (0.90 seconds taken)
Eintrag gibts nicht mehr! O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
Eintrag gibts nicht mehr! O4 - HKLM\..\Run: [Windows Compliant] ecgszs.exe
Eintrag gibts nicht mehr! O4 - HKLM\..\Run: [2VcXbkTV] C:\WINDOWS\wlsikphf.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
Eintrag gibts nicht mehr!O4 - HKLM\..\RunServices: [Windows Compliant] ecgszs.exe
Eintrag gibts nicht mehr!O4 - HKCU\..\Run: [Windows Compliant] ecgszs.exe
hab ich gefixt! O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
KillBox hab ich ausgeführt und die Datei C:\WINDOWS\wlsikphf.exe gelöscht die anderen Dateien waren alle schon gelöscht!
Symantec Adware.Istbar Removal Tool 1.0.7
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\IST (key deleted)
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\Policies\Avenue Media (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\sais (key deleted)
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\Microsoft\Internet Explorer\Main: BandRest (value deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: BandRest (value deleted)
process: iexplore.exe (terminated)
C:\Dokumente und Einstellungen\Andreas.HIGHSCREEN\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KH6BSX2N\nem220[1].dll: (deleted)
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\Microsoft\Internet Explorer\Main: Start Page (value set to "about:blank")
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1003\Software\Microsoft\Internet Explorer\Main: Start Page (value set to "about:blank")
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-500\Software\Microsoft\Internet Explorer\Main: Start Page (value set to "about:blank")
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\Microsoft\Internet Explorer\Main: Search Page (value set to "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch")
Adware.Istbar has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 144768
The number of deleted files: 1
The number of threat processes terminated: 0
The number of other processes terminated: 1
The number of registry entries fixed: 10
File C:\WINDOWS\system32\ecgszs.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Deleted.
File C:\WINDOWS\switpb.exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\switpa.exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\winole.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\f4dfOhF.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\KF2V29KR\sfbho13[1].dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\Q1OVYRK5\optimize[1].exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\KH6BSX2N\win-ist[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\09IBG9A3\offeragent[1].exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\09IB4DEJ\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\PZB3L14Y\istsvc[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\8JHR2IVL\istrecover[1].exe infected by "Trojan-Downloader.Win32.Agent.kp" Virus. Action Taken: File Deleted.
File C:\Dokumente und Einstellungen\Andreas.HIGHSCREEN\Internet Optimizer\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\7F6F5913 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\013C47F1 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\015D6BCD infected by "Email-Worm.Win32.Sober.c" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\771B2E83 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4FA14360 infected by "Email-Worm.Win32.Sober.c" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\294B5190 infected by "Email-Worm.Win32.Sober.c" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\367B5307 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\18EE618B infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\498B3699 infected by "Email-Worm.Win32.Sober.c" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\5BB76914 infected by "Email-Worm.Win32.Mydoom.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\631A745E infected by "Email-Worm.Win32.Mydoom.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\304F4E8A infected by "Email-Worm.Win32.Mydoom.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\247A14E8 infected by "Worm.Win32.Lovesan.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\24074227 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4FC95CC3 infected by "Email-Worm.Win32.NetSky.b" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\29720E11.dat infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\388E4884 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\39372CD7 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\3988467D infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\67842550 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\6E253496 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\0B346607 infected by "Email-Worm.Win32.NetSky.b" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\7C185DCC infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\07A207A9 infected by "Email-Worm.Win32.NetSky.b" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\620C2397 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4529290B infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\3F6246C1 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\5981628B infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4A874D04 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\061013C1 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\6F1B4EFC infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\6F2F4AE6 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\69CC6CCA infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4D9866EF infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4FCF2E1E infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\1A0E2661 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\73471EC1 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\5C77498C infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\5E32039E infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\winist6.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\2F362B4B infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\22B83074 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\22CC2C5F infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\7E9F62BE.dat infected by "Virus.Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected.
File D:\Programme\Norton AntiVirus\Quarantine\49310AF7.dat infected by "Virus.Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected.
