Tr/startpage.vq |
||
---|---|---|
#0
| ||
29.03.2005, 12:50
...neu hier
Beiträge: 6 |
||
|
||
03.04.2005, 17:11
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@Markus22
HijackThis http://www.downloads.subratam.org/hijackthis.zip http://www.spywareinfo.com/~merijn/files/hijackthis.zip Lade/entpacke HijackThis in einem Ordner -->None of the above, just start the program --> Save--> Savelog -->es öffnet sich der Editor --> oder: Do a system scan and save a logfile --> Save--> Savelog -->es öffnet sich der Editor --> nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.04.2005, 18:01
...neu hier
Beiträge: 6 |
#3
Ich hab auch das "Vergnügen" mit Trojan.StartPage..
Hab jetzt schon einiges hier gelesen und mir hijackThis runtergeladen... Vielleicht kann mir ja jemand helfen was nun zu tun ist ( auch wenn ich bestimmt schon die 1000. bin..) Logfile of HijackThis v1.99.1 Scan saved at 18:06:18, on 06.04.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\Apoint2K\Apoint.exe C:\Programme\Winamp\winampa.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Apoint2K\Apntex.exe C:\Programme\D-Tools\daemon.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\windows\system32\saie.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\windows\temp\adware\fsg_4203.exe C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe C:\Programme\Java\jre1.5.0\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Web_Rebates\WebRebates1.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe C:\Dokumente und Einstellungen\S4R4H\Desktop\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=AK50454752634953&Company=Company&FName=Sugar&Lang=Enu R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Programme\NavExcel\NavHelper\v2.0.4d\NHelper.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe" O4 - HKLM\..\Run: [navapp] C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [zgnmp] C:\WINDOWS\zgnmp.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
||
06.04.2005, 18:52
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@sarah06
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=5.0&Cd_Key=AK50454752634953&Company=Company&FName=Sugar&Lang=Enu O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exe O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe" O4 - HKLM\..\Run: [navapp] C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\Run: [zgnmp] C:\WINDOWS\zgnmp.exe O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - PC neustarten •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\Programme\Web_Rebates\WebRebates0.exe C:\Programme\Web_Rebates\WebRebates1.exe C:\windows\system32\saie.exe C:\windows\temp\adware\fsg_4203.exe C:\WINDOWS\zgnmp.exe C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe C:\Programme\INSTAFINK\instafink.dll PC neustarten loeschen; (schau vorher mit rechtsklick-->Erstellungsdatum)--> suche/loesche alle Datein, die mit der verseuchung zusammenfallen C:\Programme\Web_Rebates\ C:\windows\temp\adware\ C:\Programme\NavExcel\ C:\Programme\INSTAFINK\ #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Reinigung CCleaner http://www.ccleaner.com/ccdownload.asp #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.04.2005, 21:56
...neu hier
Beiträge: 6 |
#5
Erstmal : Vielen Dank!!!!!
Hab alles gemacht was du gesagt hast,2 der Dateien von C:\Programme\NavExcel\ konnt ich aber irgendwie nicht löschen.. Logfile of HijackThis v1.99.1 Scan saved at 21:59:22, on 06.04.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\Apoint2K\Apoint.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\D-Tools\daemon.exe C:\Programme\Apoint2K\Apntex.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\Programme\Java\jre1.5.0\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Gemeinsame Dateien\eAcceleration\eanthology.exe C:\Programme\Acceleration Software\Anti-Virus\stopsignav.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe C:\Dokumente und Einstellungen\S4R4H\Desktop\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Programme\Gemeinsame Dateien\eAcceleration\Installer\stopsinfo.dll",VerifyStatus O4 - HKLM\..\Run: [webscan] C:\Programme\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [navapp] C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Programme\Gemeinsame Dateien\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
||
06.04.2005, 22:39
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@sarah06
loesche C:\Programme\NavExcel\ im abgesicherten Modus (dazu drueckst du beim Hochfahren vom PC die F8 und gehst in den abgesicherten Modus/meldest dich als Administrator an) •Online-Scann (Panda)--> poste mir, was angezeigt wird http://www.pandasoftware.com/activescan/com/activescan_principal.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.04.2005, 18:58
...neu hier
Beiträge: 6 |
#7
C:\Programme\NavExcel\ die datei gibts irgendwie nicht..
