Seite 1 von 4 123 ... LetzteLetzte
Ergebnis 1 bis 10 von 34

Thema: Help me again

  1. #1
    Forenbenutzer
    Registriert seit
    29.11.2006
    Beiträge
    51

    Help me again

    Logfile of HijackThis v1.99.1
    Scan saved at 20:10:35, on 01-02-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programs\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programs\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Programs\Common Files\Symantec Shared\ccProxy.exe
    C:\Programs\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Programs\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Programs\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programs\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programs\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Programs\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\Programs\UPHClean\uphclean.exe
    C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\WINDOWS\system32\mmm.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Programs\Common Files\Symantec Shared\ccApp.exe
    C:\Programs\SYMANT~1\SYMANT~2\VPTray.exe
    C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Programs\Roxio\Media Experience\DMXLauncher.exe
    C:\Programs\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Programs\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Programs\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\Programs\Java\jre1.5.0_09\bin\jusched.exe
    C:\Programs\Common Files\InstallShield\UpdateService\issch.exe
    C:\Programs\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Programs\TomTom HOME\TomTomHOME.exe
    C:\Programs\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programs\TaskSwitchXP\TaskSwitchXP.exe
    C:\Programs\AlfaClock\AlfaClock.exe
    C:\Programs\Microsoft ActiveSync\wcescomm.exe
    C:\Programs\TuneUp Utilities 2007\MemOptimizer.exe
    C:\Programs\MI3AA1~1\rapimgr.exe
    C:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Programs\Microsoft ActiveSync\WCESMgr.exe
    C:\Programs\ATI Technologies\ATI.ACE\cli.exe
    C:\Programs\ATI Technologies\ATI.ACE\cli.exe
    C:\Programs\Microsoft Office\Office12\OUTLOOK.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Programs\Symantec Client Security\Symantec Client Firewall\ccEmFlSv.exe
    C:\Programs\Internet Explorer\iexplore.exe
    C:\Users\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programs\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programs\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programs\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [uberpackSoft] C:\WINDOWS\system32\mmm.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programs\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\Programs\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Programs\Roxio\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programs\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Programs\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programs\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programs\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programs\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programs\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programs\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [ATICCC] "C:\Programs\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Programs\TaskSwitchXP\TaskSwitchXP.exe
    O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Programs\AlfaClock\AlfaClock.exe" /startup
    O4 - HKCU\..\Run: [NBJ] "C:\Programs\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programs\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programs\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programs\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programs\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programs\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programs\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://eleicoes.cne.pt/cne2005/vector/mgaxctrl.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programs\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Programs\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programs\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programs\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programs\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programs\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programs\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Programs\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programs\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programs\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programs\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programs\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programs\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programs\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Programs\Symantec Client Security\Symantec Client Firewall\SymSPort.exe



    Thank you in advance

  2. #2
    Tammy
    Gast

    AW: Help me again

    Hello and "Welcome back" on HijackThis.de-Board, pjsgamma.

    We need to get a deeper insight into your system to be able to find out more about your machine.


    STEP 1
    Please rename Hijackthis.exe in HJT1991.exe.
    We need to rename it, because of malware which attacks HijackThis and hides from it.
    Remember that Hijackthis must be run in an own folder. Only if Hijackthis runs in an own folder it will create backups!
    Please run HJT1991.exe and let it scan. Save the fresh HJT logfile and post it.



    STEP 2
    Make sure you set windows to see the hidden files and folders.


    STEP 3
    1. Please load down the filelist.zip
      (FAQ) to your desktop.
    2. Unzip this file to your desktop (free Zip-Tools)
    3. Restart your system
    4. Doubleclick onto the filelist.bat to run it
    5. Your editor program will open
    6. Highlight the content, chose copy & paste it to your following posting
    7. Please note: we only need the last 30 days of every directory of this file

    • Many Thanks to the Moderator Karl83 for creating this new tool.

