felixiplayer

Hi Leute!
Hab grad ein richtiges Problem.Ich muss mir irgendwie glaub ich was eingefangen haben gestern.Ich hab einige Dats zum Hacken geladen.Die ich aber nicht einmal geöffnet habe.
Es ist so das wenn ich den Rechner hochfahre immer mehr Symbole nur weiss sind und die Programme nicht mehr gefunden werden.Aber auf der Festplatte sind die Dateien(zb tune up) noch.Iregndwas stimmt nicht.Nach jedem start werdens mehr.
oh man bitte helft mir ;( ;( ;(

Humdinger

Hallo

Erstelle und poste bitte einen
HijackThis log

felixiplayer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:23, on 05.02.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{08421BE4-EBBD-4492-972E-2A9A013E14A7}: NameServer = 217.237.151.51 217.237.149.205
O17 - HKLM\System\CS1\Services\Tcpip\..\{08421BE4-EBBD-4492-972E-2A9A013E14A7}: NameServer = 217.237.151.51 217.237.149.205
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Windows\
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 7856 bytes


das ist es doch oder?

Humdinger

Hallo

Du solltest dein System überprüfen.

Bitte arbeite diese
>>>Anleitung<<<
ab und poste wie angegeben die Reporte

(Den unteren Teil für Vista User bitte)

felixiplayer

Tja da gibts jetzt ein Problem.
Ich hab grad nur ne isdn anbindung.Leider bin ich nicht an dem rechner wo ich dsl 16000 hab.Und dieses Programm was man downloaden soll hat 74 mb.Dauert bissl lange bei 7kb/s

Humdinger

Nun das wirklich schade.

Dann führe Punkt 1 und Punkt 4 aus. Poste den Report von Punkt 4

und:

ComboFix
Beende nun dein Antiviren- & Antispywareprogramm
Doppelklicken auf: combofix.exe
Gib eine 1 ein, um den Scan zu starten, wenn du danach gefragt wirst.
Die Datenträgerbereinigung abwarten (bis ca. 20 Min/ Neustart kann erfolgen)

felixiplayer

wenn ich vist scan starte kommt taste 1 drücken und mit enter bestätigen.passiert bei mir aber nichts

felixiplayer

von punkt4
Die 30 neuesten Dateien im Ordner Windows:

***** ***** ***** ***** *****
***** Scanning C:\Windows *****
***** ***** ***** ***** *****

05.02.2008 bootstat.dat 09 33:67.584
05.02.2008 WindowsUpdate.log 09 31:1.086.745
04.02.2008 setuperr.log 21 22:0
04.02.2008 setupact.log 21 22:0
30.01.2008 win.ini 20 57:219
21.01.2008 twunk_32.728 18 28:69.632
21.01.2008 twunk_16.728 18 28:48.560
18.12.2007 WindowsShell.Manifest 14 23:749
17.12.2007 explorer.exe 15 51:2.923.520
18.09.2007 hpqins13.dat 12 27:114.973
18.09.2007 DIFxAPI.dll 12 23:319.456
18.09.2007 HideWin.exe 12 23:315.392
18.09.2007 HCWPNP.INI 12 22:3.758
18.09.2007 csup.txt 12 14:12
06.07.2007 RtHDVCpl.exe 12 06:4.669.440
07.02.2007 WMPrfDeu.prx 17 57:33.820
16.01.2007 RtlUpd.exe 11 39:1.191.936
12.01.2007 RtlExUpd.dll 17 54:520.192
02.11.2006 WMSysPr9.prx 13 35:316.640
02.11.2006 twunk_16.exe 13 34:49.680
02.11.2006 twunk_32.exe 13 34:31.232
02.11.2006 twain_32.dll 13 34:50.688
02.11.2006 twain.dll 13 34:94.784
02.11.2006 notepad.exe 13 34:151.040
02.11.2006 winhlp32.exe 10 45:9.216
02.11.2006 regedit.exe 10 45:134.656
02.11.2006 HelpPane.exe 10 45:497.152


Die 50 neuesten Dateien im Ordner Windows\system32:

***** ***** ***** ***** *****
***** Scanning C:\Windows\system32 *****
***** ***** ***** ***** *****

05.02.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 09 33:3.584
05.02.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 09 33:3.584
05.02.2008 perfh009.dat 08 26:618.272
05.02.2008 perfc009.dat 08 26:107.416
05.02.2008 perfc007.dat 08 26:120.908
05.02.2008 perfh007.dat 08 26:651.112
05.02.2008 PerfStringBackup.INI 08 26:1.488.910
01.02.2008 KGyGaAvL.sys 19 56:3.140
01.02.2008 9F2DBE31A7.sys 19 56:88
31.01.2008 TuneUpDefragService.exe 20 25:306.432
31.01.2008 FNTCACHE.DAT 18 23:1.782.072
27.01.2008 PnkBstrB.exe 09 38:103.736
27.01.2008 CmdLineExt.dll 09 13:107.888
12.01.2008 PnkBstrA.exe 10 29:66.872
12.01.2008 pbsvc.exe 10 29:669.184
09.01.2008 initdebug.nfo 14 13:45
08.01.2008 netcfg.exe 22 41:24.064
08.01.2008 tcpipcfg.dll 22 41:167.424
08.01.2008 netiougc.exe 22 41:22.016
08.01.2008 GameUXLegacyGDFs.dll 22 40:4.247.552
08.01.2008 gameux.dll 22 40:1.686.016
08.01.2008 sbunattend.exe 22 40:11.776
02.01.2008 mrt.exe 19 21:17.642.616
24.12.2007 gdiplus.dll 14 01:1.700.352
18.12.2007 cdd.dll 17 49:36.864
18.12.2007 RacUR.xml 16 45:8.888
18.12.2007 RacUREx.xml 16 45:150
17.12.2007 riched20.dll 15 51:467.456
17.12.2007 riched32.dll 15 51:8.192
17.12.2007 kmddsp.tsp 15 51:38.400
17.12.2007 rasser.dll 15 51:22.016
17.12.2007 rascfg.dll 15 51:77.824
17.12.2007 rasdiag.dll 15 51:52.736
17.12.2007 ndptsp.tsp 15 51:49.664
17.12.2007 rasctrnm.h 15 51:1.820
17.12.2007 rasmxs.dll 15 51:32.768
17.12.2007 netcfgx.dll 15 51:384.000
17.12.2007 msftedit.dll 15 51:564.736
17.12.2007 icsunattend.exe 15 51:13.824
17.12.2007 ipnathlp.dll 15 51:286.208
17.12.2007 wshqos.dll 15 51:13.824
17.12.2007 traffic.dll 15 51:33.280
17.12.2007 pacerprf.dll 15 51:15.360
17.12.2007 localspl.dll 15 51:694.784
17.12.2007 dps.dll 15 51:134.656
17.12.2007 PhotoScreensaver.scr 15 51:704.000
17.12.2007 wtsapi32.dll 15 51:24.064


***** ***** ***** ***** *****
***** Scanning C:\Windows\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost



***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****


Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 28 K
System 4 Services 0 13.472 K
smss.exe 504 Services 0 784 K
csrss.exe 576 Services 0 5.108 K
wininit.exe 640 Services 0 3.908 K
csrss.exe 652 Console 1 8.952 K
services.exe 684 Services 0 5.496 K
lsass.exe 696 Services 0 7.612 K
lsm.exe 708 Services 0 4.000 K
svchost.exe 852 Services 0 6.380 K
svchost.exe 912 Services 0 6.232 K
svchost.exe 968 Services 0 24.660 K
svchost.exe 996 Services 0 10.088 K
svchost.exe 1028 Services 0 66.840 K
svchost.exe 1040 Services 0 26.676 K
winlogon.exe 1108 Console 1 5.724 K
audiodg.exe 1172 Services 0 18.776 K
SLsvc.exe 1200 Services 0 9.376 K
svchost.exe 1252 Services 0 12.092 K
svchost.exe 1364 Services 0 14.020 K
spoolsv.exe 1564 Services 0 10.116 K
avguard.exe 1588 Services 0 17.160 K
svchost.exe 1604 Services 0 16.552 K
dwm.exe 568 Console 1 54.220 K
taskeng.exe 976 Console 1 10.704 K
explorer.exe 1236 Console 1 38.436 K
sched.exe 2200 Services 0 832 K
DQLWinService.exe 2252 Services 0 3.172 K
HPBtnSrv.exe 2280 Services 0 5.732 K
LSSrvc.exe 2464 Services 0 3.852 K
PnkBstrA.exe 2496 Services 0 3.512 K
svchost.exe 2508 Services 0 4.744 K
PSIService.exe 2520 Services 0 3.612 K
StarWindService.exe 2604 Services 0 3.408 K
svchost.exe 2616 Services 0 6.504 K
svchost.exe 2648 Services 0 2.092 K
SearchIndexer.exe 2724 Services 0 18.832 K
WUDFHost.exe 2804 Services 0 5.848 K
taskeng.exe 3684 Services 0 5.828 K
MSASCui.exe 3760 Console 1 9.192 K
hpsysdrv.exe 3780 Console 1 2.704 K
KbdStub.exe 3832 Console 1 3.052 K
OSD.exe 3936 Console 1 3.448 K
RtHDVCpl.exe 3948 Console 1 8.288 K
HPHC_Scheduler.exe 3956 Console 1 12.312 K
schtasks.exe 3988 Console 1 4.184 K
hpwuSchd2.exe 4004 Console 1 3.040 K
avgnt.exe 4016 Console 1 1.332 K
rundll32.exe 2052 Console 1 6.776 K
rundll32.exe 2020 Console 1 4.828 K
sidebar.exe 516 Console 1 35.660 K
WmiPrvSE.exe 1988 Services 0 5.800 K
firefox.exe 3004 Console 1 37.892 K
SearchFilterHost.exe 1516 Services 0 7.584 K
WinRAR.exe 1964 Console 1 13.664 K
cmd.exe 3008 Console 1 3.124 K
conime.exe 2968 Console 1 3.452 K
tasklist.exe 168 Console 1 4.868 K
SearchProtocolHost.exe 1484 Services 0 6.968 K
WmiPrvSE.exe 1180 Services 0 5.908 K



Microsoft Windows [Version 6.0.6000]


http://www.paules-pc-forum.de
***** Malware Team *****


***** Ende des Scans 05.02.2008 um 9:36:15,38 ***

felixiplayer

wenn bei combofix in dem blauen fenster out of memory setht is das normal ?

Humdinger

Wurden auch MS Defender und Antivir vor dem ausführen von ComboFix beendet?