Antivirus Gold- Bin am Verzweifeln |
||
---|---|---|
#0
| ||
29.06.2005, 14:29
...neu hier
Themenstarter Beiträge: 9 |
||
|
||
29.06.2005, 20:05
Ehrenmitglied
Beiträge: 29434 |
#17
das sieht ja schon ganz gut aus
Mache bitte die WindowsUpdates--> du scheinst keine geladen zu haben, der iE ist hoffnungslos veraltet und sehr sehr unsicher.... arbeite das bitte ab: http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.06.2005, 23:36
...neu hier
Beiträge: 2 |
#18
Hallo Sabina,
habe jetzt alle benannten Schritte durch und poste jetzt... 1. Find_It_s.zip Microsoft Windows XP [Version 5.1.2600] PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidance If any doubt back them up first »»»»» lagitamate file's can/will show in this section. »»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»» Checking Windir\svcproc.exe and nail.exe. »»»»» Checking for System32\DrPMon.dll. »»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder. Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Verzeichnis von C:\WINDOWS\SYSTEM32 »»»»» Checking for SAHAgent ico files. Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Verzeichnis von C:\WINDOWS\system32 23.03.2003 13:38 1.758 OemLinkIcon.ico 1 Datei(en) 1.758 Bytes 0 Verzeichnis(se), 46.625.763.328 Bytes frei »»»»»»»»»»»»»»»»»»»»»»»». 2. Pfind Files found with this application may be legitimate. Only remove files that you know are malware related. Checking the C:\WINDOWS folder ------Mehr hat er mir leider nicht ausgespuckt----- 3. Silentrunners "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS] "AOLDialer" = "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" ["America Online, Inc"] "AVGCtrl" = "C:\Dokumente und Einstellungen\Heiko Lünse\Eigene Dateien\Eigene Downloads\Programme\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++} EXECUTION UNLIKELY: "Registrando Panda ActiveX" = "C:\WINDOWS\System32\regsvr32.exe /s C:\WINDOWS\System32\ActiveScan\as.dll" [MS] EXECUTION UNLIKELY: "Registrando Panda Almacen" = "C:\WINDOWS\System32\regsvr32.exe /s C:\WINDOWS\System32\ActiveScan\pavpz.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{F5D92341-0A64-11D0-9956-0000E8096023}" = "CD Copy Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."] "{F5D92342-0A64-11D0-9956-0000E8096023}" = "CD Wizard Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshellext.dll" ["RealNetworks"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL" [MS] "{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "CorelDRAW Shell-Erweiterungskomponente" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" [null data] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\Heiko Lünse\Eigene Dateien\Eigene Downloads\Programme\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\Heiko Lünse\Eigene Dateien\Eigene Downloads\Programme\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Dokumente und Einstellungen\Heiko Lünse\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.aldi.com Missing lines (compared with English-language version): [Strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\Dokumente und Einstellungen\Heiko Lünse\Eigene Dateien\Eigene Downloads\Programme\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Dokumente und Einstellungen\Heiko Lünse\Eigene Dateien\Eigene Downloads\Programme\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] AOL Connectivity Service, AOL ACS, ""C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"" ["America Online, Inc."] EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"] EpsonBidirectionalService, EpsonBidirectionalService, "C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe" [null data] Ereignisprotokoll-Überwachung, LogWatch, "C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe" ["Computer Associates"] eTrust Antivirus Job Server, InoTask, ""C:\Programme\CA\eTrust Antivirus\InoTask.exe"" ["Computer Associates International, Inc."] eTrust Antivirus Realtime Server, InoRT, ""C:\Programme\CA\eTrust Antivirus\InoRT.exe"" ["Computer Associates International, Inc."] eTrust Antivirus RPC Server, InoRPC, ""C:\Programme\CA\eTrust Antivirus\InoRpc.exe"" ["Computer Associates International, Inc."] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 65 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 31 seconds. ---------- (total run time: 165 seconds) -------------------------------------------------------------------------- Ich hoffe du kannst damit ne Menge mehr anfangen als ich, denn für mich ist dass wirklich chinesisch . Aber mit meinem PC ist das wirklich kein arbeiten mehr... seufz. Gruss duncanmcloud |