    • Directory of C:\
    • Directory of C:\WINDOWS\system
    • Directory of C:\WINDOWS\system32
    • Directory of C:\WINDOWS
    • Directory of C:\WINDOWS\Prefetch
    • Directory of C:\WINDOWS\tasks
    • Directory of C:\WINDOWS\Temp
    • Directory of C:\DOCUME~1\Name\LOCALS~1\Temp



    -Also please follow this two links:
    VirusTotal
    Jotti
    -check this file:
    C:\WINDOWS\system32\mmm.exe
    -and make us see the results.

    Regards,
    Tam

  3. #3
    Forenbenutzer
    Registriert seit
    29.11.2006
    Beiträge
    51

    Re: Help me again

    Hello, here is the HJT


    Logfile of HijackThis v1.99.1
    Scan saved at 14:20:30, on 02-02-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programs\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programs\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Programs\Common Files\Symantec Shared\ccProxy.exe
    C:\Programs\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Programs\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Programs\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programs\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programs\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Programs\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\Programs\UPHClean\uphclean.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\WINDOWS\system32\mmm.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Programs\Common Files\Symantec Shared\ccApp.exe
    C:\Programs\SYMANT~1\SYMANT~2\VPTray.exe
    C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Programs\Roxio\Media Experience\DMXLauncher.exe
    C:\Programs\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Programs\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Programs\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\Programs\Java\jre1.5.0_09\bin\jusched.exe
    C:\Programs\Common Files\InstallShield\UpdateService\issch.exe
    C:\Programs\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Programs\TomTom HOME\TomTomHOME.exe
    C:\Programs\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programs\TaskSwitchXP\TaskSwitchXP.exe
    C:\Programs\AlfaClock\AlfaClock.exe
    C:\Programs\Microsoft ActiveSync\wcescomm.exe
    C:\Programs\TuneUp Utilities 2007\MemOptimizer.exe
    C:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Programs\MI3AA1~1\rapimgr.exe
    C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Programs\ATI Technologies\ATI.ACE\cli.exe
    C:\Programs\ATI Technologies\ATI.ACE\cli.exe
    C:\Programs\Internet Explorer\iexplore.exe
    C:\Users\Administrator\Desktop\hijack\HJT1991.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programs\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programs\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programs\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [uberpackSoft] C:\WINDOWS\system32\mmm.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programs\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\Programs\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Programs\Roxio\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programs\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Programs\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programs\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programs\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programs\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programs\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programs\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [ATICCC] "C:\Programs\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Programs\TaskSwitchXP\TaskSwitchXP.exe
    O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Programs\AlfaClock\AlfaClock.exe" /startup
    O4 - HKCU\..\Run: [NBJ] "C:\Programs\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programs\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programs\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programs\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programs\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programs\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programs\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://eleicoes.cne.pt/cne2005/vector/mgaxctrl.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programs\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Programs\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programs\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programs\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programs\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programs\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programs\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Programs\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programs\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programs\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programs\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programs\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programs\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programs\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programs\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programs\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Programs\Symantec Client Security\Symantec Client Firewall\SymSPort.exe



    Thanks

  4. #4
    Tammy
    Gast

    AW: Re: Help me again

    Zitat Zitat von pjsgamma Beitrag anzeigen
    Hello, here is the HJT
    Thank you, pjsgamma,
    but what`s about the rest of the information
    i was askin` for?

    Please follow this two links:
    Virustotal
    Jotti
    -check this files:
    C:\WINDOWS\system32\mmm.exe
    C:\WINDOWS\system\smss.exe /w

    -and make us see the results.

    Also i`m missing the files from the Filelist.bat...

    Regards
    Tammy

  5. #5
    Forenbenutzer
    Registriert seit
    29.11.2006
    Beiträge
    51

    Re: Help me again

    Hello Tammy,

    Sorry about the delay

    Next, filelist
    Angehängte Dateien Angehängte Dateien

  6. #6
    Forenbenutzer
    Registriert seit
    29.11.2006
    Beiträge
    51

    Re: Help me again

    Now, Virustotal

    Complete scanning result of "mmm.exe", received in VirusTotal at 02.02.2007, 19:02:01 (CET).

    Antivirus Version Update Result
    AntiVir 7.3.1.34 02.02.2007 no virus found
    Authentium 4.93.8 02.02.2007 no virus found
    Avast 4.7.936.0 02.01.2007 no virus found
    AVG 386 02.02.2007 no virus found
    BitDefender 7.2 02.02.2007 no virus found
    CAT-QuickHeal 9.00 02.02.2007 no virus found
    ClamAV devel-20060426 02.02.2007 no virus found
    DrWeb 4.33 02.02.2007 no virus found
    eSafe 7.0.14.0 02.02.2007 no virus found
    eTrust-InoculateIT 30.4.3364 02.02.2007 no virus found
    eTrust-Vet 30.4.3364 02.02.2007 no virus found
    Ewido 4.0 02.02.2007 no virus found
    Fortinet 2.85.0.0 02.02.2007 no virus found
    F-Prot 4.2.1.29 02.01.2007 no virus found
    Ikarus T3.1.0.31 02.02.2007 no virus found
    Kaspersky 4.0.2.24 02.02.2007 no virus found
    McAfee 4955 02.02.2007 no virus found
    Microsoft 1.2101 02.02.2007 no virus found
    NOD32v2 2030 02.02.2007 no virus found
    Norman 5.80.02 02.02.2007 no virus found
    Panda 9.0.0.4 02.02.2007 no virus found
    Prevx1 V2 02.02.2007 no virus found
    Sophos 4.13.0 02.02.2007 no virus found
    Sunbelt 2.2.907.0 02.01.2007 VIPRE.Suspicious
    Symantec 10 02.02.2007 no virus found
    TheHacker 6.0.3.162 02.02.2007 no virus found
    UNA 1.83 02.01.2007 no virus found
    VBA32 3.11.2 02.02.2007 no virus found
    VirusBuster 4.3.19:9 02.02.2007 no virus found


    Aditional Information
    File size: 828416 bytes
    MD5: c464fee5a2ffe71e9a25d8ebe3d43ac4
    SHA1: cbd0ae8d981bbfd2a0b4f75af2ec1761c4ef5a73
    packers: Aspack
    Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

  7. #7
    Forenbenutzer
    Registriert seit
    29.11.2006
    Beiträge
    51

    Re: Help me again

    And Jotti

    Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
    Warning: you seem to have javascript disabled. This is necessary for the display of results.
    File to upload & scan:
    Service
    Service load: 0% 100%

    File: mmm.exe
    Status: INCONCLUSIVE (scan still in progress)
    MD5 c464fee5a2ffe71e9a25d8ebe3d43ac4
    Packers detected: Analyzing...

    Scanner results
    Scan taken on 02 Feb 2007 17:59:55 (GMT)
    AntiVir Scanning, please wait...
    ArcaVir Scanning, please wait...
    Avast Scanning, please wait...
    AVG Antivirus Scanning, please wait...
    BitDefender Scanning, please wait...
    ClamAV Scanning, please wait...
    Dr.Web Scanning, please wait...
    F-Prot Antivirus Scanning, please wait...
    F-Secure Anti-Virus Scanning, please wait...
    Fortinet Scanning, please wait...
    Kaspersky Anti-Virus Scanning, please wait...
    NOD32 Scanning, please wait...
    Norman Virus Control Scanning, please wait...
    VirusBuster Scanning, please wait...
    VBA32 Scanning, please wait...

    Powered by

    Disclaimer
    This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

    Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

    Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

    Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

    Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

    Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!