File D:\Programme\Norton AntiVirus\Quarantine\465414AF infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\01CD2785 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\46A24333 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\718466DD infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Delete
Logfile of HijackThis v1.99.1
Scan saved at 18:25:15, on 19.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\Winamp3\winampa.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\MMTray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
E:\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\The Cleaner\tca.exe
E:\The Cleaner\tcm.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Sitecom\Bluetooth Software\BTTray.exe
E:\ICQ\ICQ.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Norton Personal Firewall\ccPxySvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
G:\eMule\emule.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\mwavscan.com
C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\kavss.exe
C:\WINDOWS\System32\taskmgr.exe
e:\WinZip\winzip32.exe
C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Sicherheits_Sofware\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinampAgent] "e:\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] E:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tcactive] e:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] e:\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F56710CA-57E8-417A-BA05-8B2FC6321AD6}: NameServer = 62.27.27.62 62.27.53.66
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
Danke für deine schnelle Hilfe! Ich hab noch XoftSpy Drüberlaufen lassen, das hat einige Sachen gefunden hab die jetzt entfernen gelasst. Aber ich mach jetz mal das was du gesagt geschrieben hast noch schritt für schritt!
Denke aber dass durch das XoftSpy schon einige Böse Sachen weg sind!
Kannst mir sagen ob mein System jetzt wieder sicher ist?
C:\WINDOWS\wlsikphf.exe
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
Service load: 0% 100%
C:\WINDOWS\System32\ecgszs.exe
Die Exe gibts nicht mehr, ich glaube XoftSpy hat die entfernt!
File: taskmgr.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: -
AntiVir No viruses found (0.40 seconds taken)
Avast No viruses found (1.51 seconds taken)
AVG Antivirus No viruses found (0.55 seconds taken)
BitDefender No viruses found (0.52 seconds taken)
ClamAV No viruses found (0.62 seconds taken)
Dr.Web No viruses found (0.90 seconds taken)
F-Prot Antivirus No viruses found (0.09 seconds taken)
Fortinet No viruses found (0.47 seconds taken)
Kaspersky Anti-Virus No viruses found (1.01 seconds taken)
mks_vir No viruses found (0.26 seconds taken)
NOD32 No viruses found (0.50 seconds taken)
Norman Virus Control No viruses found (0.90 seconds taken)
Eintrag gibts nicht mehr! O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
Eintrag gibts nicht mehr! O4 - HKLM\..\Run: [Windows Compliant] ecgszs.exe
Eintrag gibts nicht mehr! O4 - HKLM\..\Run: [2VcXbkTV] C:\WINDOWS\wlsikphf.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
Eintrag gibts nicht mehr!O4 - HKLM\..\RunServices: [Windows Compliant] ecgszs.exe
Eintrag gibts nicht mehr!O4 - HKCU\..\Run: [Windows Compliant] ecgszs.exe
hab ich gefixt! O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
KillBox hab ich ausgeführt und die Datei C:\WINDOWS\wlsikphf.exe gelöscht die anderen Dateien waren alle schon gelöscht!
Symantec Adware.Istbar Removal Tool 1.0.7
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\IST (key deleted)
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\Policies\Avenue Media (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\sais (key deleted)
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\Microsoft\Internet Explorer\Main: BandRest (value deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: BandRest (value deleted)
process: iexplore.exe (terminated)
C:\Dokumente und Einstellungen\Andreas.HIGHSCREEN\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KH6BSX2N\nem220[1].dll: (deleted)
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\Microsoft\Internet Explorer\Main: Start Page (value set to "about:blank")
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1003\Software\Microsoft\Internet Explorer\Main: Start Page (value set to "about:blank")
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-500\Software\Microsoft\Internet Explorer\Main: Start Page (value set to "about:blank")
registry: HKEY_USERS\S-1-5-21-73586283-1563985344-854245398-1008\Software\Microsoft\Internet Explorer\Main: Search Page (value set to "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch")
Adware.Istbar has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 144768
The number of deleted files: 1
The number of threat processes terminated: 0
The number of other processes terminated: 1
The number of registry entries fixed: 10
File C:\WINDOWS\system32\ecgszs.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Deleted.
File C:\WINDOWS\switpb.exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\switpa.exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\winole.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\f4dfOhF.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\KF2V29KR\sfbho13[1].dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\Q1OVYRK5\optimize[1].exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\KH6BSX2N\win-ist[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\09IBG9A3\offeragent[1].exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\09IB4DEJ\istdownload[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\PZB3L14Y\istsvc[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\TEMPOR~1\Content.IE5\8JHR2IVL\istrecover[1].exe infected by "Trojan-Downloader.Win32.Agent.kp" Virus. Action Taken: File Deleted.
File C:\Dokumente und Einstellungen\Andreas.HIGHSCREEN\Internet Optimizer\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\7F6F5913 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\013C47F1 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\015D6BCD infected by "Email-Worm.Win32.Sober.c" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\771B2E83 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4FA14360 infected by "Email-Worm.Win32.Sober.c" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\294B5190 infected by "Email-Worm.Win32.Sober.c" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\367B5307 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\18EE618B infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\498B3699 infected by "Email-Worm.Win32.Sober.c" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\5BB76914 infected by "Email-Worm.Win32.Mydoom.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\631A745E infected by "Email-Worm.Win32.Mydoom.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\304F4E8A infected by "Email-Worm.Win32.Mydoom.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\247A14E8 infected by "Worm.Win32.Lovesan.a" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\24074227 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4FC95CC3 infected by "Email-Worm.Win32.NetSky.b" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\29720E11.dat infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\388E4884 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\39372CD7 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\3988467D infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\67842550 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\6E253496 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\0B346607 infected by "Email-Worm.Win32.NetSky.b" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\7C185DCC infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\07A207A9 infected by "Email-Worm.Win32.NetSky.b" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\620C2397 infected by "Email-Worm.Win32.NetSky.d" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4529290B infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\3F6246C1 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\5981628B infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4A874D04 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\061013C1 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\6F1B4EFC infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\6F2F4AE6 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\69CC6CCA infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4D9866EF infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\4FCF2E1E infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\1A0E2661 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\73471EC1 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\5C77498C infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programme\Norton AntiVirus\Quarantine\5E32039E infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\winist6.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\2F362B4B infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\22B83074 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\22CC2C5F infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\7E9F62BE.dat infected by "Virus.Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected.
File D:\Programme\Norton AntiVirus\Quarantine\49310AF7.dat infected by "Virus.Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected.
File D:\Programme\Norton AntiVirus\Quarantine\465414AF infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\01CD2785 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\46A24333 infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Deleted.
File D:\Programme\Norton AntiVirus\Quarantine\718466DD infected by "Email-Worm.Win32.Dumaru.a" Virus. Action Taken: File Delete
Logfile of HijackThis v1.99.1
Scan saved at 18:25:15, on 19.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\Winamp3\winampa.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\MMTray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
E:\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\The Cleaner\tca.exe
E:\The Cleaner\tcm.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Sitecom\Bluetooth Software\BTTray.exe
E:\ICQ\ICQ.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Norton Personal Firewall\ccPxySvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
G:\eMule\emule.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\mwavscan.com
C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\kavss.exe
C:\WINDOWS\System32\taskmgr.exe
e:\WinZip\winzip32.exe
C:\DOKUME~1\ANDREA~1.HIG\LOKALE~1\Temp\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Sicherheits_Sofware\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - e:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinampAgent] "e:\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] E:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tcactive] e:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] e:\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F56710CA-57E8-417A-BA05-8B2FC6321AD6}: NameServer = 62.27.27.62 62.27.53.66
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
- Andy25
- Beiträge: 3
- Registriert: 19.03.2005, 09:09
von Befallener am 09.04.2005, 10:31
ich hab hier auch n logfile von hijack this und werde net draus schlau:
Logfile of HijackThis v1.99.1
Scan saved at 10:23:48, on 10.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programme\Trend Micro\Internet Security\tmproxy.exe
C:\Programme\MSI\LAN Utility\DiagAP8169.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Siemens\Gigaset USB Adapter 54\PRISMSVR.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\system32\WinSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Trend Micro\Internet Security\PccPfw.exe
C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Dokumente und Einstellungen\Marcus M\Desktop\anderes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programme\Siemens\Gigaset USB Adapter 54\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLit\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLit\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_38.dll' missing
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\tmproxy.exe
Die Symphtome von meinem Pc sind lange systemstartzeiten, Arbeitsplatzt meldetz sich nicht zurück , programme stürzen ab. Da ich leider keine erfahrung mit sowas hab, hoffe ich ihr könnt mir helfen
danke im vorraus
Logfile of HijackThis v1.99.1
Scan saved at 10:23:48, on 10.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programme\Trend Micro\Internet Security\tmproxy.exe
C:\Programme\MSI\LAN Utility\DiagAP8169.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Siemens\Gigaset USB Adapter 54\PRISMSVR.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\system32\WinSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Trend Micro\Internet Security\PccPfw.exe
C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Dokumente und Einstellungen\Marcus M\Desktop\anderes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [DiagAP8169] C:\Programme\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programme\Siemens\Gigaset USB Adapter 54\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLit\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLit\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_38.dll' missing
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Programme\Trend Micro\Internet Security\tmproxy.exe
Die Symphtome von meinem Pc sind lange systemstartzeiten, Arbeitsplatzt meldetz sich nicht zurück , programme stürzen ab. Da ich leider keine erfahrung mit sowas hab, hoffe ich ihr könnt mir helfen
danke im vorraus
- Befallener
- Beiträge: 1
- Registriert: 09.04.2005, 10:27
von Nikita am 09.04.2005, 17:07
Hallo@Befallener
LSPfix.exe
http://www.spychecker.com/program/lspfix.html
<"I know what I'm doing" <--anhaken
bringe die newdotnet6_38.dll
von links nach rechts und loesche/deleted dann die dll
-------------------------------------------------------------------------------------------
C:\WINDOWS\system32\WinSys.exe
einzelne "exe" ueberpruefen
http://www.virustotal.com/flash/index_en.html
•
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.org/
Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit...
jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten
--------------------------------------------------------------------------------------------
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
PC neustarten
Loesche.
C:\WINDOWS\system32\WinSys.exe
W32.Beagle@mm Removal Tool
http://securityresponse.symantec.com/av ... .tool.html
•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen
gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/vi ... mode.shtml
und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->und "Scan " klicken.
•Gehe wieder in den Normalmodus:
•mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du "infected" ein
•jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten
LSPfix.exe
http://www.spychecker.com/program/lspfix.html
<"I know what I'm doing" <--anhaken
bringe die newdotnet6_38.dll
von links nach rechts und loesche/deleted dann die dll
-------------------------------------------------------------------------------------------
C:\WINDOWS\system32\WinSys.exe
einzelne "exe" ueberpruefen
http://www.virustotal.com/flash/index_en.html
•
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.org/
Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit...
jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten
--------------------------------------------------------------------------------------------
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
PC neustarten
Loesche.
C:\WINDOWS\system32\WinSys.exe
W32.Beagle@mm Removal Tool
http://securityresponse.symantec.com/av ... .tool.html
•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen
gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/vi ... mode.shtml
und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->und "Scan " klicken.
•Gehe wieder in den Normalmodus:
•mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du "infected" ein
•jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
7 Beiträge • Seite 1 von 1
Ähnliche Themen
| HILFE ALLE MEINE ORDNERBERECHTIGUNG SIND WEG HILFE BITTE Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Hilfe zu SpamNet von Cloudmark Forum: Software-Hilfe Autor: Anonymous Antworten: |
HILFE, mein Laptop ist und bleibt im Standy-Modus! Forum: Hardware-Hilfe Autor: anitram Antworten: |
Bluescreen-Hilfe Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
brauche BITTE mal ganz dringend hilfe!!! Forum: Software-Hilfe Autor: blue-sky Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast