MasterMaxx
2006-10-18, 21:06:07
Hallo
hatte mir heute einen Codec für den MediaPlayer runtergeladen. Dieser war mit ihrgend einen Virus oder so verseucht (Nod32 zeigte dies an und löschte ihn)
Trotzdem popt alle 5 mins in der Taskabar ein hinweis feld auf das mein pc verseucht wäre. Wenn ich dann auf diesen button drücke öffnet sich der internet explorer und ich werde mit irgendwelchen komischen security sites verbunden wie zbsp: http://www.thesafebar.com/ oder http://antivirusgolden.com/?aid=1338.
Hab scho ad Aware und Nod32 durchlaufen lassen. Beide ham nix gefunden.
Hier mein Hijack Log:
Logfile of HijackThis v1.99.1
Scan saved at 20:57:16, on 18.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\VideoCompressionCodec\isamonitor.exe
C:\Program Files\VideoCompressionCodec\pmsngr.exe
F:\ProjectClix\Clix.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\VideoCompressionCodec\pmmon.exe
C:\Program Files\VideoCompressionCodec\isamini.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\TuneUp Utilities 2006\Integrator.exe
C:\Tools\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\ICQLite5\ICQLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Tools\FireFox\firefox.exe
C:\FREEDO~1\fdm.exe
C:\Tools\WinRAR\WinRAR.exe
C:\DOCUME~1\SIR_HA~1\LOCALS~1\Temp\Rar$EX01.062\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\VideoCompressionCodec\isaddon.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Tools\FlashFTP\IEFlash.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\ReGetDx\iebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Protection Bar - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - C:\Program Files\VideoCompressionCodec\iesplugin.dll
O4 - HKLM\..\Run: [ProjectClix] F:\ProjectClix\Clix.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\ICQLite5\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\ICQLite5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\ICQLite5\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118141555226
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118133429038
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16D6CA16-6686-453A-9A4E-0FCA69844D68}: NameServer = 217.237.151.115 217.237.150.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{16D6CA16-6686-453A-9A4E-0FCA69844D68}: NameServer = 217.237.151.115 217.237.150.33
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
hatte mir heute einen Codec für den MediaPlayer runtergeladen. Dieser war mit ihrgend einen Virus oder so verseucht (Nod32 zeigte dies an und löschte ihn)
Trotzdem popt alle 5 mins in der Taskabar ein hinweis feld auf das mein pc verseucht wäre. Wenn ich dann auf diesen button drücke öffnet sich der internet explorer und ich werde mit irgendwelchen komischen security sites verbunden wie zbsp: http://www.thesafebar.com/ oder http://antivirusgolden.com/?aid=1338.
Hab scho ad Aware und Nod32 durchlaufen lassen. Beide ham nix gefunden.
Hier mein Hijack Log:
Logfile of HijackThis v1.99.1
Scan saved at 20:57:16, on 18.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\VideoCompressionCodec\isamonitor.exe
C:\Program Files\VideoCompressionCodec\pmsngr.exe
F:\ProjectClix\Clix.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\VideoCompressionCodec\pmmon.exe
C:\Program Files\VideoCompressionCodec\isamini.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\TuneUp Utilities 2006\Integrator.exe
C:\Tools\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\ICQLite5\ICQLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Tools\FireFox\firefox.exe
C:\FREEDO~1\fdm.exe
C:\Tools\WinRAR\WinRAR.exe
C:\DOCUME~1\SIR_HA~1\LOCALS~1\Temp\Rar$EX01.062\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\VideoCompressionCodec\isaddon.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Tools\FlashFTP\IEFlash.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\ReGetDx\iebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Protection Bar - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - C:\Program Files\VideoCompressionCodec\iesplugin.dll
O4 - HKLM\..\Run: [ProjectClix] F:\ProjectClix\Clix.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\ICQLite5\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\ICQLite5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\ICQLite5\ICQLite.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118141555226
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118133429038
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16D6CA16-6686-453A-9A4E-0FCA69844D68}: NameServer = 217.237.151.115 217.237.150.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{16D6CA16-6686-453A-9A4E-0FCA69844D68}: NameServer = 217.237.151.115 217.237.150.33
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe