"Your computer is infected"Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
15.11.2005, 00:04
Ehrenmitglied
Beiträge: 29434 |
||
|
||
15.11.2005, 16:28
...neu hier
Beiträge: 4 |
#32
Hi, danke für die Anleitung. Hab alles gemacht, Hintergrundbild ist jetzt nurnoch grau, aber ändern kann ichs immernoch nicht.
Hier die nächste Log "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "LDM" = "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"] "EA Core" = "C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent" ["Electronic Arts"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = ""C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"] "Mirabilis ICQ" = "C:\PROGRA~1\ICQ\ICQNet.exe" [null data] "VirtualCloneDrive" = ""C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s" ["Elaborate Bytes AG"] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."] "TerraTec Remote Control" = ""C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"" [file not found] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "DAEMON Tools-1033" = ""C:\Programme\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data] "Profiler" = "C:\Programme\Saitek\Software\Profiler.exe" ["Saitek"] "SaiSmart" = "C:\Programme\Saitek\Software\SaiSmart.exe" ["Saitek"] "SaiMfd" = "C:\Programme\Saitek\Software\SaiMfd.exe" ["Saitek"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "Flag" = 132 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = "FlashFXP Helper for Internet Explorer" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] "{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] "{B7056B8E-4F99-44f8-8CBD-282390FE5428}" = "VirtualCloneDrive" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll" ["Elaborate Bytes AG"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] Group Policies [Description] {enabled Group Policy setting}: ------------------------------------------------------------ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001 [enables Active Desktop and prevents disabling it] {User Configuration|Administrative Templates|Desktop|Active Desktop| Enable Active Desktop} HIJACK WARNING! "Wallpaper" = "C:\WINDOWS\desktop.html" [disables the Display Properties|Desktop (tab) (except the "Customize Desktop..." button); selects wallpaper and enables Active Desktop] {User Configuration|Administrative Templates|Desktop|Active Desktop| Active Desktop Wallpaper|Wallpaper Name:} Active Desktop and Wallpaper: ----------------------------- Active Desktop enabled via Group Policy. Wallpaper selected via Group Policy. Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "TvC" & "All Users" startup folders: ----------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "InterVideo WinCinema Manager" -> shortcut to: "C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string] "Logitech Desktop Messenger" -> shortcut to: "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"] "Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "SiWake" -> shortcut to: "C:\Programme\Wireless LAN Utility\SiWake.exe" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] StarWind iSCSI Service, StarWindService, "C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Symantec AntiVirus, Symantec AntiVirus, ""C:\Programme\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"] Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Programme\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"] Microsoft Office Live Meeting Document Writer Monitor\Driver = "lmdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 24 seconds, including 3 seconds for message boxes) |
