Hilfe Startseite ändert sich dauernd
3 Beiträge • Seite 1 von 1
Hilfe Startseite ändert sich dauernd
von sniperhardy am 25.07.2006, 10:02
Habe seit kurzem das Problem, dass sich meine Internet Startseite dauernd zu safetyuptodate.net ändert. Auf dieser Seite öffnet sich dann ein kleines Fenster mit einer Virenmeldung von W32.Myzor.FK@yf Das ist jedoch nicht von meinem Virenscanner.
Habe Cleanup451 und folgende Logs gemacht:
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 09:39:41 AM, on 2006/07/25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\FONTS\FEC30.com
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\hp\Desktop\Spy\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saf-achsen.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TempCom] C:\WINDOWS\FONTS\FEC30.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save page in SuperOffice - res://C:\PROGRA~1\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Program Files\SuperOffice\SoIeExtensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Datfind-Log
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\WINDOWS\system32
2006/07/25 09:24 AM 5,024 stdole3.tlb
2006/07/25 09:15 AM 402,294 perfh009.dat
2006/07/25 09:15 AM 61,804 perfc009.dat
2006/07/25 09:15 AM 469,538 PerfStringBackup.INI
2006/07/24 03:13 PM 2,206 wpa.dbl
2006/07/03 08:24 AM 6,617 jupdate-1.5.0_06-b05.log
2006/06/08 04:14 PM 23 fwlog.txt
2006/06/08 11:41 AM 30,208 hp100.tmp
2006/06/08 11:41 AM 34,317 ld101.tmp
2006/06/07 03:45 PM 224,024 FNTCACHE.DAT
2006/05/03 09:26 PM 5,818,784 MRT.exe
2006/03/30 11:16 AM 1,492,480 shdocvw.dll
2006/03/30 03:00 AM 16,384 xpsp3res.dll
2006/03/23 10:32 PM 3,053,568 mshtml.dll
2006/03/18 01:09 PM 613,376 urlmon.dll
2006/03/17 11:07 AM 679,424 inetcomm.dll
2006/03/17 06:03 AM 8,452,096 shell32.dll
2006/03/17 02:38 AM 28,672 verclsid.exe
2006/03/10 06:09 AM 5,533,696 wmp.dll
2006/03/04 05:33 AM 658,432 wininet.dll
2006/03/04 05:33 AM 474,112 shlwapi.dll
2006/03/04 05:33 AM 146,432 msrating.dll
2006/03/04 05:33 AM 39,424 pngfilt.dll
2006/03/04 05:33 AM 448,512 mshtmled.dll
2006/03/04 05:33 AM 532,480 mstime.dll
2006/03/04 05:33 AM 205,312 dxtrans.dll
2006/03/04 05:33 AM 251,392 iepeers.dll
2006/03/04 05:33 AM 96,256 inseng.dll
2006/03/04 05:33 AM 55,808 extmgr.dll
2006/03/04 05:33 AM 1,054,208 danim.dll
2006/03/04 05:33 AM 151,040 cdfview.dll
2006/03/04 05:33 AM 1,022,976 browseui.dll
2006/03/01 09:42 PM 426,496 msdtcprx.dll
2006/03/01 09:42 PM 11,776 xolehlp.dll
2006/03/01 09:42 PM 161,280 msdtcuiu.dll
2006/03/01 09:42 PM 956,416 msdtctm.dll
2006/03/01 09:42 PM 66,560 mtxclu.dll
2006/03/01 09:42 PM 91,136 mtxoci.
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\DOCUME~1\hp\LOCALS~1\Temp
2006/07/25 09:54 AM 79,851 jusched.log
2006/07/25 09:51 AM 81,920 ~DF343C.tmp
2006/07/25 09:44 AM 16,384 ~DF2994.tmp
2006/07/25 09:44 AM 16,384 ~DF8D0A.tmp
2006/07/25 09:44 AM 16,384 ~DF77D4.tmp
2006/07/25 09:42 AM 3,962 NBU8C.tmp
2006/07/25 09:40 AM 16,384 ~DF6560.tmp
2006/07/25 09:40 AM 16,384 ~DF5850.tmp
2006/07/25 09:21 AM 0 jupdate1.5.0.xml
2006/07/25 09:12 AM 81,920 ~DF45E0.tmp
2006/07/25 09:11 AM 16,384 ~DFB55B.tmp
2006/07/25 09:11 AM 16,384 ~DFA8EF.tmp
2006/07/24 04:20 PM 3,962 NBU51.tmp
2006/07/24 04:19 PM 16,384 ~DF5E33.tmp
2006/07/24 04:19 PM 16,384 ~DF57B0.tmp
2006/07/24 04:19 PM 16,384 ~DF5081.tmp
2006/07/24 04:17 PM 16,384 ~DFEE2.tmp
2006/07/24 04:17 PM 16,384 ~DFF4C5.tmp
2006/07/24 04:17 PM 16,384 ~DFED10.tmp
edit (Nikita)
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\
2006/07/25 09:49 AM 0 sys.txt
2006/07/25 09:49 AM 9,569 system.txt
2006/07/25 09:47 AM 68,370 systemtemp.txt
2006/07/25 09:46 AM 83 DirDPF.txt
2006/07/25 09:46 AM 2 DirDPFCns.txt
2006/07/25 09:45 AM 123,178 system32.txt
2006/07/25 09:44 AM 37 net.txt
2006/07/25 09:43 AM 527,880,192 hiberfil.sys
2006/07/25 09:43 AM 792,723,456 pagefile.sys
2006/07/19 12:47 PM 937 NetHood.htm
2006/07/19 12:47 PM 937 folder.htt
2006/07/03 01:07 PM 1,424 SoArcPlugin.log
2006/06/27 08:23 AM 127 MailArchiveHelper.log
2006/06/21 02:15 PM 782 SOOutlMailLink.log
2006/06/08 04:07 PM 6,312 avenger.txt
2005/09/16 07:45 PM 57,344 WINDOWS.EXE
2005/09/16 07:45 PM 57,344 Ghost.bat
2005/08/01 12:51 PM 6,613,041 SAFMODUL_GB.pdf
2005/07/26 09:13 AM 18 ddtemp011200.ini
2005/07/19 05:25 PM 192 BcBtRmv.log
2005/07/12 09:42 AM 71 info.dat
2005/07/12 09:42 AM 105 getinfo.bat
2005/07/07 11:31 AM 1,185 _Sid.txt
2005/07/01 11:45 AM 3,219,486 DNSP1.LOG
2005/07/01 11:43 AM 90 chpst.log
2005/07/01 11:42 AM 163 setup.log
2005/07/01 11:39 AM 20,912 sunjava.log
2005/07/01 11:38 AM 161 sedinst.log
2005/07/01 11:38 AM 200 sedinst2.log
2005/07/01 11:34 AM 86 HSC.log
2005/07/01 11:28 AM 191 syntp.log
2005/07/01 11:28 AM 32 ticrdbus.log
2005/07/01 11:01 AM 211 boot.ini
2005/06/30 09:26 AM 32 CMapDriversSetup.log
2005/06/29 10:48 AM 0 IO.SYS
2005/06/29 10:48 AM 0 MSDOS.SYS
2005/06/29 10:48 AM 0 CONFIG.SYS
2005/06/29 10:48 AM 0 AUTOEXEC.BAT
2004/08/04 02:00 PM 47,564 NTDETECT.COM
2004/08/04 02:00 PM 250,032 ntldr
2004/08/04 02:00 PM 2 desktop.ini
2003/12/08 01:15 PM 28,672 hpqimgrc.resources.dll
2001/09/05 09:00 PM 1,700,352 gdiplus.dll
43 File(s) 1,332,812,892 bytes
0 Dir(s) 28,994,306,048 bytes free
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\WINDOWS
2006/07/25 09:49 AM 1,334,151 WindowsUpdate.log
2006/07/25 09:44 AM 0 0.log
2006/07/25 09:43 AM 159 wiadebug.log
2006/07/25 09:43 AM 50 wiaservc.log
2006/07/25 09:43 AM 2,048 bootstat.dat
2006/07/25 09:42 AM 32,602 SchedLgU.Txt
2006/07/25 09:20 AM 150,100 setupact.log
2006/07/25 09:20 AM 804,955 setupapi.log
2006/07/25 09:16 AM 4,531 KB911280.log
2006/07/25 09:16 AM 4,449 KB917159.log
2006/07/25 09:16 AM 4,365 KB918439.log
2006/07/25 09:16 AM 4,285 KB914388.log
2006/07/25 09:16 AM 4,580 KB917344.log
2006/07/25 09:16 AM 4,116 KB917953.log
2006/07/25 09:16 AM 4,176 KB916595.log
2006/07/25 09:16 AM 4,347 KB916281.log
2006/07/25 09:16 AM 4,019 KB914389.log
2006/07/06 01:18 PM 1,245 souser.ini
2006/07/06 01:08 PM 49 SoIds.ini
2006/06/30 12:21 PM 44,519 wmsetup.log
2006/06/29 09:23 AM 739 STImgBrowser.INI
2006/06/07 03:39 PM 477 ODBC.INI
2006/06/07 03:38 PM 1,224 win.ini
2006/06/06 04:19 PM 455,543 iis6.log
2006/06/06 04:19 PM 84,561 ntdtcsetup.log
2006/06/06 04:19 PM 177,071 tsoc.log
2006/06/06 04:19 PM 137,115 comsetup.log
2006/06/06 04:19 PM 18,710 tabletoc.log
2006/06/06 04:19 PM 20,834 ocmsn.log
2006/06/06 04:19 PM 1,891 imsins.log
2006/06/06 04:19 PM 26,668 MedCtrOC.log
2006/06/06 04:19 PM 65,534 netfxocm.log
2006/06/06 04:19 PM 195,170 ocgen.log
2006/06/06 04:19 PM 19,083 msgsocm.log
2006/06/06 04:19 PM 363,847 FaxSetup.log
2006/06/06 04:18 PM 121,896 msmqinst.log
2006/06/05 05:01 PM 1,891 imsins.BAK
2006/06/05 04:56 PM 8,930 ModemLog_Agere Systems AC'97 Modem.txt
2006/05/16 08:05 AM 13,164 KB913580.log
2006/05/16 08:05 AM 22,693 updspapi.log
2006/05/11 04:59 PM 719,133 DtcInstall.log
ECHO.BAT
10)DPF????
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Bitte helft mir!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Habe Cleanup451 und folgende Logs gemacht:
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 09:39:41 AM, on 2006/07/25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\FONTS\FEC30.com
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\hp\Desktop\Spy\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saf-achsen.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [TempCom] C:\WINDOWS\FONTS\FEC30.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save page in SuperOffice - res://C:\PROGRA~1\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Program Files\SuperOffice\SoIeExtensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Datfind-Log
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\WINDOWS\system32
2006/07/25 09:24 AM 5,024 stdole3.tlb
2006/07/25 09:15 AM 402,294 perfh009.dat
2006/07/25 09:15 AM 61,804 perfc009.dat
2006/07/25 09:15 AM 469,538 PerfStringBackup.INI
2006/07/24 03:13 PM 2,206 wpa.dbl
2006/07/03 08:24 AM 6,617 jupdate-1.5.0_06-b05.log
2006/06/08 04:14 PM 23 fwlog.txt
2006/06/08 11:41 AM 30,208 hp100.tmp
2006/06/08 11:41 AM 34,317 ld101.tmp
2006/06/07 03:45 PM 224,024 FNTCACHE.DAT
2006/05/03 09:26 PM 5,818,784 MRT.exe
2006/03/30 11:16 AM 1,492,480 shdocvw.dll
2006/03/30 03:00 AM 16,384 xpsp3res.dll
2006/03/23 10:32 PM 3,053,568 mshtml.dll
2006/03/18 01:09 PM 613,376 urlmon.dll
2006/03/17 11:07 AM 679,424 inetcomm.dll
2006/03/17 06:03 AM 8,452,096 shell32.dll
2006/03/17 02:38 AM 28,672 verclsid.exe
2006/03/10 06:09 AM 5,533,696 wmp.dll
2006/03/04 05:33 AM 658,432 wininet.dll
2006/03/04 05:33 AM 474,112 shlwapi.dll
2006/03/04 05:33 AM 146,432 msrating.dll
2006/03/04 05:33 AM 39,424 pngfilt.dll
2006/03/04 05:33 AM 448,512 mshtmled.dll
2006/03/04 05:33 AM 532,480 mstime.dll
2006/03/04 05:33 AM 205,312 dxtrans.dll
2006/03/04 05:33 AM 251,392 iepeers.dll
2006/03/04 05:33 AM 96,256 inseng.dll
2006/03/04 05:33 AM 55,808 extmgr.dll
2006/03/04 05:33 AM 1,054,208 danim.dll
2006/03/04 05:33 AM 151,040 cdfview.dll
2006/03/04 05:33 AM 1,022,976 browseui.dll
2006/03/01 09:42 PM 426,496 msdtcprx.dll
2006/03/01 09:42 PM 11,776 xolehlp.dll
2006/03/01 09:42 PM 161,280 msdtcuiu.dll
2006/03/01 09:42 PM 956,416 msdtctm.dll
2006/03/01 09:42 PM 66,560 mtxclu.dll
2006/03/01 09:42 PM 91,136 mtxoci.
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\DOCUME~1\hp\LOCALS~1\Temp
2006/07/25 09:54 AM 79,851 jusched.log
2006/07/25 09:51 AM 81,920 ~DF343C.tmp
2006/07/25 09:44 AM 16,384 ~DF2994.tmp
2006/07/25 09:44 AM 16,384 ~DF8D0A.tmp
2006/07/25 09:44 AM 16,384 ~DF77D4.tmp
2006/07/25 09:42 AM 3,962 NBU8C.tmp
2006/07/25 09:40 AM 16,384 ~DF6560.tmp
2006/07/25 09:40 AM 16,384 ~DF5850.tmp
2006/07/25 09:21 AM 0 jupdate1.5.0.xml
2006/07/25 09:12 AM 81,920 ~DF45E0.tmp
2006/07/25 09:11 AM 16,384 ~DFB55B.tmp
2006/07/25 09:11 AM 16,384 ~DFA8EF.tmp
2006/07/24 04:20 PM 3,962 NBU51.tmp
2006/07/24 04:19 PM 16,384 ~DF5E33.tmp
2006/07/24 04:19 PM 16,384 ~DF57B0.tmp
2006/07/24 04:19 PM 16,384 ~DF5081.tmp
2006/07/24 04:17 PM 16,384 ~DFEE2.tmp
2006/07/24 04:17 PM 16,384 ~DFF4C5.tmp
2006/07/24 04:17 PM 16,384 ~DFED10.tmp
edit (Nikita)
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\
2006/07/25 09:49 AM 0 sys.txt
2006/07/25 09:49 AM 9,569 system.txt
2006/07/25 09:47 AM 68,370 systemtemp.txt
2006/07/25 09:46 AM 83 DirDPF.txt
2006/07/25 09:46 AM 2 DirDPFCns.txt
2006/07/25 09:45 AM 123,178 system32.txt
2006/07/25 09:44 AM 37 net.txt
2006/07/25 09:43 AM 527,880,192 hiberfil.sys
2006/07/25 09:43 AM 792,723,456 pagefile.sys
2006/07/19 12:47 PM 937 NetHood.htm
2006/07/19 12:47 PM 937 folder.htt
2006/07/03 01:07 PM 1,424 SoArcPlugin.log
2006/06/27 08:23 AM 127 MailArchiveHelper.log
2006/06/21 02:15 PM 782 SOOutlMailLink.log
2006/06/08 04:07 PM 6,312 avenger.txt
2005/09/16 07:45 PM 57,344 WINDOWS.EXE
2005/09/16 07:45 PM 57,344 Ghost.bat
2005/08/01 12:51 PM 6,613,041 SAFMODUL_GB.pdf
2005/07/26 09:13 AM 18 ddtemp011200.ini
2005/07/19 05:25 PM 192 BcBtRmv.log
2005/07/12 09:42 AM 71 info.dat
2005/07/12 09:42 AM 105 getinfo.bat
2005/07/07 11:31 AM 1,185 _Sid.txt
2005/07/01 11:45 AM 3,219,486 DNSP1.LOG
2005/07/01 11:43 AM 90 chpst.log
2005/07/01 11:42 AM 163 setup.log
2005/07/01 11:39 AM 20,912 sunjava.log
2005/07/01 11:38 AM 161 sedinst.log
2005/07/01 11:38 AM 200 sedinst2.log
2005/07/01 11:34 AM 86 HSC.log
2005/07/01 11:28 AM 191 syntp.log
2005/07/01 11:28 AM 32 ticrdbus.log
2005/07/01 11:01 AM 211 boot.ini
2005/06/30 09:26 AM 32 CMapDriversSetup.log
2005/06/29 10:48 AM 0 IO.SYS
2005/06/29 10:48 AM 0 MSDOS.SYS
2005/06/29 10:48 AM 0 CONFIG.SYS
2005/06/29 10:48 AM 0 AUTOEXEC.BAT
2004/08/04 02:00 PM 47,564 NTDETECT.COM
2004/08/04 02:00 PM 250,032 ntldr
2004/08/04 02:00 PM 2 desktop.ini
2003/12/08 01:15 PM 28,672 hpqimgrc.resources.dll
2001/09/05 09:00 PM 1,700,352 gdiplus.dll
43 File(s) 1,332,812,892 bytes
0 Dir(s) 28,994,306,048 bytes free
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\WINDOWS
2006/07/25 09:49 AM 1,334,151 WindowsUpdate.log
2006/07/25 09:44 AM 0 0.log
2006/07/25 09:43 AM 159 wiadebug.log
2006/07/25 09:43 AM 50 wiaservc.log
2006/07/25 09:43 AM 2,048 bootstat.dat
2006/07/25 09:42 AM 32,602 SchedLgU.Txt
2006/07/25 09:20 AM 150,100 setupact.log
2006/07/25 09:20 AM 804,955 setupapi.log
2006/07/25 09:16 AM 4,531 KB911280.log
2006/07/25 09:16 AM 4,449 KB917159.log
2006/07/25 09:16 AM 4,365 KB918439.log
2006/07/25 09:16 AM 4,285 KB914388.log
2006/07/25 09:16 AM 4,580 KB917344.log
