- #1
R
Rebell1204
Neues Mitglied
Themenersteller
- Dabei seit
- 11.12.2005
- Beiträge
- 2
- Reaktionspunkte
- 0
Also heute Aben passierten ganz merkwürdige Dinge! Mein Rechner meinte mir sagen zu müssen das ich den SPYSHERIFF draufhabe, mein Hintergrundbild war blau mit einem schwarzen Kästchen in der Mitte wo drin stand das mein Sytem infiziert sei! Weiterhin soll ich wohl noch das Tool2.exe und das tool5.exe draufgehabt haben! Nachdem die Meldungen kamen habe ich ANTIVIR,Ad-Aware,Spybot,TuneUp,CW Shredder usw. drüber laufen lassen! Nun glaube ich zumindest das ich das Ding vernichtet habe! Bin mir aber nicht sicher ob es mir gelungen ist! Daher bitte ich euch mal meine LOGFILE von HIJACK This anzusehen oder mir weitere Tips zu geben was ich tun soll! Mein System neu aufzusetzen wäre nämlich sehr unpassend zum jetzigen Zeitpunkt!
Hier mal die LOG:
Logfile of HijackThis v1.99.1
Scan saved at 22:44:45, on 11.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\EXPLORER.EXE
H:\Hilfprogs\AntiVir\AVGUARD.EXE
H:\Hilfprogs\AntiVir\AVWUPSRV.EXE
H:\SAMSUNG\Blue\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\MsPMSPSv.exe
H:\Tuning u.Treiber\Logitech\MouseWare\system\em_exec.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
H:\HILFPROGS\FIREFOX\FIREFOX.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
H:\TRENDS~1\PCCGUIDE.EXE
H:\TRENDS~1\PCCTLCOM.EXE
H:\TRENDS~1\Tmntsrv.exe
H:\TRENDS~1\TmPfw.exe
H:\TRENDS~1\tmproxy.exe
C:\Dokumente und Einstellungen\Freshmaker\Desktop\HijackThis.exe
H:\INTERNET\ICQLITE\ICQLITE.EXE
H:\INTERNET\TS2\TEAMSPEAK.EXE
H:\HILFPROGS\XFIRE\XFIRE.EXE
C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.monstersgame.net/index.php?ac=raubzug
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Hilfprogs\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SICHER~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [pccguide.exe] H:\TrendSweciurte\pccguide.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Internet\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Senden an &Bluetooth - H:\SAMSUNG\Blue\btsendto_ie_ctx.htm
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - h:\hilfprogs\active\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\hilfprogs\active\INetRepl.dll
O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\hilfprogs\active\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Internet\ICQLite\ICQLite.exe
O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Internet\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\SAMSUNG\Blue\btsendto_ie.htm
O9 - Extra->Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\SAMSUNG\Blue\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095181472781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D3F3290-5FFE-4289-A452-CC3BC363086C}: NameServer = 195.71.86.133 193.189.244.205
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\Hilfprogs\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\Hilfprogs\AntiVir\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - H:\SAMSUNG\Blue\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - H:\TRENDS~1\PcCtlCom.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - H:\TRENDS~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - H:\TRENDS~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - H:\TRENDS~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - H:\Hilfprogs\TU06\WinStylerThemeSvc.exe
Was meint ihr dazu???
Hier mal die LOG:
Logfile of HijackThis v1.99.1
Scan saved at 22:44:45, on 11.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\EXPLORER.EXE
H:\Hilfprogs\AntiVir\AVGUARD.EXE
H:\Hilfprogs\AntiVir\AVWUPSRV.EXE
H:\SAMSUNG\Blue\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\MsPMSPSv.exe
H:\Tuning u.Treiber\Logitech\MouseWare\system\em_exec.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
H:\HILFPROGS\FIREFOX\FIREFOX.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
H:\TRENDS~1\PCCGUIDE.EXE
H:\TRENDS~1\PCCTLCOM.EXE
H:\TRENDS~1\Tmntsrv.exe
H:\TRENDS~1\TmPfw.exe
H:\TRENDS~1\tmproxy.exe
C:\Dokumente und Einstellungen\Freshmaker\Desktop\HijackThis.exe
H:\INTERNET\ICQLITE\ICQLITE.EXE
H:\INTERNET\TS2\TEAMSPEAK.EXE
H:\HILFPROGS\XFIRE\XFIRE.EXE
C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.monstersgame.net/index.php?ac=raubzug
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Hilfprogs\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SICHER~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [pccguide.exe] H:\TrendSweciurte\pccguide.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Internet\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Senden an &Bluetooth - H:\SAMSUNG\Blue\btsendto_ie_ctx.htm
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - h:\hilfprogs\active\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\hilfprogs\active\INetRepl.dll
O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\hilfprogs\active\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Internet\ICQLite\ICQLite.exe
O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Internet\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\SAMSUNG\Blue\btsendto_ie.htm
O9 - Extra->Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\SAMSUNG\Blue\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095181472781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D3F3290-5FFE-4289-A452-CC3BC363086C}: NameServer = 195.71.86.133 193.189.244.205
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\Hilfprogs\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\Hilfprogs\AntiVir\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - H:\SAMSUNG\Blue\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - H:\TRENDS~1\PcCtlCom.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - H:\TRENDS~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - H:\TRENDS~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - H:\TRENDS~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - H:\Hilfprogs\TU06\WinStylerThemeSvc.exe
Was meint ihr dazu???