Und dieser onlinescan funktioniert auch nicht..da mein internetexp wohl zu alt ist.. Benutze eigentlich eh fast nur firefox.. Bin ganz schön kompliziert was? |
|
|
||
07.04.2005, 23:41
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo@sarah06
Fixe mit dem HijackTHis: O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Programme\Gemeinsame Dateien\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro O4 - HKLM\..\Run: [webscan] C:\Programme\Acceleration Software\Anti-Virus\stopsignav.exe -k neustarten C:\Programme\Gemeinsame Dateien\eAcceleration\<--loeschen und das Programm deinstallieren C:\Programme\Acceleration Software\Anti-Virus\ #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen -->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird--> ------------------------------------------------------------------------------------ eAcceleration\ Note on eAcceleration Stop-Sign: eAcceleration's Stop-Sign anti-malware scanner was listed on this page primarily because of the company's history of employing deceptive advertising and drive-by-downloads (1, 2, 3, 4). The company was also known for removing and/or disabling competing apps. These objectionable business practices were employed primarily during the years 2002-2003. Sometime during 2004 the company underwent reorganization. Not only have the worst of the company's download and installation practices been halted, but the company has completely overhauled its stub installer application, giving users much more control over the software modules to be installed on their systems (1, 2). While testing indicates that the "Thread scanner" is still slow and has occasional problems with false positives -- in large part because of the use of heuristics, which cannot be turned off by the user -- we can no longer classify this application as "rogue/suspect." Nonetheless, this anti-malware application -- at least in its current state -- cannot be recommended, given the many excellent competing anti-virus, anti-trojan, and anti-spyware applications that are available (some for free). __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.04.2005, 18:28
...neu hier
Beiträge: 6 |
#9
Ad-Aware SE Build 1.05
Logfile Created on:Freitag, 8. April 2005 16:32:26 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R37 07.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):15 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 08.04.2005 16:32:26 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\S4R4H\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\office\11.0\powerpoint\recentfolderlist Description : list of recent folders used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\office\11.0\powerpoint\recent templates Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\office\11.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1123561945-436374069-854245398-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 696 ThreadCreationTime : 08.04.2005 14:29:37 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 764 ThreadCreationTime : 08.04.2005 14:29:39 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 788 ThreadCreationTime : 08.04.2005 14:29:40 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 832 ThreadCreationTime : 08.04.2005 14:29:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 844 ThreadCreationTime : 08.04.2005 14:29:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1004 ThreadCreationTime : 08.04.2005 14:29:41 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1072 ThreadCreationTime : 08.04.2005 14:29:41 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1112 ThreadCreationTime : 08.04.2005 14:29:41 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1176 ThreadCreationTime : 08.04.2005 14:29:42 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1236 ThreadCreationTime : 08.04.2005 14:29:42 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccproxy.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1652 ThreadCreationTime : 08.04.2005 14:29:43 BasePriority : Normal FileVersion : 103.0.3.8 ProductVersion : 103.0.3.8 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:12 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1672 ThreadCreationTime : 08.04.2005 14:29:43 BasePriority : Normal FileVersion : 103.0.3.8 ProductVersion : 103.0.3.8 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:13 [issvc.exe] FilePath : C:\Programme\Norton Internet Security\ ProcessID : 1684 ThreadCreationTime : 08.04.2005 14:29:43 BasePriority : Normal FileVersion : 8.0.2.5 ProductVersion : 8.0 ProductName : Norton Internet Security CompanyName : Symantec Corporation FileDescription : IS Service InternalName : ISSVC.exe LegalCopyright : Copyright (c) 2004 Symantec Corporation OriginalFilename : ISSVC.exe #:14 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1700 ThreadCreationTime : 08.04.2005 14:29:44 BasePriority : Normal FileVersion : 5.4.4.17 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:15 [spbbcsvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\ ProcessID : 1712 ThreadCreationTime : 08.04.2005 14:29:45 BasePriority : Normal FileVersion : 1,0,1,47 ProductVersion : 1,0,1,47 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:16 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1776 ThreadCreationTime : 08.04.2005 14:29:46 BasePriority : Normal FileVersion : 103.0.3.8 ProductVersion : 103.0.3.8 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:17 [brsvc01a.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 424 ThreadCreationTime : 08.04.2005 14:29:49 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : brother Industries Ltd brsvc01a CompanyName : brother Industries Ltd FileDescription : brsvc01a InternalName : brsvc01a LegalCopyright : Copyright © Brother Industries, Ltd 2001 OriginalFilename : brsvc01a.exe #:18 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 440 ThreadCreationTime : 08.04.2005 14:29:49 BasePriority : Normal FileVersion : 7.4 ProductVersion : 7.4 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:19 [brss01a.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 444 ThreadCreationTime : 08.04.2005 14:29:49 BasePriority : Normal FileVersion : 1.004 ProductVersion : 1, 0, 0, 4 ProductName : brother Industries Ltd brss01a.exe CompanyName : brother Industries Ltd FileDescription : brss01a.exe InternalName : brss01a.exe LegalCopyright : Copyright ? 2001 OriginalFilename : brss01a.exe Comments : Brsplproc XP wrapper #:20 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 472 ThreadCreationTime : 08.04.2005 14:29:49 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:21 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 496 ThreadCreationTime : 08.04.2005 14:29:49 BasePriority : Normal #:22 [mdm.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\ ProcessID : 664 ThreadCreationTime : 08.04.2005 14:29:50 BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:23 [navapsvc.exe] FilePath : C:\Programme\Norton Internet Security\Norton AntiVirus\ ProcessID : 720 ThreadCreationTime : 08.04.2005 14:29:50 BasePriority : Normal FileVersion : 11.0.9.16 ProductVersion : 11.0.9 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:24 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1304 ThreadCreationTime : 08.04.2005 14:29:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:25 [symlcsvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\ ProcessID : 1408 ThreadCreationTime : 08.04.2005 14:29:50 BasePriority : Normal FileVersion : 1, 8, 54, 478 ProductVersion : 1, 8, 54, 478 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright (C) 2003 OriginalFilename : symlcsvc.exe #:26 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 372 ThreadCreationTime : 08.04.2005 14:29:57 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:27 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2384 ThreadCreationTime : 08.04.2005 14:30:06 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:28 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 2416 ThreadCreationTime : 08.04.2005 14:30:09 BasePriority : Normal FileVersion : 5.1.02 ProductVersion : 5.1.02 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager #:29 [cplbcl53.exe] FilePath : C:\PROGRA~1\LAUNCH~1\ ProcessID : 2652 ThreadCreationTime : 08.04.2005 14:30:13 BasePriority : Normal FileVersion : 1,2,0,1 ProductVersion : 4, 15, 0, 2002 ProductName : Dritek System Inc. MMKeybd 04.15.2002 ( VC60 ) CompanyName : Dritek System Inc. FileDescription : MultiMedia Keyboard InternalName : MMKeybd LegalCopyright : Copyright © 2001-2002 Dritek System Inc. OriginalFilename : MMKeybd.exe #:30 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 2872 ThreadCreationTime : 08.04.2005 14:30:14 BasePriority : Normal FileVersion : 2.1.28 2.1.28 03/31/2003 13:54:16 ProductVersion : 2.1.28 2.1.28 03/31/2003 13:54:16 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:31 [igfxtray.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2908 ThreadCreationTime : 08.04.2005 14:30:14 BasePriority : Normal FileVersion : 3.0.0.3865 ProductVersion : 7.0.0.3865 ProductName : Intel(R) Common User Interface CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY LegalCopyright : Copyright 1999-2002, Intel Corporation OriginalFilename : IGFXTRAY.EXE #:32 [hkcmd.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2916 ThreadCreationTime : 08.04.2005 14:30:14 BasePriority : Normal FileVersion : 3.0.0.3865 ProductVersion : 7.0.0.3865 ProductName : Intel(R) Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2002, Intel Corporation OriginalFilename : HKCMD.EXE #:33 [apoint.exe] FilePath : C:\Programme\Apoint2K\ ProcessID : 2924 ThreadCreationTime : 08.04.2005 14:30:15 BasePriority : Normal FileVersion : 5.3.10.166 ProductVersion : 5.3.10.166 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright (C) 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:34 [winampa.exe] FilePath : C:\Programme\Winamp\ ProcessID : 2940 ThreadCreationTime : 08.04.2005 14:30:15 BasePriority : Normal #:35 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 2952 ThreadCreationTime : 08.04.2005 14:30:15 BasePriority : Normal FileVersion : 103.0.3.8 ProductVersion : 103.0.3.8 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:36 [apntex.exe] FilePath : C:\Programme\Apoint2K\ ProcessID : 3120 ThreadCreationTime : 08.04.2005 14:30:17 BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright (C) 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:37 [daemon.exe] FilePath : C:\Programme\D-Tools\ ProcessID : 3140 ThreadCreationTime : 08.04.2005 14:30:18 BasePriority : Normal #:38 [icqlite.exe] FilePath : C:\Programme\ICQLite\ ProcessID : 3244 ThreadCreationTime : 08.04.2005 14:30:20 BasePriority : Normal FileVersion : 20, 32, 2315, 0 ProductVersion : 20, 32, 2315, 0 ProductName : ICQLite CompanyName : ICQ Ltd. FileDescription : ICQLite InternalName : ICQ Lite LegalCopyright : Copyright (C) 2002 OriginalFilename : ICQLite.exe #:39 [lxsupmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3312 ThreadCreationTime : 08.04.2005 14:30:22 BasePriority : Normal FileVersion : 3.0.105.1 ProductVersion : 3.0.105.1 ProductName : Lexmark Supplies Monitor CompanyName : Lexmark International Inc. FileDescription : Supplies Monitor InternalName : LXSUPMON LegalCopyright : Copyright © 2002 OriginalFilename : LXSUPMON.RC #:40 [p2p networking.exe] FilePath : C:\WINDOWS\system32\P2P Networking\ ProcessID : 3464 ThreadCreationTime : 08.04.2005 14:30:24 BasePriority : Normal FileVersion : 1, 26, 0, 10 ProductVersion : 1, 26, 0, 10 ProductName : P2P Networking CompanyName : Joltid Ltd. FileDescription : P2P Networking InternalName : P2P Networking LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved. LegalTrademarks : Joltid is a registered trademark of Joltid Ltd. OriginalFilename : P2P Networking.exe #:41 [jusched.exe] FilePath : C:\Programme\Java\jre1.5.0\bin\ ProcessID : 3488 ThreadCreationTime : 08.04.2005 14:30:25 BasePriority : Normal #:42 [ituneshelper.exe] FilePath : C:\Programme\iTunes\ ProcessID : 3636 ThreadCreationTime : 08.04.2005 14:30:26 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:43 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 3724 ThreadCreationTime : 08.04.2005 14:30:29 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:44 [ipodservice.exe] FilePath : C:\Programme\iPod\bin\ ProcessID : 3844 ThreadCreationTime : 08.04.2005 14:30:32 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:45 [firefox.exe] FilePath : C:\PROGRA~1\MOZILL~1\ ProcessID : 2140 ThreadCreationTime : 08.04.2005 14:30:42 BasePriority : Normal #:46 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2236 ThreadCreationTime : 08.04.2005 14:30:48 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:47 [wmiprvse.exe] FilePath : C:\WINDOWS\system32\wbem\ ProcessID : 532 ThreadCreationTime : 08.04.2005 14:31:03 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:48 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1188 ThreadCreationTime : 08.04.2005 14:31:14 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:49 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3444 ThreadCreationTime : 08.04.2005 14:32:08 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 15 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 16:41:22 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:08:55.660 Objects scanned:86199 Objects identified:0 Objects ignored:0 New critical objects:0 D:\#iso\norton.internet.security.2005.retail.inkl.keyg*hier nicht*.german-cpe\norton.internet.security.2005.retail.inkl.keyg*hier nicht*.german-cpe.rar infected by "Trojan-Dropper.Win32.Delf.fd" Virus. Action Taken: No Action Taken. C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5E9B592A.exe infected by "Trojan-Dropper.Win32.Delf.fd" Virus. Action Taken: No Action Taken. C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\42383146.tmp infected by "Trojan-Downloader.Win32.Totavel.a" Virus. Action Taken: No Action Taken. C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\42350749.dll infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken. C:\Programme\Kazaa\TopSearch.dll infected by "not-a-virus:AdWare.Altnet.d" Virus. Action Taken: No Action Taken. C:\Programme\Diet K\dk\dietk3.dat infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\S4R4H\Lokale Einstellungen\Temp\temp.fr9EDE\NavHelper\v2.0.4d\NHUpdater.exe infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\S4R4H\Lokale Einstellungen\Temp\temp.fr9EDE\NavHelper\v2.0.4d\NHelper.dll infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken. C:\Dokumente und Einstellungen\S4R4H\Desktop\hijackthis_199\backups\backup-20050406-211122-850.dll infected by "not-a-virus:AdWare.ToolBar.404Search.h" Virus. Action Taken: No Action Taken. C:\DOKUME~1\S4R4H\LOKALE~1\Temp\temp.fr9EDE\NavHelper\v2.0.4d\NHUpdater.exe infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken. C:\DOKUME~1\S4R4H\LOKALE~1\Temp\temp.fr9EDE\NavHelper\v2.0.4d\NHelper.dll infected by "not-a-virus:AdWare.NavExcel.h" Virus. Action Taken: No Action Taken. Ich hoffe ich hab das alles richtig gemacht.... |
|
|
||
10.04.2005, 19:11
Ehrenmitglied
Beiträge: 29434 |
#10
Hallo@sarah06
•KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" D:\#iso\norton.internet.security.2005.retail.inkl.keyg*hier nicht*.german-cpe\norton.internet.security.2005.retail.inkl.keyg*hier nicht*.german-cpe.rar C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5E9B592A.exe C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\42383146.tmp C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\42350749.dll C:\Programme\Kazaa\TopSearch.dll C:\Programme\Diet K\dk\dietk3.dat C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\5E9B592A.exe C:\Dokumente und Einstellungen\S4R4H\Lokale Einstellungen\Temp\temp.fr9EDE\NavHelper\v2.0.4d\NHUpdater.exe C:\Dokumente und Einstellungen\S4R4H\Lokale Einstellungen\Temp\temp.fr9EDE\NavHelper\v2.0.4d\NHelper.dll C:\Dokumente und Einstellungen\S4R4H\Desktop\hijackthis_199\backups\backup-20050406-211122-850.dll PC neustarten ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- CCleaner http://www.ccleaner.com/ccdownload.asp ueberpruefe, ob das geloescht ist german-cpe.rar C:\Programme\Diet K\dk\ C:\Dokumente und Einstellungen\S4R4H\Lokale Einstellungen\Temp\temp.fr9EDE\NavHelper\v2.0.4d\NHUpdater.exe C:\Dokumente und Einstellungen\S4R4H\Lokale Einstellungen\Temp\temp.fr9EDE\NavHelper\v2.0.4d\NHelper.dll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.04.2005, 20:09
...neu hier
Beiträge: 6 |
#11
Also Norton zeigt keinen Virus mehr an! ich hoffe das bleibt auch so...
Danke nochmal!! |
|
|
||
Mein Antivier findet aber nichtsmehr. Habe auch schon SpSeHjfix_Beta6
durschlaufen lasse. Aber mein desktop bleibt schwarz mit dieser dummen Werbung. Hat jemand Hilfe für mich ????? VIELEN VIELEN DANK