2006/07/25 09:16 AM 4,116 KB917953.log
2006/07/25 09:16 AM 4,176 KB916595.log
2006/07/25 09:16 AM 4,347 KB916281.log
2006/07/25 09:16 AM 4,019 KB914389.log
2006/07/06 01:18 PM 1,245 souser.ini
2006/07/06 01:08 PM 49 SoIds.ini
2006/06/30 12:21 PM 44,519 wmsetup.log
2006/06/29 09:23 AM 739 STImgBrowser.INI
2006/06/07 03:39 PM 477 ODBC.INI
2006/06/07 03:38 PM 1,224 win.ini
2006/06/06 04:19 PM 455,543 iis6.log
2006/06/06 04:19 PM 84,561 ntdtcsetup.log
2006/06/06 04:19 PM 177,071 tsoc.log
2006/06/06 04:19 PM 137,115 comsetup.log
2006/06/06 04:19 PM 18,710 tabletoc.log
2006/06/06 04:19 PM 20,834 ocmsn.log
2006/06/06 04:19 PM 1,891 imsins.log
2006/06/06 04:19 PM 26,668 MedCtrOC.log
2006/06/06 04:19 PM 65,534 netfxocm.log
2006/06/06 04:19 PM 195,170 ocgen.log
2006/06/06 04:19 PM 19,083 msgsocm.log
2006/06/06 04:19 PM 363,847 FaxSetup.log
2006/06/06 04:18 PM 121,896 msmqinst.log
2006/06/05 05:01 PM 1,891 imsins.BAK
2006/06/05 04:56 PM 8,930 ModemLog_Agere Systems AC'97 Modem.txt
2006/05/16 08:05 AM 13,164 KB913580.log
2006/05/16 08:05 AM 22,693 updspapi.log
2006/05/11 04:59 PM 719,133 DtcInstall.log
ECHO.BAT
10)DPF????
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Bitte helft mir!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- sniperhardy
- Beiträge: 29
- Registriert: 20.04.2006, 14:33
von Nikita am 25.07.2006, 12:43
Cleanup anwenden (noch einmal)
http://virus-protect.org/cleanup.html
-------------
1.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen
2.
arbeite smitfraudfix ab (Option 1 und 2 - lasse auch die registry mitreinigen)
http://virus-protect.org/artikel/tools/ ... utfix.html
und poste hier beide logs
3.
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html
C:\WINDOWS\FONTS\FEC30.com
poste den bericht
http://virus-protect.org/cleanup.html
-------------
1.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen
2.
arbeite smitfraudfix ab (Option 1 und 2 - lasse auch die registry mitreinigen)
http://virus-protect.org/artikel/tools/ ... utfix.html
und poste hier beide logs
3.
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html
C:\WINDOWS\FONTS\FEC30.com
poste den bericht
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
Smitfraud
von sniperhardy am 27.07.2006, 15:43
Hab den PC jetzt vollständig sauber. Smitfraud im abgesicherten Modus hat schon geholfen.
Hab jetzt nochmal sämtliche Scanner aktualisiert und drüberlaufen lassen. --- Clean!!!
Hab jetzt auch noch den Windows-Defender installiert, XP-Updates nachgezogen und Antivirus installiert.
Danke für die Hilfe.
(Werde jetzt noch ein topic im Softwarebereich eröffnen, weil ich noch einen kleinen Scriptfehler im Outlook hab.)
Hab jetzt nochmal sämtliche Scanner aktualisiert und drüberlaufen lassen. --- Clean!!!
Hab jetzt auch noch den Windows-Defender installiert, XP-Updates nachgezogen und Antivirus installiert.
Danke für die Hilfe.
(Werde jetzt noch ein topic im Softwarebereich eröffnen, weil ich noch einen kleinen Scriptfehler im Outlook hab.)
- sniperhardy
- Beiträge: 29
- Registriert: 20.04.2006, 14:33
3 Beiträge • Seite 1 von 1
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste