Bin mit Spyware "Home Search" infiziert - *verzweifelt* |
||
---|---|---|
#0
| ||
16.01.2005, 19:13
Ehrenmitglied
Beiträge: 29434 |
||
|
||
18.01.2005, 14:50
...neu hier
Beiträge: 4 |
#32
Habe jetzt auch diesen HomeSearch Mist
Wer kann mir helfen? Hier meine Log C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Cherry\CDI\CDI.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SCARDS32.EXE C:\WINDOWS\Explorer.EXE C:\Programme\HHVcdV6Sys\VC6SecS.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Marcus\Desktop\hijackthis199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\brmho.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\brmho.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\brmho.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\brmho.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\brmho.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\brmho.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\brmho.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7FFCC75E-5674-7B6F-24F8-13B92DA42ADF} - C:\WINDOWS\mssb.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [F4AE.tmp] C:\DOKUME~1\Marcus\LOKALE~1\Temp\F4AE.tmp.exe 5 10001 O4 - HKLM\..\Run: [crii.exe] C:\WINDOWS\system32\crii.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send to Keyman - C:\Programme\Cherry\keyman\IEMenuExtKeyman.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {C3FA9B85-D3BF-4185-BE4D-AD0E989B0DA2} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {C3FA9B85-D3BF-4185-BE4D-AD0E989B0DA2} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: (HKLM) O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100761380906 O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Programme\Cherry\CDI\CDI.exe O23 - Service: kavsvc - Kaspersky Labs - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PsShutdown - Unknown - C:\WINDOWS\System32\PSSDNSVC.EXE O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: CHIPDRIVE SCARD Service - Towitoko AG - C:\WINDOWS\SCARDS32.EXE O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Programme\HHVcdV6Sys\VC6SecS.exe O23 - Service: Network Security Service - Unknown - C:\WINDOWS\netpm.exe Für jede Hilfe bin ich dankbar |
|
|
||
18.01.2005, 15:30
...neu hier
Beiträge: 4 |
#33
habe jetzt mal alles gemacht was hijackthis.de mir empfohlen hat!
Ist jetzt wieder alles sauber? Logfile of HijackThis v1.99.0 Scan saved at 15:26:38, on 18.01.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Cherry\CDI\CDI.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SCARDS32.EXE C:\Programme\HHVcdV6Sys\VC6SecS.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Marcus\Desktop\hijackthis199\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100761380906 O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Programme\Cherry\CDI\CDI.exe O23 - Service: kavsvc - Kaspersky Labs - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: CHIPDRIVE SCARD Service - Towitoko AG - C:\WINDOWS\SCARDS32.EXE O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Programme\HHVcdV6Sys\VC6SecS.exe |
|
|
||
18.01.2005, 15:43
...neu hier
Beiträge: 3 |
#34
Hallo Sabina, lieben dank für die schnelle antwort und Idoit anweisung :-) genau das richtige für mich... :-))
gruß, sascha Logfile of HijackThis v1.99.0 Scan saved at 15:42:13, on 18.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\netim32.exe C:\WINDOWS\BCMSMMSG.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Dell\QuickSet\quickset.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\javake32.exe C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe C:\WINDOWS\System32\ctfmon.exe C:\Dokumente und Einstellungen\SaschaW\Anwendungsdaten\nfa?z.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\program files\InterMute\SpySubtract\SpySub.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\SaschaW\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {91D36B11-7557-849E-10CC-AF26257149A8} - C:\WINDOWS\sdkfe32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [48.tmp] C:\DOKUME~1\SaschaW\LOKALE~1\Temp\48.tmp.exe 4 10001 O4 - HKLM\..\Run: [javake32.exe] C:\WINDOWS\system32\javake32.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Iwaa] C:\Dokumente und Einstellungen\SaschaW\Anwendungsdaten\nfa?z.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpySubtract.lnk = C:\program files\InterMute\SpySubtract\SpySub.exe O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmeup.cc O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted IP range: 195.190.118.157 O15 - Trusted IP range: 195.190.118.157 (HKLM) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/190b1c3b5316bbd74305/netzip/RdxIE601_de.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{E4FD4E05-23E0-4927-BBE3-999D36AABA00}: NameServer = 192.168.0.1 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\atlrz32.exe (file missing) |
|
|
||
18.01.2005, 16:03
Ehrenmitglied
Beiträge: 29434 |
#35
Hallo@Saschaw
Gehe in die Registry Start<Ausfuehren< schreib rein : regedit die Registry oeffnet sich klicke durch zu den Schluesseln. [HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\ loeschen: {F0BC061F-DAF9-4533-8011-53BCB4C10307}] [HKEY_CLASSES_ROOT\CLSID\ loeschen: {F0BC061F-DAF9-4533-8011-53BCB4C10307} ------------------------------------------------------------------------------------ Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 (kannst du nach der Reinigung wieder aktivieren) KillBox http://www.bleepingcomputer.com/files/killbox.php Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als "fixme.reg" auf dem Desktop speichern. REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\½O.#ž‚„õØ´â] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\½O.#ž‚„õØ´â] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\½O.#ž‚„õØ´â] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\½O.#ž‚„õØ´â] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ICOO] [-HKEY_CLASSES_ROOT\CLSID\{91D36B11-7557-849E-10CC-AF26257149A8}] #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {91D36B11-7557-849E-10CC-AF26257149A8} - C:\WINDOWS\sdkfe32.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [48.tmp] C:\DOKUME~1\SaschaW\LOKALE~1\Temp\48.tmp.exe 4 10001 O4 - HKLM\..\Run: [javake32.exe] C:\WINDOWS\system32\javake32.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe O4 - HKCU\..\Run: [Iwaa] C:\Dokumente und Einstellungen\SaschaW\Anwendungsdaten\nfa?z.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmeup.cc O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted IP range: 195.190.118.157 O15 - Trusted IP range: 195.190.118.157 (HKLM) O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\atlrz32.exe (file missing) Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken. loeschen temporaere Dateien (loesche nur den Inhalt der Ordner, nicht die ordner selbst) C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\SaschaW\Lokale Einstellungen\Temp\ C:\Dokumente und Einstellungen\SaschaW\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat) Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k #C:\Windows\Downloaded Programm Files\ -->löschen oeffne die Killbox: <Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" c:\windows\downloaded program files\InstallationsAssistent.ocx C:\WINDOWS\sdkfe32.dll C:\WINDOWS\atlrz32.exe C:\WINDOWS\zdstp.dll/sp.html C:\WINDOWS\zdstp.dll C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll C:\DOKUME~1\SaschaW\LOKALE~1\Temp\48.tmp.exe C:\WINDOWS\system32\javake32.exe C:\WINDOWS\netim32.exe PC neustarten Computer in den abgesicherten Modus mache einen Komplettscann mit dem Antivirus (poste mir das log vom Scan) Gehe wieder in den Normalmodus #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 poste ebenfalls das Log von diesem Scann + das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 18.01.2005 um 16:27 Uhr von Sabina editiert.
|
|
|
||
18.01.2005, 16:34
Ehrenmitglied
Beiträge: 29434 |
#36
Hallo@marcus1211
Fixe mit dem HijackThis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank Neustarten #Ad-aware SE Personal 1.05 Updated--> scannen und neustarten http://fileforum.betanews.com/detail/965718306/1 poste das Log von diesem Scann + das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 18.01.2005 um 16:35 Uhr von Sabina editiert.
|
|
|
||
18.01.2005, 17:38
...neu hier
Beiträge: 4 |
#37
Ad-Aware SE Build 1.05
Logfile Created onienstag, 18. Januar 2005 17:23:41 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R25 11.01.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):39 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 18.01.2005 17:23:41 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 484 ThreadCreationTime : 18.01.2005 16:21:19 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 540 ThreadCreationTime : 18.01.2005 16:21:26 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 564 ThreadCreationTime : 18.01.2005 16:21:27 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 608 ThreadCreationTime : 18.01.2005 16:21:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 620 ThreadCreationTime : 18.01.2005 16:21:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 772 ThreadCreationTime : 18.01.2005 16:21:28 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 828 ThreadCreationTime : 18.01.2005 16:21:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 896 ThreadCreationTime : 18.01.2005 16:21:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [stylexpservice.exe] FilePath : C:\Programme\TGTSoft\StyleXP\ ProcessID : 924 ThreadCreationTime : 18.01.2005 16:21:29 BasePriority : Normal FileVersion : 0, 20, 0, 0 ProductVersion : 0, 20, 0, 0 ProductName : StyleXPService Module FileDescription : StyleXPService Module InternalName : StyleXPService LegalCopyright : Copyright 2001 OriginalFilename : StyleXPService.EXE #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 960 ThreadCreationTime : 18.01.2005 16:21:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1112 ThreadCreationTime : 18.01.2005 16:21:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1216 ThreadCreationTime : 18.01.2005 16:21:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [scardsvr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1264 ThreadCreationTime : 18.01.2005 16:21:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Smartcard-Ressourcenverwaltungsserver InternalName : SCardSvr.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : SCardSvr.exe #:14 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1472 ThreadCreationTime : 18.01.2005 16:21:38 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:15 [cdi.exe] FilePath : C:\Programme\Cherry\CDI\ ProcessID : 1564 ThreadCreationTime : 18.01.2005 16:21:39 BasePriority : Normal #:16 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1692 ThreadCreationTime : 18.01.2005 16:21:39 BasePriority : Normal FileVersion : 6.14.10.6177 ProductVersion : 6.14.10.6177 ProductName : NVIDIA Driver Helper Service, Version 61.77 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 61.77 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:17 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1756 ThreadCreationTime : 18.01.2005 16:21:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:18 [scards32.exe] FilePath : C:\WINDOWS\ ProcessID : 1804 ThreadCreationTime : 18.01.2005 16:21:40 BasePriority : Normal FileVersion : V2.14.33 ProductVersion : V2.14 ProductName : CHIPDRIVE IFD Drivers CompanyName : Towitoko AG FileDescription : SCARD 32-Bit 95/98-ServerProcess / NT-Service InternalName : SCARDS32 LegalCopyright : © 1998-2002, Towitoko AG OriginalFilename : SCARDS32.EXE #:19 [jusched.exe] FilePath : C:\Programme\Java\j2re1.4.2_04\bin\ ProcessID : 2000 ThreadCreationTime : 18.01.2005 16:21:43 BasePriority : Normal #:20 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2020 ThreadCreationTime : 18.01.2005 16:21:43 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:21 [vc6secs.exe] FilePath : C:\Programme\HHVcdV6Sys\ ProcessID : 168 ThreadCreationTime : 18.01.2005 16:21:44 BasePriority : Normal FileVersion : 6, 0, 0, 2 ProductVersion : 6, 0, 0, 0 ProductName : Virtual CD CompanyName : H+H Software GmbH FileDescription : Virtual CD - Management Service InternalName : VC6SecS LegalCopyright : Copyright © 2001 - 2003 by H+H Software GmbH OriginalFilename : VC6SecS.exe #:22 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 212 ThreadCreationTime : 18.01.2005 16:21:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:23 [anydvd.exe] FilePath : C:\Programme\SlySoft\AnyDVD\ ProcessID : 260 ThreadCreationTime : 18.01.2005 16:21:45 BasePriority : Normal #:24 [realsched.exe] FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\ ProcessID : 288 ThreadCreationTime : 18.01.2005 16:21:45 BasePriority : Normal FileVersion : 0.1.0.3034 ProductVersion : 0.1.0.3034 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:25 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 304 ThreadCreationTime : 18.01.2005 16:21:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:26 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 328 ThreadCreationTime : 18.01.2005 16:21:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:27 [wincinemamgr.exe] FilePath : C:\Programme\InterVideo\Common\Bin\ ProcessID : 388 ThreadCreationTime : 18.01.2005 16:21:45 BasePriority : Normal FileVersion : 1.8.2 ProductVersion : 1, 8, 2, 0 ProductName : WinCinema Manager for InterVideo WinCinema products CompanyName : InterVideo Inc. FileDescription : WinCinema Manager InternalName : WinCinema Manager LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved. OriginalFilename : WinCinemaMgr.EXE #:28 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1432 ThreadCreationTime : 18.01.2005 16:21:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:29 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2300 ThreadCreationTime : 18.01.2005 16:23:11 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Disk Scan Result for C:\DOKUME~1\Marcus\LOKALE~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\nvidia corporation\global\nview\windowmanagement Description : nvidia nview cached application window positions MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\office\10.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\adobe\photoshop\7.0\visiteddirs Description : adobe photoshop 7 recent work folders MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1409082233-329068152-839522115-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Marcus\recent Description : list of recently opened documents Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 39 17:37:09 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:13:27.437 Objects scanned:70587 Objects identified:0 Objects ignored:0 New critical objects:0 ------------------------------------------------------------------------- Logfile of HijackThis v1.99.0 Scan saved at 17:40:19, on 18.01.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Cherry\CDI\CDI.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SCARDS32.EXE C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\HHVcdV6Sys\VC6SecS.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Marcus\Desktop\hijackthis199\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100761380906 O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\Programme\Cherry\CDI\CDI.exe O23 - Service: kavsvc - Kaspersky Labs - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: CHIPDRIVE SCARD Service - Towitoko AG - C:\WINDOWS\SCARDS32.EXE O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Programme\HHVcdV6Sys\VC6SecS.exe |
|
|
||
18.01.2005, 18:06
...neu hier
Beiträge: 3 |
#38
hallo sabina,
das war jetzt nicht mehr so Idoit :-) das sollte ich mit Häkchen versehen? R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {91D36B11-7557-849E-10CC-AF26257149A8} - C:\WINDOWS\sdkfe32.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [48.tmp] C:\DOKUME~1\SaschaW\LOKALE~1\Temp\48.tmp.exe 4 10001 O4 - HKLM\..\Run: [javake32.exe] C:\WINDOWS\system32\javake32.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe O4 - HKCU\..\Run: [Iwaa] C:\Dokumente und Einstellungen\SaschaW\Anwendungsdaten\nfa?z.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmeup.cc O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted IP range: 195.190.118.157 O15 - Trusted IP range: 195.190.118.157 (HKLM) O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\atlrz32.exe (file missing) ich habe alles, was da war mit Häkchen versehen :-( war das falsch? (64 sachen).. im abgesicherten modus konnte ich fixme.reg-button nicht öffnen..er fragte mich immer, ob ich die und die infos hinzufügen... im normalmodus komme ich nicht mehr ins internet...habe´ich die IP gelöscht?? was bedeutet:#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k ..das ich es anklicken soll? aber wie gesagt, soweite kam ich noch gar nicht... |
|
|
||
19.01.2005, 15:38
...neu hier
Beiträge: 7 |
#39
Hab auch Home Search infektion!Kann mir bitte auch wer helfen??
Hier das LOG Logfile of HijackThis v1.99.0 Scan saved at 00:23:48, on 19.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\D-Tools\daemon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\WINDOWS\System32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\addha.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\apptl32.exe C:\Programme\spyware\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - C:\WINDOWS\system32\msna.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [addha.exe] C:\WINDOWS\system32\addha.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{AC59681C-41CB-48A9-82D0-6BCAF68C98CC}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{AC59681C-41CB-48A9-82D0-6BCAF68C98CC}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{AC59681C-41CB-48A9-82D0-6BCAF68C98CC}: NameServer = 192.168.2.1 O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\apptl32.exe |
|
|
||
19.01.2005, 16:35
Ehrenmitglied
Beiträge: 29434 |
#40
Saschaw
Fixe im Normalmodus: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zdstp.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {91D36B11-7557-849E-10CC-AF26257149A8} - C:\WINDOWS\sdkfe32.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [48.tmp] C:\DOKUME~1\SaschaW\LOKALE~1\Temp\48.tmp.exe 4 10001 O4 - HKLM\..\Run: [javake32.exe] C:\WINDOWS\system32\javake32.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe O4 - HKCU\..\Run: [Iwaa] C:\Dokumente und Einstellungen\SaschaW\Anwendungsdaten\nfa?z.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmeup.cc O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted IP range: 195.190.118.157 O15 - Trusted IP range: 195.190.118.157 (HKLM) O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\atlrz32.exe (file missing) PC neustarten und den Rest abarbeiten deine Frage zu den Temporaeren Datein. Nach der Datenbreinigung werden loeschbare Dateien angezeigt. Setze ein Haekchen in: Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k und lasse sie loeschen __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 19.01.2005 um 17:00 Uhr von Sabina editiert.
|
|
|
||
19.01.2005, 16:39
Ehrenmitglied
Beiträge: 29434 |
#41
Hallo@marcus1211
Das Log ist sauber __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 19.01.2005 um 17:00 Uhr von Sabina editiert.
|
|
|
||
19.01.2005, 16:56
Ehrenmitglied
Beiträge: 29434 |
#42
Hallo@danielson
Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 (kannst du nach der Reinigung wieder aktivieren) KillBox http://www.bleepingcomputer.com/files/killbox.php Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als "fixme.reg" auf dem Desktop speichern. deaktiviere deinen Virenscanner #Antivirus (free) http://www.free-av.de/ [X] Speicher [X] Bootsektor Suchlaufwerke [ ] Unbekannte Bootsektoren melden [X] Alle Dateien [ ] Programmdateien REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\½O.#ž‚„õØ´â] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\½O.#ž‚„õØ´â] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\½O.#ž‚„õØ´â] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\½O.#ž‚„õØ´â] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ICOO] [-HKEY_CLASSES_ROOT\CLSID\{87BA8C33-B881-C0DA-F0B1-B08EE50CDD55}] #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dkosn.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dkosn.dll/sp.html#12345 O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - C:\WINDOWS\system32\msna.dll O4 - HKLM\..\Run: [addha.exe] C:\WINDOWS\system32\addha.exe O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\apptl32.exe PC neustarten--> in den abgesicherten Modus (melde dich dort als Administrator an) Die Datei "fixme.reg" auf dem Desktop doppelklicken. Start<Ausfuehren --> schreib rein: cmd dann kopiere rein: del c:\ *.tmp del %temp%\*.tmp /f del %windir%\prefetch\*.* del %windir%\temp\*.* /f Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). loeschen temporaere Dateien (loesche nur den Inhalt der Ordner, nicht die ordner selbst) C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\SaschaW\Lokale Einstellungen\Temp\ C:\Dokumente und Einstellungen\SaschaW\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat) Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k #scanne mit Antivirus (poste das Log vom Scan) oeffne die Killbox: <Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\msna.dll C:\WINDOWS\dkosn.dll/sp.html C:\WINDOWS\dkosn.dll C:\WINDOWS\system32\apptl32.exe C:\WINDOWS\system32\addha.exe PC neustarten #AboutBuster www.malwarebytes.biz/AboutBuster.zip Lade: FindIt.zip--> noch einmal posten, bitte http://bilder.informationsarchiv.net/Nikitas_Tools/ Lade, entpacke und klicke auf: "find.bat" [ignoriere : File not found messages] <DOS oeffnet sich -->warte den Scan ab --> es oeffnet sich der Texteditor --> und poste den Text von output.txt. #Ad-aware SE Personal 1.05 Updated--> scannen/PC neustarten-->Log bitte posten http://fileforum.betanews.com/detail/965718306/1 #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 19.01.2005 um 17:04 Uhr von Sabina editiert.
|
|
|
||
19.01.2005, 18:24
...neu hier
Beiträge: 7 |
#43
hier meine LOGS:
Ad-Aware SE Build 1.05 Logfile Created on:Mittwoch, 19. Januar 2005 18:02:18 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R25 11.01.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch(TAC index:10):11 total references MRU List(TAC index:0):13 total references Possible Browser Hijack attempt(TAC index:3):2 total references Tracking Cookie(TAC index:3):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 19.01.2005 18:02:18 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-515967899-436374069-1957994488-500\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-515967899-436374069-1957994488-500\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-515967899-436374069-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-515967899-436374069-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-515967899-436374069-1957994488-500\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-515967899-436374069-1957994488-500\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-515967899-436374069-1957994488-500\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Administrator\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 512 ThreadCreationTime : 19.01.2005 16:55:46 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 568 ThreadCreationTime : 19.01.2005 16:55:47 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 592 ThreadCreationTime : 19.01.2005 16:55:48 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 636 ThreadCreationTime : 19.01.2005 16:55:50 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 648 ThreadCreationTime : 19.01.2005 16:55:50 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 816 ThreadCreationTime : 19.01.2005 16:55:52 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 904 ThreadCreationTime : 19.01.2005 16:55:52 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 996 ThreadCreationTime : 19.01.2005 16:55:52 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1028 ThreadCreationTime : 19.01.2005 16:55:52 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1320 ThreadCreationTime : 19.01.2005 16:55:57 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:11 [iexplore.exe] FilePath : C:\Programme\Internet Explorer\ ProcessID : 1564 ThreadCreationTime : 19.01.2005 16:56:12 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : IEXPLORE.EXE #:12 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ProcessID : 144 ThreadCreationTime : 19.01.2005 17:01:53 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 13 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 14 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Trusted zone presumably compromised : static.topconverting.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : static.topconverting.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : static.topconverting.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com Value : * Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 16 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 16 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : -daniel-@as1.falkag[1].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\-Daniel-\Cookies\-daniel-@as1.falkag[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : -daniel-@servedby.netshelter[1].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\-Daniel-\Cookies\-daniel-@servedby.netshelter[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : -daniel-@versiontracker[1].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\-Daniel-\Cookies\-daniel-@versiontracker[1].txt CoolWebSearch Object Recognized! Type : File Data : apgbn.txt Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : arpot.dat Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : bnhma.dat Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : chlfx.dat Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : eosxp.dat Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : lrjlj.txt Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : pyevx.txt Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : viwlz.dat Category : Malware Comment : Object : C:\WINDOWS\system32\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 27 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 29 18:04:26 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:02:08.695 Objects scanned:67651 Objects identified:16 Objects ignored:0 New critical objects:16 Warning! This utility will find legitimate files in addition to malware. Do not remove anything unless you are sure you know what you're doing. ------- System Files in System32 Directory ------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8886-7C88 Verzeichnis von C:\WINDOWS\System32 19.01.2005 17:25 <DIR> dllcache 17.01.2005 22:29 <DIR> Microsoft 17.01.2005 10:47 7.305 viwlz.dat 31.12.2004 03:09 11.592 pyevx.txt 30.12.2004 12:03 4.402 osuef.dat 3 Datei(en) 23.299 Bytes 2 Verzeichnis(se), 11.840.225.280 Bytes frei ------- Hidden Files in System32 Directory ------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8886-7C88 Verzeichnis von C:\WINDOWS\System32 19.01.2005 17:25 <DIR> dllcache 17.01.2005 21:37 488 logonui.exe.manifest 17.01.2005 21:37 488 WindowsLogon.manifest 17.01.2005 21:37 749 cdplayer.exe.manifest 17.01.2005 21:37 749 nwc.cpl.manifest 17.01.2005 21:37 749 wuaucpl.cpl.manifest 17.01.2005 21:37 749 sapi.cpl.manifest 17.01.2005 21:37 749 ncpa.cpl.manifest 17.01.2005 10:47 7.305 viwlz.dat 31.12.2004 03:09 11.592 pyevx.txt 30.12.2004 12:03 4.402 osuef.dat 10 Datei(en) 28.020 Bytes 1 Verzeichnis(se), 11.840.217.088 Bytes frei ---------- Files Named "Guard" ------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8886-7C88 Verzeichnis von C:\WINDOWS\System32 --------- Temp Files in System32 Directory -------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 8886-7C88 Verzeichnis von C:\WINDOWS\System32 ---------------- User Agent ------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ------------ Keys Under Notify ------------ REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ---------------- Xfind Results ----------------- -------------- Locate.com Results --------------- C:\WINDOWS\SYSTEM32\ cdplay~1.man Mon 17 Jan 2005 21:37:14 A..HR 749 0,73 K logonu~1.man Mon 17 Jan 2005 21:37:22 A..HR 488 0,48 K ncpacp~1.man Mon 17 Jan 2005 21:37:14 A..HR 749 0,73 K nwccpl~1.man Mon 17 Jan 2005 21:37:14 A..HR 749 0,73 K osuef.dat Thu 30 Dec 2004 12:03:06 A.SH. 4.402 4,30 K pyevx.txt Fri 31 Dec 2004 3:09:36 A.SH. 11.592 11,32 K sapicp~1.man Mon 17 Jan 2005 21:37:14 A..HR 749 0,73 K viwlz.dat Mon 17 Jan 2005 10:47:36 A.SH. 7.305 7,13 K window~1.man Mon 17 Jan 2005 21:37:22 A..HR 488 0,48 K wuaucp~1.man Mon 17 Jan 2005 21:37:14 A..HR 749 0,73 K 10 items found: 10 files, 0 directories. Total of file sizes: 28.020 bytes 27,36 K |
|
|
||
19.01.2005, 18:36
Ehrenmitglied
Beiträge: 29434 |
#44
Hallo@danielson
kopiere in die Killbox: KillBox http://www.bleepingcomputer.com/files/killbox.php <Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\msna.dll C:\WINDOWS\dkosn.dll/sp.html C:\WINDOWS\dkosn.dll C:\WINDOWS\system32\apptl32.exe C:\WINDOWS\system32\addha.exe C:\WINDOWS\System32\viwlz.dat C:\WINDOWS\System32\pyevx.txt C:\WINDOWS\System32\osuef.dat C:\WINDOWS\lrjlj.txt C:\WINDOWS\eosxp.dat C:\WINDOWS\chlfx.dat C:\WINDOWS\bnhma.dat C:\WINDOWS\arpot.dat C:\WINDOWS\apgbn.txt PC neustarten dann scanne noch mal mit AdAware und fuehre alles weiter durch+ zum Schluss postest du das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 19.01.2005 um 18:40 Uhr von Sabina editiert.
|
|
|
||
19.01.2005, 20:02
...neu hier
Beiträge: 7 |
#45
Logfile of HijackThis v1.99.0
Scan saved at 20:01:19, on 19.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVWUPSRV.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\nvsvc32.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programme\D-Tools\daemon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\WINDOWS\System32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\explorer.exe C:\WINDOWS\appcg.exe C:\WINDOWS\appax32.exe C:\Programme\remover\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yfnox.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yfnox.dll/sp.html#12345 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yfnox.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yfnox.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yfnox.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yfnox.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {BFC8E15D-A9D9-C737-3BFC-6E181D103960} - C:\WINDOWS\appdz.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [appfw.exe] C:\WINDOWS\system32\appfw.exe O4 - HKLM\..\Run: [appax32.exe] C:\WINDOWS\appax32.exe O4 - HKLM\..\RunOnce: [appcg.exe] C:\WINDOWS\appcg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{AC59681C-41CB-48A9-82D0-6BCAF68C98CC}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{AC59681C-41CB-48A9-82D0-6BCAF68C98CC}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{AC59681C-41CB-48A9-82D0-6BCAF68C98CC}: NameServer = 192.168.2.1 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe ist immernoch da ;-( |
|
|
||
lade das HijackThis
http://www.downloads.subratam.org/hijackthis.zip
Lade/entpacke HijackThis in einem Ordner -->None of the above,
just start the program --> Save--> Savelog -->es öffnet sich der
Editor -->
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins
Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina
rund um die PC-Sicherheit