Hilfe mein PC ist fast Tot |
||
---|---|---|
#0
| ||
23.10.2004, 18:56
Member
Beiträge: 33 |
||
|
||
23.10.2004, 20:24
Moderator
Beiträge: 7805 |
#2
Das muss raus:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NDU5ODUxNDU0&ver=2.1.0.0 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R3 - URLSearchHook: (no name) - {AB857E39-699F-8F6E-457B-10D64480F744} - C:\WINDOWS\Vuuskgdp.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programme\CxtPls\CxtPls.dll O2 - BHO: SDWin32 Class - {309D8BA1-3745-42BD-B241-F4EA96AF0582} - C:\WINDOWS\System32\coboy.dll O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32.dll O2 - BHO: (no name) - {844F3644-B363-9C61-95EA-E9CBDA1EAF67} - C:\WINDOWS\Vuuskgdp.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Programme\DashBar\DashBar21.dll O3 - Toolbar: Search - {B29E2C92-73CC-DF5D-7841-11944AEDC960} - C:\WINDOWS\Vuuskgdp.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [vrwovimc] C:\WINDOWS\System32\havsad.exe O4 - HKLM\..\Run: [coboyc] C:\WINDOWS\System32\coboyc.exe O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe O4 - HKLM\..\Run: [wvuxorkx] C:\WINDOWS\wvuxorkx.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\System32\lmf32.dll Obwohl dein Rechner eher was fuer diesenArtikel ist: http://www.rokop-security.de/board/index.php?showtopic=3867 erstes Posting um zu sehen, was infiziert ist und zweites Posting durchlesen, damit du weisst, was du machen und aendern musst! __________ MfG Ralf SEO-Spam Hunter |
|
|
Scan saved at 18:55:47, on 23.10.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\DOKUME~1\MANUEL\LOKALE~1\TEMP\_VWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Winamp\Winampa.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\WINDOWS\System32\stcloader.exe
C:\Programme\CxtPls\CxtPls.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\Programme\NaviSearch\bin\nls.exe
C:\windows\system32\saie.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\dhsvr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Manuel\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NDU5ODUxNDU0&ver=2.1.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: (no name) - {AB857E39-699F-8F6E-457B-10D64480F744} - C:\WINDOWS\Vuuskgdp.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programme\CxtPls\CxtPls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SDWin32 Class - {309D8BA1-3745-42BD-B241-F4EA96AF0582} - C:\WINDOWS\System32\coboy.dll
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\System32\lmf32.dll
O2 - BHO: (no name) - {844F3644-B363-9C61-95EA-E9CBDA1EAF67} - C:\WINDOWS\Vuuskgdp.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Programme\DashBar\DashBar21.dll
O3 - Toolbar: Search - {B29E2C92-73CC-DF5D-7841-11944AEDC960} - C:\WINDOWS\Vuuskgdp.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [vrwovimc] C:\WINDOWS\System32\havsad.exe
O4 - HKLM\..\Run: [coboyc] C:\WINDOWS\System32\coboyc.exe
O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [wvuxorkx] C:\WINDOWS\wvuxorkx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C777F283-BCD8-417B-8ADA-41D4F25CDC08}: NameServer = 192.168.123.254,0.0.0.0
O18 - Filter: text/html - {E64E4E60-EF13-4C79-A159-119762E18181} - C:\WINDOWS\System32\lmf32.dll