|
|
||
29.06.2005, 23:49
Ehrenmitglied
Beiträge: 29434 |
#19
noch was gefunden Loesche mit der killbox
C:\WINDOWS\system32\OemLinkIcon.ico #TuneUp2004 (30 Tage free) http://virus-protect.org/reinigungstoolsregistry.html Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner #Alternativbrowser zum IE Firefox http://www.firefox-browser.de/windows.php http://www.mozilla-europe.org/de/ Installation+Konfiguration Firefox http://www.pcwelt.de/know-how/software/103924/index1.html Dann : alles Gute fuer dich + PC (und vergiss nicht die Windowsupdates) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.06.2005, 12:25
...neu hier
Themenstarter Beiträge: 9 |
#20
Hallo@ Sabina
wollte mich nochmal für deine Hilfe bedanken!! Auch wenn du deine liebe Mühe mit mir gehabt hast. Also danke danke und danke |
|
|
||
05.07.2005, 21:15
...neu hier
Beiträge: 1 |
#21
Hallo Sabina,
habe das gleiche Problem. Habe noch weniger Ahnung als alle meine Vorgänger und kriege gar nichts hin. Kannst du mir trotzdem helfen? Am besten in vielen kleinen Schritten. Das schaffe ich vielleicht. |
|
|
||
05.07.2005, 22:17
Ehrenmitglied
Beiträge: 29434 |
#22
Hallo@Kowi
ich wuerde dir gern helfen, aber ich fliege morgen frueh in die Ferien und komme erst Anfang August zurueck __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.07.2005, 22:39
...neu hier
Beiträge: 1 |
#23
Hallo,
ich brauche Hilfe! Ich habe schon echt alles durchlaufen lassen...Antivir...Adaware...nichts hilft. Hab mich hier schon vor ab informiert und alles vorbereitet was nötig ist um den Virus loszuwerden. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 242C-79E2 Verzeichnis von C:\WINDOWS\system32 08.07.2005 14:26 17.145 nvapps.xml 08.07.2005 14:25 384 DVCStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.dat 08.07.2005 14:25 2.064 settingsbkup.sfm 08.07.2005 14:25 2.064 settings.sfm 08.07.2005 14:25 384 DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.dat 08.07.2005 14:25 30.528 BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx 08.07.2005 14:25 31.056 BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx 08.07.2005 14:25 30.528 BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx 08.07.2005 14:25 31.056 BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx 06.07.2005 10:40 99.678 wp.bmp 06.07.2005 10:40 766 spyware.ico 06.07.2005 10:40 4.286 spam.ico 06.07.2005 10:40 2.238 pharm.ico 06.07.2005 10:40 2.238 network.ico 06.07.2005 10:40 2.238 Date.ico 06.07.2005 10:39 36.864 hookdump.exe 03.07.2005 15:18 2.206 wpa.dbl 30.06.2005 15:13 193.776 FNTCACHE.DAT 08.05.2005 17:15 3.157 jupdate-1.4.2_03-b02.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 242C-79E2 Verzeichnis von C:\DOKUME~1\arti\LOKALE~1\Temp 08.07.2005 15:11 10.538 control.xml 08.07.2005 14:26 17.871 LVCOMSX.LOG 08.07.2005 14:26 16.384 ~DF9EB2.tmp 08.07.2005 14:26 109.597 jusched.log 08.07.2005 14:24 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}32218.html 08.07.2005 13:40 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}14369.html 07.07.2005 12:34 59.964 Adobelm_Cleanup.0001 07.07.2005 12:34 896 TWAIN.LOG 07.07.2005 12:34 3 Twain001.Mtx 07.07.2005 12:34 156 Twunk001.MTX 06.07.2005 16:33 30.722 AGLanguage.ini 06.07.2005 11:14 3.072 temp.fr0014 06.07.2005 10:40 207 1.exe 06.07.2005 10:39 2.663.231 kepn.exe 06.07.2005 10:39 36.864 plgn.exe 02.07.2005 21:54 77 E758E1CB.TMP 02.07.2005 15:32 0 k5a635.tmp 02.07.2005 15:32 0 dem62D.tmp 02.07.2005 15:31 0 t7h629.tmp 30.06.2005 22:45 0 1go27.tmp 30.06.2005 22:43 0 3cc25.tmp 30.06.2005 22:41 0 94524.tmp 30.06.2005 22:37 0 2m01F.tmp 30.06.2005 22:35 0 4m81E.tmp 30.06.2005 22:16 0 adz13.tmp 30.06.2005 22:16 0 tq112.tmp 30.06.2005 22:15 0 okf11.tmp 30.06.2005 22:15 0 hm010.tmp 30.06.2005 22:13 0 yszF.tmp 30.06.2005 22:12 0 tb2E.tmp 30.06.2005 22:11 0 l3cD.tmp 30.06.2005 22:09 0 wyiC.tmp 30.06.2005 22:09 0 h1dB.tmp 30.06.2005 22:08 0 ndbA.tmp 30.06.2005 22:08 0 ske9.tmp 30.06.2005 18:43 213 1F1205F7.TMP 29.06.2005 22:58 0 1nr867.tmp 29.06.2005 22:51 0 lw0727.tmp 27.06.2005 23:46 4.952.985 TARGET3001Libs.txt 17.06.2005 00:27 0 edvA3.tmp 17.06.2005 00:26 0 av7A2.tmp 17.06.2005 00:24 0 f18A1.tmp 16.06.2005 16:56 0 rla15.tmp 16.06.2005 16:56 0 zhx14.tmp 16.06.2005 16:54 0 k1t13.tmp 16.06.2005 16:53 0 aeb12.tmp 16.06.2005 16:51 0 n8811.tmp 16.06.2005 16:50 0 eug10.tmp 16.06.2005 16:49 0 uikF.tmp 16.06.2005 16:47 0 7r2E.tmp 16.06.2005 16:46 0 agsD.tmp 16.06.2005 16:45 0 1myC.tmp 16.06.2005 16:43 0 oheB.tmp 16.06.2005 16:42 0 24lA.tmp 13.06.2005 22:35 13.516 ICQ54.tmp 13.06.2005 22:35 4.484 ICQ53.tmp 10.06.2005 22:38 66.448 mmmxl.log 10.06.2005 22:11 0 0174BB9D.dmp 07.06.2005 11:34 45.096 _VWUPSRV.EXE 06.06.2005 16:12 0 2jw6.tmp 04.06.2005 19:51 0 NBR17.tmp 04.06.2005 19:48 46.270 offcln10.log 04.06.2005 19:25 53.190.026 Incredible_Hulk_E3_-_Trailer_1.rar 04.06.2005 19:19 13.937.034 fear_e3.zip 04.06.2005 19:19 5.746.924 Ultimate_Spiderman_E305.wmv cls Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 242C-79E2 Verzeichnis von C:\WINDOWS 08.07.2005 15:11 53.394 wmsetup.log 08.07.2005 14:26 1.522 screen.html 08.07.2005 14:26 4.932.286 {00000001-00000000-00000008-00001102-00000004-20021102}.CDF 08.07.2005 14:26 0 0.log 08.07.2005 14:26 159 wiadebug.log 08.07.2005 14:26 50 wiaservc.log 08.07.2005 14:25 2.048 bootstat.dat 08.07.2005 14:25 32.630 SchedLgU.Txt 08.07.2005 14:25 64.221 WindowsUpdate.log 07.07.2005 14:28 980.536 setupapi.log 07.07.2005 14:03 16.014 cFosSpeed_Setup_Log.txt 06.07.2005 10:40 2.137 sites.ini 29.06.2005 21:45 496 win.ini 05.06.2005 17:46 100.482 UninstallThunderbird.exe 05.06.2005 17:46 8.112 mozver.dat Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 242C-79E2 Verzeichnis von C:\ 08.07.2005 15:19 0 sys.txt 08.07.2005 15:17 6.534 system.txt 08.07.2005 15:15 34.587 systemtemp.txt 08.07.2005 15:15 34.587 systemtemp.tx 08.07.2005 15:13 107.894 system32.txt 08.07.2005 14:25 536.399.872 hiberfil.sys 08.07.2005 14:25 805.306.368 pagefile.sys 08.07.2005 14:08 712 pfind.txt PFIND Files found with this application may be legitimate. Only remove files that you know are malware related. Checking the C:\WINDOWS folder C:\WINDOWS\daemon.dll: UPX! Checking the C:\WINDOWS\SYSTEM32 folder C:\WINDOWS\SYSTEM32\ntdll.dll: .aspack Checking all directories under the C:\WINDOWS\SYSTEM32\drivers folder Checking the C:\Dokumente und Einstellungen\All Users\Start Menu\programs\Startup\ folder Checking the C:\Dokumente und Einstellungen\All Users\Application Data folder Checking the C:\Dokumente und Einstellungen\arti\Start Menu\programs\Startup\ folder Checking the C:\Dokumente und Einstellungen\arti\Application Data folder "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "UIWatcher" = "C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe" ["ashampoo GmbH & Co. KG"] "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS] "LogitechSoftwareUpdate" = "C:\Programme\Logitech\Video\ManifestEngine.exe boot" ["Logitech Inc."] "Intel system tool" = "C:\WINDOWS\system32\hookdump.exe" [null data] "SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "notepad.exe" = "msmsgs.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTSysVol" = "C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"] "CTDVDDET" = "C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" ["Creative Technology Ltd"] "CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"] "SBDrvDet" = "C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"] "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe" [null data] "MMTray" = "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" ["Musicmatch, Inc."] "mmtask" = "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."] "DAEMON Tools-1033" = ""C:\Programme\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "iTunesHelper" = "C:\Programme\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."] "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."] "LogitechVideoRepair" = "C:\Programme\Logitech\Video\ISStart.exe " ["Logitech Inc."] "LogitechVideoTray" = "C:\Programme\Logitech\Video\LogiTray.exe" ["Logitech Inc."] "FreePDF Assistant" = "C:\Programme\FreePDF_XP\fpassist.exe" [null data] "cFosSpeed" = "C:\Programme\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"] "RegSvr32" = "C:\WINDOWS\system32\msmsgs.exe" [file not found] "intel32.exe" = "C:\WINDOWS\system32\intel32.exe" [file not found] "PSGuard" = "C:\Programme\PSGuard\PSGuard.exe" [file not found] "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}\(Default) = "VMHomepage Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hp289A.tmp" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Eigene Logitech-Bilder" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Logitech\Video\Namespc2.dll" ["Logitech Inc."] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Group Policies [Description] {enabled Group Policy setting}: ------------------------------------------------------------ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HIJACK WARNING! "NoActiveDesktopChanges"=dword:00000001 [prevents changes to Active Desktop; removes Web tab from Display Properties| Desktop (tab)|Customize Desktop... (button)|Desktop Items (window)] {User Configuration|Administrative Templates|Desktop|Active Desktop| Prohibit changes} HIJACK WARNING! "NoDispBackgroundPage"=dword:00000001 [removes Display Properties, Desktop (tab)] {User Configuration|Administrative Templates|Control Panel|Display| Hide Desktop tab} Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "%APPDATA%\IrfanView\IrfanView_Wallpaper.bmp" Active Desktop web content: HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\ "FriendlyName" = "Security info v3" "Source" = "C:\WINDOWS\screen.html" "SubscribedURL" = "" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "arti" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\arti\Startmenü\Programme\Autostart "Adobe Gamma" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\ "ButtonText" = "eBay - Homepage" "CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "Exec" = "C:\Programme\IrfanView\Ebay\Ebay.htm" [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\Programme\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] cFosSpeed System Service, cFosSpeedS, ""C:\Programme\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"] iPod Service, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Logfile of HijackThis v1.99.1 Scan saved at 22:34:20, on 11.07.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\cFosSpeed\spd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programme\D-Tools\daemon.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\cFosSpeed\cFosSpeed.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\hookdump.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Biet-O-Matic\Biet-O-Matic.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE F:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp289A.tmp (file missing) O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [MMTray] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\system32\intel32.exe O4 - HKLM\..\Run: [PSGuard] C:\Programme\PSGuard\PSGuard.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{BFB144BE-407A-436F-A971-A89F1F7FE157}: NameServer = 192.168.0.1 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programme\cFosSpeed\spd.exe" -service (file missing) O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Nun warte ich auf andere Anweisungen...hoffe es kann mir einer behilflich sein.. Schon mal ein großes DANKESCHÖN im voraus! MFG milox |
|
|
||
12.07.2005, 08:53
...neu hier
Beiträge: 1 |
#24
Hallo Zusammen,
habe das gleiche Problem wie so viele hier. Antivirus Gold hat sich bei mir eingeschuggelt und ich werde es nicht mehr los. Versuche gerade nach der Anleitung von "Sabina" vorzugehen, Leider kann ich das Programm "Pfind" nicht finden, da der Link lediglich zu Google führt. Kann mir da jemand helfen? Danke im voraus. Gruß Hoffi |
|
|
||
12.07.2005, 11:49
Ehrenmitglied
Beiträge: 6028 |
#25
Wie entferne ich Antivirus Gold
http://www.bleepingcomputer.com/forums/How_to_remove_Antivirus_Gold_or_AVGold-t22397.html __________ MfG Argus |
|
|
||
17.07.2005, 20:57
...neu hier
Beiträge: 1 |
#26
nimm das proggie adaware away, bei mir gings schnell und problemlos, cu
|
|
|
||
Panda hat keine Viren gefunden ( hab alle Suchareale abklabastert).
Der Log von HijackThis nach dem Panda Scan:
Logfile of HijackThis v1.99.1
Scan saved at 14:31:55, on 29.06.2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\WINNT\System32\internat.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Peter Ivens\Eigene Dateien\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77EF6DBF-3929-4081-AF2E-178D387E211C} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1037_EN_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE