HJT Log, bitte mal drübersehen

von **sommergras** am 22.01.2006, 18:18

Hallo,

habe mir beim surfen was böses geholt.
Da wird jetzt immer ne exe gestartet.

smss.exe
winlogon.exe

habe Ad-Aware & Spyboot drüberlaufen
lasse.

Spyboot sagt bei Problem:

Vcodec
Smitfraud-C

Spyboot bekommt es aber nicht weg.
So super fit auf dem Gebiet bin ich leider
nicht, deshalb hier mein logfile:

Logfile of HijackThis v1.99.1
Scan saved at 17:00:08, on 22.01.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\ANTIVIR\AVGUARD.EXE
D:\AntiVir\AVWUPSRV.EXE
D:\Tastatur Cherry\CDI\CDI.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PDesk\PDesk.exe
C:\Programme\WinPortrait\wpctrl.exe
C:\WINNT\SOUNDMAN.EXE
D:\Java\bin\jusched.exe
D:\Tastatur Cherry\KeyMan\KeyMan.exe
D:\AntiVir\AVGNT.EXE
D:\Motherboard Utillity\AsusProb.exe
D:\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\GEMEIN~1\Nokia\Services\SERVIC~1.EXE
D:\Fritz DSL\FwebProt.exe
C:\Programme\WinPortrait\floater.exe
D:\Opera\Opera.exe
F:\Software Download\Anti Spy Program\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ANTISP~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programme\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Java\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CherryKeyMan] "D:\Tastatur Cherry\KeyMan\KeyMan.exe"
O4 - HKLM\..\Run: [AVGCtrl] "D:\AntiVir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ASUS Probe] d:\Motherboard Utillity\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Zone Alarm\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - Startup: FRITZ!webProtect.lnk = D:\Fritz DSL\FwebProt.exe
O4 - Startup: AntiVir Guard.lnk = D:\AntiVir\AVGNT.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: AntiVir Guard.lnk = D:\AntiVir\AVGNT.EXE
O4 - Global Startup: Logo Calibration Loader.lnk = D:\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = D:\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: Send to Keyman - D:\Tastatur Cherry\KeyMan\IEMenuExtKeyman.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O15 - Trusted Zone: http://my.ebay.de
O15 - Trusted Zone: http://www.ebay.de
O15 - Trusted Zone: http://www.eplus.de
O15 - Trusted Zone: http://*.fritz.box
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: http://www.microsoft.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-24.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37380.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - file://D:\MUSICMATCH Update\MMJB\msxml3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CF4D77-7B5D-4DEA-8EEF-E6A840069A8A}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8D9E74-9459-4465-8050-42BF620C0D0A}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{29CF4D77-7B5D-4DEA-8EEF-E6A840069A8A}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{29CF4D77-7B5D-4DEA-8EEF-E6A840069A8A}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\ANTIVIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\AntiVir\AVWUPSRV.EXE
O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - D:\Tastatur Cherry\CDI\CDI.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

Vielen Dank vorab.

von **Holy Marcell** am 22.01.2006, 18:24

WTF

==============================

Hijack This Starten ==> Button: Noone of the above just start the programm ==> Button Scan ==> Die Checkbox vor folgenden Einträgen Aktiviren ==> Button Fix Checked ==> Neustart

O4 - Startup: AntiVir Guard.lnk = D:\AntiVir\AVGNT.EXE
O4 - Global Startup: AntiVir Guard.lnk = D:\AntiVir\AVGNT.EXE

==============================

Oben auf der Seite ==> [Browse] ==> Wähle die u.g. Datei(en) an ==> [Öffnen] / [submit] ==> Poste das Ergebniss hier.
http://www.virustotal.com/flash/index_en.html