    Statistics
    Last file scanned at least one scanner reported something about: msnsetup.exe (MD5: 00d3a97ede4f544205e4accc96ca810f), detected by:

    Scanner Malware name
    AntiVir WORM/Spybot.66560.3
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender BehavesLike:Win32.Malware
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    F-Secure Anti-Virus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 probably a variant of Win32/MSNMaker
    Norman Virus Control Sandbox: W32/FileInfector
    VirusBuster X
    VBA32 X


    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
    We are not affiliated with any third parties that conduct tests using this service.





    Frequently asked questions - Feedback - Privacy policy



    Page generated by JTPL

    Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org>

  8. #8
    Forenbenutzer
    Registriert seit
    29.11.2006
    Beiträge
    51

    Re: Help me again

    The Jotti of smss.ex is this,

    The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

  9. #9
    Forenbenutzer
    Registriert seit
    29.11.2006
    Beiträge
    51

    Re: Help me again

    And Virustotal result for the same smss


    Complete scanning result of "w", received in VirusTotal at 02.02.2007, 19:10:36 (CET).

    Antivirus Version Update Result
    AntiVir 7.3.1.34 02.02.2007 no virus found
    Authentium 4.93.8 02.02.2007 no virus found
    Avast 4.7.936.0 02.01.2007 no virus found
    AVG 386 02.02.2007 no virus found
    BitDefender 7.2 02.02.2007 no virus found
    CAT-QuickHeal 9.00 02.02.2007 no virus found
    ClamAV devel-20060426 02.02.2007 no virus found
    DrWeb 4.33 02.02.2007 no virus found
    eSafe 7.0.14.0 02.02.2007 no virus found
    eTrust-InoculateIT 30.4.3364 02.02.2007 no virus found
    eTrust-Vet 30.4.3364 02.02.2007 no virus found
    Ewido 4.0 02.02.2007 no virus found
    Fortinet 2.85.0.0 02.02.2007 no virus found
    F-Prot 4.2.1.29 02.01.2007 no virus found
    Ikarus T3.1.0.31 02.02.2007 no virus found
    Kaspersky 4.0.2.24 02.02.2007 no virus found
    McAfee 4955 02.02.2007 no virus found
    Microsoft 1.2101 02.02.2007 no virus found
    NOD32v2 2030 02.02.2007 no virus found
    Norman 5.80.02 02.02.2007 no virus found
    Panda 9.0.0.4 02.02.2007 no virus found
    Prevx1 V2 02.02.2007 no virus found
    Sophos 4.13.0 02.02.2007 no virus found
    Sunbelt 2.2.907.0 02.01.2007 no virus found
    Symantec 10 02.02.2007 no virus found
    TheHacker 6.0.3.162 02.02.2007 no virus found
    UNA 1.83 02.01.2007 no virus found
    VBA32 3.11.2 02.02.2007 no virus found
    VirusBuster 4.3.19:9 02.02.2007 no virus found


    Aditional Information
    File size: 0 bytes
    MD5: d41d8cd98f00b204e9800998ecf8427e
    SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

  10. #10
    Tammy
    Gast

    AW: Help me again

    Hi pjsgamma,

    what did you upload?
    "Complete scanning result of "w", received in..."


    Ok. Please follow these instructions:
    • Please load down a Trial version of CounterSpy.
    • Update the program online.
    • Now turn off your computer and remove the network cable/phone line from your machine.
    • Reboot your computer into Safe Mode
    • Scan your system with CounterSpy in Safe Mode.
    • Let the program remove everything it finds:
    • Options > remove
    • - when the Scan is finished you can decide for:
    • Ignore
    • Remove
    • Quarantine
    • Please chose Remove and restart your system.
    • Save the logfile.
    • Repeat the scans until nothing more will be found and
      restart your PC after every single scan.
    • -> Post every CounterSpy logfile, please.

    ...and a fresh HijackThis-logfile too.

    Regards,
    Tammy
    Geändert von Tammy (02.02.2007 um 20:27 Uhr)

Seite 1 von 4 123 ... LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •