aklsp.dll und einige andere schönheiten auf mein laptop |
||
---|---|---|
#0
| ||
15.01.2005, 04:38
...neu hier
Beiträge: 3 |
||
|
||
15.01.2005, 12:14
Member
Beiträge: 669 |
#2
Besorge dir AdAware, Spybot S&D und eScan, führe mit allen 3 Tools einen scan im abgesicherten Modus durch.
Sollte eScan fündig werden: log speichern -> mit Editor öffnen -> nach "infected" suchen -> betroffene Zeilen hier rein posten (Datei, kompletter Pfad, Art der Infektion) Fixe mit HijackThis: C:\WINDOWS\System32\cmd32.exe C:\WINDOWS\System32\sistray.EXE O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) 4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile O4 - Global Startup: D-Link AirPlus.lnk = ? O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.esteriore.com/ok.exe O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q3678.exe O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://67.19.185.246/i/8/loader2.ocx O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampr-it/itp/games26.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/506908.exe O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://fr4-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O23 - Service: SymWSC - Symantec Corporation - (no file) Prüfe folgende Einträge ob du sie kennst: (wenn nein fixen) O17 - HKLM\System\CCS\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A80DD63-A398-43A9-A549-369496D984ED}: NameServer = 62.94.0.1,62.94.0.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36 O17 - HKLM\System\CS2\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36 Besorge dir LSPfix (hier) und entferne damit: O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll diese dll, nach dem cleanen kann die aklsp.dll gelöscht werden. Danach bitte aktuelles log erstellen und posten. __________ "life's a bitch, turn around and she'll backstab you for a buck." Dieser Beitrag wurde am 15.01.2005 um 12:31 Uhr von Malkesh editiert.
|
|
|
||
15.01.2005, 16:00
...neu hier
Themenstarter Beiträge: 3 |
#3
Logfile of HijackThis v1.99.0
Scan saved at 15:59:08, on 15.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\PROGRA~1\eScan\helperservice.exe c:\PROGRA~1\eScan\AVKWCTL.EXE c:\PROGRA~1\eScan\avkserv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\WINDOWS\System32\sistray.EXE c:\PROGRA~1\eScan\TRAYSSER.EXE C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\eScan\MAILDISP.EXE E:\Programme\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\eScan\TRAYICOS.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\D-Link AirPlus\AirPlus.exe E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\eScan\SPOOLER.EXE C:\WINDOWS\System32\wuauclt.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\gio'\Desktop\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [MailScan Dispatcher] "c:\Programme\eScan\LAUNCH.EXE" O4 - HKLM\..\Run: [eScan Updater] c:\PROGRA~1\eScan\TRAYICOS.EXE /App O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100581713696 O17 - HKLM\System\CCS\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A80DD63-A398-43A9-A549-369496D984ED}: NameServer = 62.94.0.1,62.94.0.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36 O17 - HKLM\System\CS2\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36 O23 - Service: AVK Service - Unknown - c:\PROGRA~1\eScan\helperservice.exe O23 - Service: AVK Wächter - Unknown - c:\PROGRA~1\eScan\AVKWCTL.EXE O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: eScan Server-Updater - Unknown - c:\PROGRA~1\eScan\TRAYSSER.EXE O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - E:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWSC - Symantec Corporation - (no file) mein neuer log nach escan im abgesicherten modus. |
|
|
||
15.01.2005, 23:09
...neu hier
Themenstarter Beiträge: 3 |
||
|
||
mein süsser laptop ist voller viren, adaware und wie sie alle heissen!!
mein log von hijack 199:
Logfile of HijackThis v1.99.0
Scan saved at 04:34:15, on 15.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Programme\Norton AntiVirus\navapsvc.exe
E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\cmd32.exe
C:\WINDOWS\System32\sistray.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Programme\Avant Browser\avant.exe
C:\Programme\eMule\eMule.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\gio'\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - E:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hervorheben - E:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Suchen - E:\Programme\Avant Browser\Search.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - E:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - E:\Programme\Avant Browser\OpenAllLinks.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.esteriore.com/ok.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q3678.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100581713696
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://67.19.185.246/i/8/loader2.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gampr-it/itp/games26.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/506908.exe
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://fr4-download.strip-player.com/download/stripplayer/bin/activestripsetup_minsize.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A80DD63-A398-43A9-A549-369496D984ED}: NameServer = 62.94.0.1,62.94.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36
O17 - HKLM\System\CS2\Services\Tcpip\..\{123DF3A4-8E47-4F4B-B27A-D122A7D9F878}: NameServer = 80.20.6.36
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - E:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - E:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWSC - Symantec Corporation - (no file)
Habe schon einiges gemacht mit escan, adaware, cwshredder, spybot.
Aber meine herren hatte noch nie so schlimme sachen.
Bitte um hilfe!!