D:\AntiVir\AVGNT.EXE

von **sommergras** am 22.01.2006, 19:04

Hallo Holly Marcel,

habe jetzt die beiden einträge

O4 - Startup: AntiVir Guard.lnk = D:\AntiVir\AVGNT.EXE
O4 - Global Startup: AntiVir Guard.lnk = D:\AntiVir\AVGNT.EXE

in HJT fix checked und Neustart:

das neue logfile

Logfile of HijackThis v1.99.1
Scan saved at 18:01:28, on 22.01.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\ANTIVIR\AVGUARD.EXE
D:\AntiVir\AVWUPSRV.EXE
D:\Tastatur Cherry\CDI\CDI.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PDesk\PDesk.exe
C:\Programme\WinPortrait\wpctrl.exe
C:\WINNT\SOUNDMAN.EXE
D:\Java\bin\jusched.exe
D:\Tastatur Cherry\KeyMan\KeyMan.exe
D:\AntiVir\AVGNT.EXE
D:\Motherboard Utillity\AsusProb.exe
D:\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
D:\Fritz DSL\FwebProt.exe
C:\PROGRA~1\GEMEIN~1\Nokia\Services\SERVIC~1.EXE
D:\Opera\Opera.exe
C:\Programme\WinPortrait\floater.exe
D:\Anti Spy Ware\Spybot - Search & Destroy\SpybotSD.exe
F:\Software Download\Anti Spy Program\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ANTISP~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programme\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Java\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CherryKeyMan] "D:\Tastatur Cherry\KeyMan\KeyMan.exe"
O4 - HKLM\..\Run: [AVGCtrl] "D:\AntiVir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ASUS Probe] d:\Motherboard Utillity\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Zone Alarm\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - Startup: FRITZ!webProtect.lnk = D:\Fritz DSL\FwebProt.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logo Calibration Loader.lnk = D:\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = D:\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: Send to Keyman - D:\Tastatur Cherry\KeyMan\IEMenuExtKeyman.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\fritz dsl\sarah.dll
O15 - Trusted Zone: http://my.ebay.de
O15 - Trusted Zone: http://www.ebay.de
O15 - Trusted Zone: http://www.eplus.de
O15 - Trusted Zone: http://*.fritz.box
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: http://www.microsoft.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-24.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37380.cab
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - file://D:\MUSICMATCH Update\MMJB\msxml3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CF4D77-7B5D-4DEA-8EEF-E6A840069A8A}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8D9E74-9459-4465-8050-42BF620C0D0A}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{29CF4D77-7B5D-4DEA-8EEF-E6A840069A8A}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{29CF4D77-7B5D-4DEA-8EEF-E6A840069A8A}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\ANTIVIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\AntiVir\AVWUPSRV.EXE
O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - D:\Tastatur Cherry\CDI\CDI.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

Die Antwort von Virus Total:

Antivirus Version Update Result
AntiVir 6.33.0.77 01.20.2006 no virus found
Avast 4.6.695.0 01.20.2006 no virus found
AVG 718 01.20.2006 no virus found
Avira 6.33.0.77 01.20.2006 no virus found
BitDefender 7.2 01.22.2006 no virus found
CAT-QuickHeal 8.00 01.21.2006 no virus found
ClamAV devel-20051123 01.21.2006 no virus found
DrWeb 4.33 01.22.2006 no virus found
eTrust-InoculateIT 23.71.57 01.22.2006 no virus found
eTrust-Vet 12.4.2052 01.20.2006 no virus found
Ewido 3.5 01.22.2006 no virus found
Fortinet 2.54.0.0 01.22.2006 no virus found
F-Prot 3.16c 01.20.2006 no virus found
Ikarus 0.2.59.0 01.20.2006 no virus found
Kaspersky 4.0.2.24 01.22.2006 no virus found
McAfee 4679 01.20.2006 no virus found
NOD32v2 1.1373 01.20.2006 no virus found
Norman 5.70.10 01.20.2006 no virus found
Panda 9.0.0.4 01.22.2006 no virus found
Sophos 4.01.0 01.22.2006 no virus found
Symantec 8.0 01.22.2006 no virus found
TheHacker 5.9.2.078 01.20.2006 no virus found
UNA 1.83 01.21.2006 no virus found
VBA32 3.10.5 01.22.2006 no virus found

Aber Sbyboot zeigt mir die beiden Probleme noch an.
Was habe ich falsch gemacht?????

von **Yourhighness** am 22.01.2006, 19:54

Holy!

Der User hat 2000 (also NT Technologie)...

Bitte mal onlinescans machen...

Onlinescans
http://virus-protect.org/onlinescan.html

mfg,

HJT Log, bitte mal drübersehen

HJT Log, bitte mal drübersehen

Ähnliche Themen

Wer ist online?