|
|
||
15.11.2005, 16:36
Ehrenmitglied
Beiträge: 29434 |
#33
Gehe in die Registry
Start-->Ausfuehren--> regedit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx "Flag" = 132 <---loeschen HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system\ "Wallpaper" = "C:\WINDOWS\desktop.html" <--loeschen Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat REGEDIT4Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fix.reg" auf dem Desktop doppelklicken. starte den PC neu __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.11.2005, 16:59
...neu hier
Beiträge: 4 |
||
|
||
28.11.2005, 17:36
Member
Beiträge: 20 |
#35
Hallo liebe helfer
Ich habe das gleiche problem rechts unten steht bei mir your computer ist infected was soll ich tuhen bitte helft mir ich weiss gar nicht was ich tuhen soll |
|
|
||
28.11.2005, 17:58
Ehrenmitglied
Beiträge: 29434 |
#36
Hallo@waver
wende Cleanup an http://virus-protect.org/cleanup.html kopiere hier die 4 Logs (3 monate vom Datum her...reichen) http://virus-protect.org/datfindbat.html __________ + winpfind http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.11.2005, 18:09
...neu hier
Beiträge: 2 |
#37
Hy Leute,
seit zwei Tagen hab ich jetzt ein riesiges Problem. Ich hoffe dennoch, dass ihr mir weiterhelfen könnt. Eigentlich wie viele meiner Vorgänger in diesem Thread. Wie gesagt seit zwei Tagen... bekomme ich von Windows diese nervende Nachricht "Your Computer is infected". Zudem ist diese Nachricht ziemlich nervig,da man sie nicht wegklicken kann, und wenn doch, dann erscheint sie in den nächsten 3 sek wieder. Ich hab schon Norton, PC-Cillin, Adware usw. drüberlaufen lassen..... ohne Erfolg Könnt ihr mir evtl helfen?! Gibts denn vielleicht eine Lösung außer format c: ? Wäre echt nett von euch hier mal die Logfile von HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 17:20:04, on 28.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe C:\WINDOWS\system32\paytime.exe C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\Programme\CursorXP\CursorXP.exe C:\Programme\Stardock\Object Desktop\DesktopX\DesktopX.exe C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programme\Internet Download Manager\IDMan.exe C:\winstall.exe C:\WINDOWS\system32\paytime.exe C:\WINDOWS\tool2.exe C:\WINDOWS\tool2.exe C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\HbTools\Bin\4.7.1.0\HbtSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von SH Com O2 - BHO: Tensons.Application.DownloadAcceleratorManager.BHO - {00000003-1118-11da-8cd6-0800200c9888} - mscoree.dll (file missing) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Programme\e-zshopper\BarLcher.dll (file missing) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing) O2 - BHO: Java Machine Support Dll - {6B925150-4E3E-4EC7-B642-57392A9394C1} - C:\WINDOWS\system32\javamcore.dll O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll O2 - BHO: (no name) - {81388FE0-98DE-E657-DD9B-C78BB0D82E43} - C:\DOKUME~1\Besitzer\ANWEND~1\TITLEP~1\ooze logo.exe O2 - BHO: Response Class - {81A99149-F047-4090-8AAD-D11FF4EFB734} - C:\WINDOWS\system32\dae.dll (file missing) O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programme\Accoona\ASearchAssist.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file) O3 - Toolbar: e-zshopper 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Programme\e-zshopper\BarLcher.dll (file missing) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [VersionCheck] "C:\Programme\Onlineeye Pro\vcheck.exe" O4 - HKLM\..\Run: [OnlineTime] "c:\programme\onlineeye pro\onlineeye.exe" O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Roamlogopollmemo] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bows dumb roam logo\Win Bold.exe O4 - HKLM\..\Run: [eDonkey2000] C:\Programme\eDonkey2000\eDonkey2000.exe -t O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [vjjrldjp] C:\WINDOWS\system32\zgkywbgu.exe O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [DesktopX] "C:\Programme\Stardock\Object Desktop\DesktopX\DesktopX.exe" O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [IDMan] C:\Programme\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Programme\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200 O4 - HKCU\..\Run: [Program vc] C:\DOKUME~1\Besitzer\ANWEND~1\OPTION~1\proxympeg.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Verknüpfung mit CLogger.lnk = C:\Programme\hacken\CLogger.exe O8 - Extra context menu item: Download All Links with IDM - C:\Programme\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Programme\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra 'Tools' menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O14 - IERESET.INF: START_PAGE_URL=http://www.walsrode-net.de O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_mp3.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://daten.gr.bib.de/tsweb/msrdp.cab O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing) ____________________________________________________________ Danke schonmal für eure Hilfe!!!!!! |
|
|
||
29.11.2005, 00:00
Ehrenmitglied
Beiträge: 29434 |
#38
MW_ICEMAN
LSPfix --> schreibe mir, welche dll du findest http://www.spychecker.com/program/lspfix.html wende Cleanup an http://virus-protect.org/cleanup.html kopiere hier die 4 Logs (3 monate vom Datum her...reichen) http://virus-protect.org/datfindbat.html __________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.11.2005, 00:40
Member
Beiträge: 20 |
#39
Hallo sabina danke das du mir hilfst
Verzeichnis von C:\WINDOWS\system32 27.11.2005 23:13 4.073 paytime.exe 27.11.2005 22:57 8.464 sporder.dll 27.11.2005 22:39 2.206 wpa.dbl 27.11.2005 15:28 1.372 qtplugin.log 26.11.2005 01:13 383.254 perfh009.dat 26.11.2005 01:13 53.608 perfc009.dat 26.11.2005 01:13 394.500 perfh007.dat 26.11.2005 01:13 64.598 perfc007.dat 26.11.2005 01:13 794.818 PerfStringBackup.INI 25.11.2005 15:36 259.048 FNTCACHE.DAT 25.11.2005 15:00 22 ati64hlp.stb 02.11.2005 10:49 2.377.568 MRT.exe 29.10.2005 06:52 307.200 atiiiexx.dll 29.10.2005 06:13 258.048 ATIDEMGR.dll 29.10.2005 05:32 6.684.672 atioglx1.dll 29.10.2005 04:27 4.866.048 atioglxx.dll 29.10.2005 04:12 247.296 ati2dvag.dll 29.10.2005 04:08 110.592 atipdlxx.dll 29.10.2005 04:07 77.824 Oemdspif.dll 29.10.2005 04:07 26.112 Ati2mdxx.exe 29.10.2005 04:07 40.960 ati2edxx.dll 29.10.2005 04:07 47.616 ati2evxx.dll 29.10.2005 04:06 389.120 ati2evxx.exe 29.10.2005 04:06 53.248 ATIDDC.DLL 29.10.2005 03:58 2.491.808 ati3duag.dll 29.10.2005 03:52 603.040 ativvaxx.dll 29.10.2005 03:40 151.552 atikvmag.dll 29.10.2005 03:21 17.408 atitvo32.dll 29.10.2005 03:16 237.568 ati2cqag.dll 28.10.2005 21:05 520.192 ati2sgag.exe 17.10.2005 15:15 110.293 atiicdxx.dat 12.10.2005 13:09 19.456 bthcrps.dll 06.10.2005 04:20 260.608 gdi32.dll 06.10.2005 04:14 1.799.680 win32k.sys 04.10.2005 11:33 2.700.288 MSHTML.DLL 27.09.2005 01:41 611.840 xpsp2res.dll 23.09.2005 04:27 8.389.632 shell32.dll 10.09.2005 03:04 2.025.984 cdosys.dll 02.09.2005 16:31 458.752 URLMON.DLL 02.09.2005 16:31 496.128 MSTIME.DLL 02.09.2005 15:35 192.000 DXTRANS.DLL 02.09.2005 10:07 988.160 DANIM.DLL 01.09.2005 02:51 278.528 winsrv.dll 01.09.2005 02:51 16.384 linkinfo.dll 31.08.2005 17:51 409.600 shlwapi.dll 30.08.2005 08:26 1.233.408 quartz.dll 29.08.2005 12:27 520.968 LegitCheckControl.DLL 29.08.2005 12:27 23.304 GWFSPidGen.DLL 24.08.2005 18:25 6.020 atifglpf.xml 23.08.2005 04:51 112.128 umpnpmgr.dll 22.08.2005 19:36 154.624 netman.dll 13.08.2005 20:41 118.784 sirenacm.dll 05.08.2005 18:23 234.496 msieftp.dll Verzeichnis von C:\DOKUME~1\alex\LOKALE~1\Temp 28.11.2005 22:39 49.152 ~DF9E91.tmp 28.11.2005 22:35 16.384 Perflib_Perfdata_be8.dat 28.11.2005 21:04 16.384 Perflib_Perfdata_830.dat 28.11.2005 21:04 16.384 Perflib_Perfdata_7f8.dat 28.11.2005 21:03 16.384 Perflib_Perfdata_f28.dat 28.11.2005 19:59 0 WER3A5.tmp 28.11.2005 17:02 138 cfin 28.11.2005 17:02 112 cfout.txt 27.11.2005 23:12 72.192 ~e5.0001 27.11.2005 21:39 16.384 ~DF6488.tmp 27.11.2005 15:07 27.452 AAX34.tmp 26.11.2005 15:08 10.538 control.xml 26.11.2005 01:22 16.384 ~DF5E2B.tmp 26.11.2005 01:13 2.316 dotNetFx.log 26.11.2005 01:12 7.228 ASPNETSetup.log 25.11.2005 00:39 632 MSI4f0d4.LOG 25.11.2005 00:32 632 MSI4aaa4.LOG 14.11.2005 22:20 5.733.754 CCEE.tmp 13.11.2005 14:40 88.907 alex.jpg 13.11.2005 14:40 48.131 CIMG9580.jpg 13.11.2005 14:40 44.825 CIMG9565.jpg 07.11.2005 16:18 32.768 ~DF873F.tmp 04.11.2005 14:47 819.912 FlashPlayerUpdate.exe 04.11.2005 06:52 729.088 AutoRun.exe 28.10.2005 12:15 781 settings.dat 28.10.2005 12:15 455 lib4.dat 28.10.2005 12:15 9.130 colors.dat 24.10.2005 22:23 3.793 Bild(8).jpg 24.10.2005 22:22 129.852 Foto(150).jpg 24.10.2005 22:22 17.301 Bild(5).jpg 24.10.2005 22:21 17.112 Bild(4).jpg 24.10.2005 22:21 19.943 Bild(3).jpg 24.10.2005 22:20 3.919 Bild(2).jpg 24.10.2005 22:20 3.249 Bild(1).jpg 21.10.2005 12:00 0 fla12.tmp 19.10.2005 23:40 2.375.816 ~WinFixer2005ScannerSetup.exe 19.10.2005 00:39 1.388.232 Patch_MSN_Messenger.EXE 14.10.2005 09:02 585.728 AutoRunGUI.dll 13.10.2005 23:59 65.536 ~DF8.tmp 13.10.2005 23:59 0 ~DF50.tmp 13.10.2005 23:02 11.362 xml9.tmp 13.10.2005 22:58 884 TWAIN.LOG 13.10.2005 22:58 3 Twain001.Mtx 13.10.2005 22:58 156 Twunk001.MTX 13.10.2005 22:33 107.512 SetA.tmp 27.09.2005 22:36 107.512 Set40.tmp 27.09.2005 22:36 107.512 Set3C.tmp 27.09.2005 22:09 107.512 Set10E.tmp 27.09.2005 21:53 0 Twunk002.MTX 27.09.2005 21:49 107.512 SetD4.tmp 26.09.2005 21:42 33.698 31-05-05_1743.jpg 26.09.2005 17:38 6.750 26-09-05_1317.jpg 26.09.2005 17:37 20.682 26-09-05_1318.jpg 18.09.2005 00:50 16.384 ~DFDF2C.tmp 17.09.2005 23:46 32.768 ~DFDA5.tmp 17.09.2005 18:20 32.768 ~DFA53E.tmp 17.09.2005 16:39 69.157 btwinlog.txt 10.09.2005 19:52 65.536 ~DFFBBB.tmp 10.09.2005 19:40 62.753 TFR60.tmp 10.09.2005 19:40 10.225 TFR5B.tmp 10.09.2005 19:40 35.574 TFR57.tmp 10.09.2005 19:40 67.994 TFR52.tmp 10.09.2005 19:40 37.885 TFR4D.tmp 10.09.2005 19:40 70.357 TFR49.tmp 10.09.2005 19:40 16.178 TFR46.tmp 10.09.2005 19:40 59.218 TFR43.tmp 09.09.2005 14:45 512 ~DFCAEA.tmp 09.09.2005 13:41 512 ~DF16EC.tmp 09.09.2005 13:41 512 ~DFFF0C.tmp 09.09.2005 13:18 16.384 Perflib_Perfdata_c44.dat 08.09.2005 00:57 49.152 ~DFDC92.tmp 05.09.2005 20:04 62.753 TFR4A.tmp 05.09.2005 20:04 35.574 TFR45.tmp 05.09.2005 20:04 67.994 TFR41.tmp 05.09.2005 20:04 37.885 TFR3D.tmp 05.09.2005 20:04 70.357 TFR37.tmp 05.09.2005 20:04 16.178 TFR33.tmp 05.09.2005 20:04 59.218 TFR30.tmp 05.09.2005 19:46 21.122 TFR29.tmp 05.09.2005 19:37 23.427 TFR24.tmp 05.09.2005 19:36 10.225 TFR1E.tmp 05.09.2005 13:15 32.768 ~DF90E4.tmp 04.09.2005 00:55 190 ResHacker.ini 03.09.2005 00:26 62.753 TFR23.tmp 03.09.2005 00:26 10.225 TFR22.tmp 03.09.2005 00:26 35.574 TFR21.tmp 03.09.2005 00:26 67.994 TFR20.tmp 03.09.2005 00:26 37.885 TFR1F.tmp 03.09.2005 00:26 70.357 TFR1D.tmp 03.09.2005 00:26 16.178 TFR1C.tmp 03.09.2005 00:26 59.218 TFR16.tmp 01.09.2005 16:12 0 Camtasia Recorder_convert8dfb0b.wav 01.09.2005 15:07 0 WER63.tmp 31.08.2005 17:39 32.768 ~DFA784.tmp 31.08.2005 16:49 23.262 TFR65.tmp 31.08.2005 16:49 21.122 TFR62.tmp 31.08.2005 16:49 23.427 TFR5F.tmp 31.08.2005 16:49 62.753 TFR5A.tmp 31.08.2005 16:49 10.225 TFR56.tmp 31.08.2005 16:49 35.574 TFR53.tmp 31.08.2005 16:49 67.994 TFR4F.tmp 31.08.2005 16:49 37.885 TFR4E.tmp 30.08.2005 14:47 59.218 TFR51.tmp 30.08.2005 14:47 40.950 TFR50.tmp 30.08.2005 14:47 46.660 TFR4B.tmp 30.08.2005 14:47 20.560 TFR47.tmp 30.08.2005 14:47 23.608 TFR42.tmp 30.08.2005 14:47 16.178 TFR3F.tmp 30.08.2005 14:47 46.021 TFR3C.tmp 30.08.2005 14:46 73.578 TFR36.tmp 30.08.2005 14:42 23.262 TFR1B.tmp 30.08.2005 14:42 21.122 TFR1A.tmp 30.08.2005 14:42 23.427 TFR19.tmp 30.08.2005 14:42 62.753 TFR18.tmp 30.08.2005 14:42 10.225 TFR17.tmp 30.08.2005 14:42 35.574 TFR15.tmp 30.08.2005 14:42 67.994 TFR14.tmp 30.08.2005 14:42 37.885 TFR13.tmp 29.08.2005 01:55 16.384 ~DFCE4A.tmp 28.08.2005 23:30 46.021 TFR23C.tmp 28.08.2005 23:23 160.345 Cap0.asf 28.08.2005 23:09 92.864 au_setuph.dll 28.08.2005 23:09 9.920 au_res.dll 28.08.2005 23:09 302.611 au_all.cab 28.08.2005 23:09 14.238 msntb.cfg 28.08.2005 23:09 602 manifest.cfg 28.08.2005 22:59 58.895 msnclean.log 28.08.2005 22:43 32.768 ~DFC86A.tmp 28.08.2005 22:27 32.768 ~DF163D.tmp 09.08.2005 03:39 229.848 msnsearch.exe Verzeichnis von C:\WINDOWS 28.11.2005 22:35 1.253 win.ini 28.11.2005 21:03 7.579 setupapi.log 28.11.2005 21:00 1.839.631 WindowsUpdate.log 28.11.2005 20:27 0 0.log 28.11.2005 20:26 2.048 bootstat.dat 28.11.2005 20:25 32.540 SchedLgU.Txt 28.11.2005 19:59 47 wiaservc.log 28.11.2005 19:59 216 wiadebug.log 28.11.2005 19:26 116 NeroDigital.ini 28.11.2005 17:09 163.055 Video Cleaner Pro Uninstaller.exe 28.11.2005 17:02 159.595 Video Cleaner Uninstaller.exe 28.11.2005 01:00 0 Sti_Trace.log 27.11.2005 23:13 2.033 hosts 27.11.2005 23:13 1.999 desktop.html 27.11.2005 23:13 3.049 secure32.html 27.11.2005 23:13 1.024 degbes.exe 27.11.2005 23:13 1.024 de.exe 27.11.2005 23:13 29.184 tool2.exe 27.11.2005 23:13 62.119 kl.exe 27.11.2005 23:13 0 uniq 27.11.2005 22:58 182.272 NDNuninstall6_98.exe 25.11.2005 15:24 1.064.746 setupapi.log.1.old 25.11.2005 00:32 10 WININIT.INI 24.11.2005 01:19 0 SwSys2.bmp 24.11.2005 01:19 0 SwSys1.bmp 23.11.2005 17:23 335 nsreg.dat 23.11.2005 17:23 99.024 MozillaUninstall.exe 23.11.2005 17:23 7.074 mozver.dat 23.11.2005 17:23 98.512 GREUninstall.exe 22.11.2005 20:42 50.688 ALCFDRTM.VER 22.11.2005 00:40 30 Iedit.INI 09.11.2005 13:30 19.456 shginas.dll 27.10.2005 14:10 130 videodeLuxe.INI 07.10.2005 21:49 2.195 shginasn.xml 27.09.2005 22:12 71 Pex.INI 27.09.2005 22:10 74 efdcet.dat 20.09.2005 15:04 117 cdplayer.ini 16.09.2005 18:22 2.016 ModemLog_Bluetooth Modem.txt 30.08.2005 11:53 211 uno.ini 29.08.2005 01:23 1.028.012 setupapi.log.0.old 29.08.2005 00:18 169 RtlRack.ini Verzeichnis von C:\ 28.11.2005 22:47 0 sys.txt 28.11.2005 22:47 6.004 system.txt 28.11.2005 22:44 13.247 systemtemp.txt 28.11.2005 22:43 95.614 system32.txt 28.11.2005 20:40 17.341 SDSSetup.log 28.11.2005 20:26 805.306.368 pagefile.sys 27.11.2005 23:13 3.049 secure32.html 27.11.2005 23:13 29.184 winstall.exe 27.10.2005 14:10 0 getframes.log 29.09.2005 19:51 700.416 StubInstaller.exe 17.09.2005 17:04 0 Xxx Pizza Africana (Coco Brown) Porn Black Ebony Girl F*** Hard Geile Negerin.mpg 17.09.2005 16:21 192 BcBtRmv.log 19.07.2005 12:37 3 TCPCheckResult.txt 10.07.2005 16:57 235.296 ntldr 10.07.2005 16:57 47.580 NTDETECT.COM 10.07.2005 15:50 429 TO_InstallLog.txt 10.07.2005 10:21 211 boot.ini ich hoffe du kannst mir weiter helfen Sabina |
|
|
||
29.11.2005, 00:53
Ehrenmitglied
Beiträge: 29434 |
#40
waver
gehe in die Registry Start-->Ausfuehren--> regedit HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "Wallpaper" = "C:\WINDOWS\desktop.html"<.---loeschen KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\paytime.exe C:\WINDOWS\system32\sporder.dll C:\DOKUME~1\alex\LOKALE~1\Temp\~WinFixer2005ScannerSetup.exe C:\DOKUME~1\alex\LOKALE~1\Temp\msnsearch.exe C:\WINDOWS\hosts C:\WINDOWS\desktop.html C:\WINDOWS\secure32.html C:\WINDOWS\degbes.exe C:\WINDOWS\de.exe C:\WINDOWS\tool2.exe C:\WINDOWS\kl.exe C:\WINDOWS\uniq C:\WINDOWS\NDNuninstall6_98.exe C:\secure32.html C:\winstall.exe C:\StubInstaller.exe PC neustarten wende Cleanup an (C:\DOKUME~1\alex\LOKALE~1\Temp muss leer sein)...sichere vorher deine Fotos (jpg ) http://virus-protect.org/cleanup.html Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.11.2005, 22:18
Member
Beiträge: 20 |
#41
hallo Sabina erst mal dankeschön es es ist weg
hier mein log Logfile of HijackThis v1.99.1 Scan saved at 22:15:43, on 29.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\Dit.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Program Files\Rljvab\Tgpp.exe C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Shareaza\Shareaza.exe C:\WINDOWS\DitExp.exe C:\Programme\WinZip\WZQKPICK.EXE c:\progra~1\intern~1\iexplore.exe C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe C:\Programme\Norton Personal Firewall\ISSVC.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\WINDOWS\System32\wuauclt.exe C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE C:\Dokumente und Einstellungen\alex\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [begLClb] C:\WINDOWS\tasuaxl.exe O4 - HKLM\..\Run: [Opcjnc] C:\Program Files\Rljvab\Tgpp.exe O4 - HKLM\..\Run: [AnyDVD] "C:\Programme\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DumbHeartPopTrans] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak Bait Dumb Heart\ACID STORE.exe O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [interstart] C:\DOKUME~1\alex\ANWEND~1\MP3ITCH\ENC LOGO.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_98.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{8B35238D-0241-439C-BF81-2F2DF9001145}: NameServer = 217.237.150.141 217.237.150.97 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
||
30.11.2005, 01:17
Ehrenmitglied
Beiträge: 29434 |
#42
waver
LSPfix http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"--Remove und loesche die newdotnet6_98.dll (eventuell musst du die dll von links nach rechts bringen) öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file) O4 - HKLM\..\Run: [begLClb] C:\WINDOWS\tasuaxl.exe O4 - HKLM\..\Run: [Opcjnc] C:\Program Files\Rljvab\Tgpp.exe O4 - HKLM\..\Run: [DumbHeartPopTrans] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak Bait Dumb Heart\ACID STORE.exe O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [interstart] C:\DOKUME~1\alex\ANWEND~1\MP3ITCH\ENC LOGO.exe neustarten Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren loeschen: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak Bait Dumb Heart C:\Dokumente und Einstellungen\alex\Anwendungsdaten\MP3ITCH C:\WINDOWS\tasuaxl.exe C:\Program Files\Rljvab\Tgpp.exe C:\Program Files\Rljvab Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: Zitat dir %Windir%\tasks /a h > files.txt- Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text scanne mit Panda und poste den scanreport (er wird alle verseuchten Dateien von LOP finden) http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.12.2005, 23:28
...neu hier
Beiträge: 1 |
#43
Hallo Zusammen!
Seit heute Abend habe ich auch dies Nachricht in der Task-Leiste. Ich habe nur wenig Ahnung von Computern und mich regt dieses Zeichen echt auf. Daher meine Frage: Wie krige ich das weg? Welche Programme muss ich ausführen? Was macht dieses "Ding" eigentlich-zerstört der mein System sodass ich es nicht mehr verwenden kann oder ist da nur die Nervige Warnmeldung? Fall er nicht so schlimm ist wäre es auch gut wenn der sich einfach nicht mehr melden würde. Ich weiß dass hier schon viel dazu geschrieben wurde doch da blicke ich nicht durch. Neuinstallation mag ich gar nicht... Wäre echt super wenn mir einer eine Lösung geben könnte!!! Gruss MFB |
|
|
||
08.12.2005, 11:13
Ehrenmitglied
Beiträge: 29434 |
#44
MJB
wende CleanUp an http://virus-protect.org/cleanup.html Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.12.2005, 16:25
Member
Beiträge: 21 |
#45
Hallo, ich hatte 3 rote Kreise mit dem weissen X. Die habe ich entfernen können, wie auch immer. Mein Antivir meldet immer noch "Trojaner". Hoffentlich könnt ihr mir helfen. Hier mein Logfile von HijackThis:
Logfile of HijackThis v1.99.1 Scan saved at 15:37:19, on 11.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\AVPersonal\AVGNT.EXE C:\PROGRA~1\Medion\KeyStat\KeyStat.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Mozilla1.7.6\mozilla.exe C:\Programme\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468 O17 - HKLM\System\CCS\Services\Tcpip\..\{CC32E40C-7D6A-4C7B-8C3B-8923F7D8B79E}: NameServer = 213.191.74.11 213.191.92.82 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe und von datFind.bat: Verzeichnis von C:\WINDOWS\system32 07.12.2005 17:29 2.206 wpa.dbl 29.11.2005 17:14 375.542 perfh009.dat 29.11.2005 17:14 51.340 perfc009.dat 29.11.2005 17:14 62.166 perfc007.dat 29.11.2005 17:14 386.058 perfh007.dat 29.11.2005 17:14 884.200 PerfStringBackup.INI 27.11.2005 22:54 4.073 paytime.exe 31.07.2005 10:52 262.232 FNTCACHE.DAT Verzeichnis von C:\WINDOWS 11.12.2005 13:44 817 win.ini 11.12.2005 13:44 243 system.ini 11.12.2005 12:53 5.396 ModemLog_Bluetooth DUN Modem.txt 11.12.2005 12:53 0 0.log 11.12.2005 12:53 4.568 ModemLog_Creatix V.92 Data Fax Modem.txt 11.12.2005 12:53 2.020 ModemLog_Bluetooth Fax Modem.txt 11.12.2005 12:53 159 wiadebug.log 11.12.2005 12:53 50 wiaservc.log 11.12.2005 12:52 738.175 setupapi.log 11.12.2005 12:52 2.048 bootstat.dat 11.12.2005 11:12 32.544 SchedLgU.Txt 11.12.2005 11:12 399.268 WindowsUpdate.log 09.12.2005 19:06 2.024 ModemLog_Bluetooth LAP Modem.txt 09.12.2005 19:06 2.024 ModemLog_Bluetooth LAP Modem #2.txt 05.12.2005 20:14 7.619 setupact.log 28.11.2005 17:46 151 WLP.ini 27.11.2005 22:54 29.184 tool2.exe 27.11.2005 22:54 62.119 kl.exe 27.11.2005 22:54 0 uniq 25.11.2005 23:37 12.967 wmsetup.log 21.11.2005 21:09 116 NeroDigital.ini 03.11.2005 18:16 346 Wininit.ini 14.09.2005 13:03 2.252 PTP2004G.INI 14.09.2005 13:01 190 LangIDlib.INI Verzeichnis von C:\ 11.12.2005 16:24 0 sys.txt 11.12.2005 16:24 105.396.788 wialog.txt 11.12.2005 16:23 6.547 system.txt 11.12.2005 16:23 124 systemtemp.txt 11.12.2005 15:43 99.484 system32.txt 11.12.2005 13:44 211 boot.ini 11.12.2005 12:52 1.073.270.784 hiberfil.sys 11.12.2005 12:52 1.610.612.736 pagefile.sys 13.11.2005 17:54 13.886 hpfr5550.log Danke schonmal |
|
|
||
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O18 - Protocol: bw+0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
PC neustarten
KILLBOX
http://virus-protect.org/killbox.html
Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
C:\WINDOWS\SYSTEM32\paytime.exe
C:\DOKUME~1\TvC\LOKALE~1\Temp\IadHide5.dll
C:\secure32.html
C:\winstall.exe
C:\WINDOWS\hosts
C:\WINDOWS\desktop.html
C:\WINDOWS\secure32.html
C:\WINDOWS\degbes.exe
C:\WINDOWS\de.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\uniq
PC neustarten
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.
dann das Log vom Silentrunner
http://virus-protect.org/silentrunner.html
-------------
Info;
http://virus-protect.org/artikel/spyware/secure_32.html
__________
MfG Sabina
rund um die PC-Sicherheit