"Your computer is infected"

Thema ist geschlossen!
Thema ist geschlossen!
#0
15.11.2005, 00:04
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#31 Hallo Yume

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O18 - Protocol: bw+0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {815C7593-E1D6-4A95-AC2C-0430AAB9A3A0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

PC neustarten

KILLBOX
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\SYSTEM32\paytime.exe
C:\DOKUME~1\TvC\LOKALE~1\Temp\IadHide5.dll
C:\secure32.html
C:\winstall.exe
C:\WINDOWS\hosts
C:\WINDOWS\desktop.html
C:\WINDOWS\secure32.html
C:\WINDOWS\degbes.exe
C:\WINDOWS\de.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\uniq

PC neustarten

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

dann das Log vom Silentrunner
;)
http://virus-protect.org/silentrunner.html

-------------

Info;
http://virus-protect.org/artikel/spyware/secure_32.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.11.2005, 16:28
...neu hier

Beiträge: 4
#32 Hi, danke für die Anleitung. Hab alles gemacht, Hintergrundbild ist jetzt nurnoch grau, aber ändern kann ichs immernoch nicht.

Hier die nächste Log ;)

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"LDM" = "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]
"EA Core" = "C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent" ["Electronic Arts"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = ""C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
"Mirabilis ICQ" = "C:\PROGRA~1\ICQ\ICQNet.exe" [null data]
"VirtualCloneDrive" = ""C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s" ["Elaborate Bytes AG"]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"TerraTec Remote Control" = ""C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"" [file not found]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"DAEMON Tools-1033" = ""C:\Programme\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
"Profiler" = "C:\Programme\Saitek\Software\Profiler.exe" ["Saitek"]
"SaiSmart" = "C:\Programme\Saitek\Software\SaiSmart.exe" ["Saitek"]
"SaiMfd" = "C:\Programme\Saitek\Software\SaiMfd.exe" ["Saitek"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
"Flag" = 132

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = "FlashFXP Helper for Internet Explorer" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"]
"{B7056B8E-4F99-44f8-8CBD-282390FE5428}" = "VirtualCloneDrive"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll" ["Elaborate Bytes AG"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]


Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001
[enables Active Desktop and prevents disabling it]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Enable Active Desktop}

HIJACK WARNING! "Wallpaper" = "C:\WINDOWS\desktop.html"
[disables the Display Properties|Desktop (tab) (except the "Customize
Desktop..." button); selects wallpaper and enables Active Desktop]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Active Desktop Wallpaper|Wallpaper Name:}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop enabled via Group Policy.

Wallpaper selected via Group Policy.


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "TvC" & "All Users" startup folders:
-----------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"InterVideo WinCinema Manager" -> shortcut to: "C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"Logitech Desktop Messenger" -> shortcut to: "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"SiWake" -> shortcut to: "C:\Programme\Wireless LAN Utility\SiWake.exe" [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
StarWind iSCSI Service, StarWindService, "C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Programme\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Programme\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Office Live Meeting Document Writer Monitor\Driver = "lmdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 24 seconds, including 3 seconds for message boxes)
Seitenanfang Seitenende
15.11.2005, 16:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#33 Gehe in die Registry

Start-->Ausfuehren--> regedit


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
"Flag" = 132 <---loeschen

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system\
"Wallpaper" = "C:\WINDOWS\desktop.html" <--loeschen


Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoViewContextMenu"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoViewContextMenu"=-
"NoActiveDesktop"=-
"ForceActiveDesktopOn"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
"NoComponents"=-
"NoAddingComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoHTMLWallpaper"=-
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fix.reg" auf dem Desktop doppelklicken.


starte den PC neu
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.11.2005, 16:59
...neu hier

Beiträge: 4
#34 Jo alles wieder sauber ;)

Vielen dank für die Hilfe!




mfg

Yume
Seitenanfang Seitenende
28.11.2005, 17:36
Member

Beiträge: 20
#35 Hallo liebe helfer
Ich habe das gleiche problem rechts unten steht bei mir your computer ist infected
was soll ich tuhen bitte helft mir ich weiss gar nicht was ich tuhen soll
Seitenanfang Seitenende
28.11.2005, 17:58
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#36 Hallo@waver

wende Cleanup an
http://virus-protect.org/cleanup.html

kopiere hier die 4 Logs (3 monate vom Datum her...reichen)
http://virus-protect.org/datfindbat.html
__________
+
winpfind
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.11.2005, 18:09
...neu hier

Beiträge: 2
#37 Hy Leute,

seit zwei Tagen hab ich jetzt ein riesiges Problem. Ich hoffe dennoch, dass ihr mir weiterhelfen könnt. Eigentlich wie viele meiner Vorgänger in diesem Thread.

Wie gesagt seit zwei Tagen... bekomme ich von Windows diese nervende Nachricht "Your Computer is infected". Zudem ist diese Nachricht ziemlich nervig,da man sie nicht wegklicken kann, und wenn doch, dann erscheint sie in den nächsten 3 sek wieder. Ich hab schon Norton, PC-Cillin, Adware usw. drüberlaufen lassen..... ohne Erfolg

Könnt ihr mir evtl helfen?! Gibts denn vielleicht eine Lösung außer format c: ? Wäre echt nett von euch


hier mal die Logfile von HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 17:20:04, on 28.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
C:\WINDOWS\system32\paytime.exe
C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programme\CursorXP\CursorXP.exe
C:\Programme\Stardock\Object Desktop\DesktopX\DesktopX.exe
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\Internet Download Manager\IDMan.exe
C:\winstall.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HbTools\Bin\4.7.1.0\HbtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von SH Com
O2 - BHO: Tensons.Application.DownloadAcceleratorManager.BHO - {00000003-1118-11da-8cd6-0800200c9888} - mscoree.dll (file missing)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Programme\e-zshopper\BarLcher.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Java Machine Support Dll - {6B925150-4E3E-4EC7-B642-57392A9394C1} - C:\WINDOWS\system32\javamcore.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O2 - BHO: (no name) - {81388FE0-98DE-E657-DD9B-C78BB0D82E43} - C:\DOKUME~1\Besitzer\ANWEND~1\TITLEP~1\ooze logo.exe
O2 - BHO: Response Class - {81A99149-F047-4090-8AAD-D11FF4EFB734} - C:\WINDOWS\system32\dae.dll (file missing)
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programme\Accoona\ASearchAssist.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: e-zshopper 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Programme\e-zshopper\BarLcher.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.7.1.0\HbtHostIE.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [VersionCheck] "C:\Programme\Onlineeye Pro\vcheck.exe"
O4 - HKLM\..\Run: [OnlineTime] "c:\programme\onlineeye pro\onlineeye.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Roamlogopollmemo] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bows dumb roam logo\Win Bold.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Programme\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [vjjrldjp] C:\WINDOWS\system32\zgkywbgu.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [DesktopX] "C:\Programme\Stardock\Object Desktop\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [IDMan] C:\Programme\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Programme\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Program vc] C:\DOKUME~1\Besitzer\ANWEND~1\OPTION~1\proxympeg.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Verknüpfung mit CLogger.lnk = C:\Programme\hacken\CLogger.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Programme\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.walsrode-net.de
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c5.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_mp3.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://daten.gr.bib.de/tsweb/msrdp.cab
O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)


____________________________________________________________


Danke schonmal für eure Hilfe!!!!!!
Seitenanfang Seitenende
29.11.2005, 00:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#38 MW_ICEMAN

LSPfix --> schreibe mir, welche dll du findest
http://www.spychecker.com/program/lspfix.html

wende Cleanup an
http://virus-protect.org/cleanup.html

kopiere hier die 4 Logs (3 monate vom Datum her...reichen)
http://virus-protect.org/datfindbat.html
__________
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.11.2005, 00:40
Member

Beiträge: 20
#39 Hallo sabina danke das du mir hilfst
Verzeichnis von C:\WINDOWS\system32

27.11.2005 23:13 4.073 paytime.exe
27.11.2005 22:57 8.464 sporder.dll

27.11.2005 22:39 2.206 wpa.dbl
27.11.2005 15:28 1.372 qtplugin.log
26.11.2005 01:13 383.254 perfh009.dat
26.11.2005 01:13 53.608 perfc009.dat
26.11.2005 01:13 394.500 perfh007.dat
26.11.2005 01:13 64.598 perfc007.dat
26.11.2005 01:13 794.818 PerfStringBackup.INI
25.11.2005 15:36 259.048 FNTCACHE.DAT
25.11.2005 15:00 22 ati64hlp.stb
02.11.2005 10:49 2.377.568 MRT.exe
29.10.2005 06:52 307.200 atiiiexx.dll
29.10.2005 06:13 258.048 ATIDEMGR.dll
29.10.2005 05:32 6.684.672 atioglx1.dll
29.10.2005 04:27 4.866.048 atioglxx.dll
29.10.2005 04:12 247.296 ati2dvag.dll
29.10.2005 04:08 110.592 atipdlxx.dll
29.10.2005 04:07 77.824 Oemdspif.dll
29.10.2005 04:07 26.112 Ati2mdxx.exe
29.10.2005 04:07 40.960 ati2edxx.dll
29.10.2005 04:07 47.616 ati2evxx.dll
29.10.2005 04:06 389.120 ati2evxx.exe
29.10.2005 04:06 53.248 ATIDDC.DLL
29.10.2005 03:58 2.491.808 ati3duag.dll
29.10.2005 03:52 603.040 ativvaxx.dll
29.10.2005 03:40 151.552 atikvmag.dll
29.10.2005 03:21 17.408 atitvo32.dll
29.10.2005 03:16 237.568 ati2cqag.dll
28.10.2005 21:05 520.192 ati2sgag.exe
17.10.2005 15:15 110.293 atiicdxx.dat
12.10.2005 13:09 19.456 bthcrps.dll
06.10.2005 04:20 260.608 gdi32.dll
06.10.2005 04:14 1.799.680 win32k.sys
04.10.2005 11:33 2.700.288 MSHTML.DLL
27.09.2005 01:41 611.840 xpsp2res.dll
23.09.2005 04:27 8.389.632 shell32.dll
10.09.2005 03:04 2.025.984 cdosys.dll
02.09.2005 16:31 458.752 URLMON.DLL
02.09.2005 16:31 496.128 MSTIME.DLL
02.09.2005 15:35 192.000 DXTRANS.DLL
02.09.2005 10:07 988.160 DANIM.DLL
01.09.2005 02:51 278.528 winsrv.dll
01.09.2005 02:51 16.384 linkinfo.dll
31.08.2005 17:51 409.600 shlwapi.dll
30.08.2005 08:26 1.233.408 quartz.dll
29.08.2005 12:27 520.968 LegitCheckControl.DLL
29.08.2005 12:27 23.304 GWFSPidGen.DLL
24.08.2005 18:25 6.020 atifglpf.xml
23.08.2005 04:51 112.128 umpnpmgr.dll
22.08.2005 19:36 154.624 netman.dll
13.08.2005 20:41 118.784 sirenacm.dll
05.08.2005 18:23 234.496 msieftp.dll

Verzeichnis von C:\DOKUME~1\alex\LOKALE~1\Temp

28.11.2005 22:39 49.152 ~DF9E91.tmp
28.11.2005 22:35 16.384 Perflib_Perfdata_be8.dat
28.11.2005 21:04 16.384 Perflib_Perfdata_830.dat
28.11.2005 21:04 16.384 Perflib_Perfdata_7f8.dat
28.11.2005 21:03 16.384 Perflib_Perfdata_f28.dat
28.11.2005 19:59 0 WER3A5.tmp
28.11.2005 17:02 138 cfin
28.11.2005 17:02 112 cfout.txt
27.11.2005 23:12 72.192 ~e5.0001
27.11.2005 21:39 16.384 ~DF6488.tmp
27.11.2005 15:07 27.452 AAX34.tmp
26.11.2005 15:08 10.538 control.xml
26.11.2005 01:22 16.384 ~DF5E2B.tmp
26.11.2005 01:13 2.316 dotNetFx.log
26.11.2005 01:12 7.228 ASPNETSetup.log
25.11.2005 00:39 632 MSI4f0d4.LOG
25.11.2005 00:32 632 MSI4aaa4.LOG
14.11.2005 22:20 5.733.754 CCEE.tmp
13.11.2005 14:40 88.907 alex.jpg
13.11.2005 14:40 48.131 CIMG9580.jpg
13.11.2005 14:40 44.825 CIMG9565.jpg
07.11.2005 16:18 32.768 ~DF873F.tmp
04.11.2005 14:47 819.912 FlashPlayerUpdate.exe
04.11.2005 06:52 729.088 AutoRun.exe
28.10.2005 12:15 781 settings.dat
28.10.2005 12:15 455 lib4.dat
28.10.2005 12:15 9.130 colors.dat
24.10.2005 22:23 3.793 Bild(8).jpg
24.10.2005 22:22 129.852 Foto(150).jpg
24.10.2005 22:22 17.301 Bild(5).jpg
24.10.2005 22:21 17.112 Bild(4).jpg
24.10.2005 22:21 19.943 Bild(3).jpg
24.10.2005 22:20 3.919 Bild(2).jpg
24.10.2005 22:20 3.249 Bild(1).jpg
21.10.2005 12:00 0 fla12.tmp
19.10.2005 23:40 2.375.816 ~WinFixer2005ScannerSetup.exe
19.10.2005 00:39 1.388.232 Patch_MSN_Messenger.EXE
14.10.2005 09:02 585.728 AutoRunGUI.dll
13.10.2005 23:59 65.536 ~DF8.tmp
13.10.2005 23:59 0 ~DF50.tmp
13.10.2005 23:02 11.362 xml9.tmp
13.10.2005 22:58 884 TWAIN.LOG
13.10.2005 22:58 3 Twain001.Mtx
13.10.2005 22:58 156 Twunk001.MTX
13.10.2005 22:33 107.512 SetA.tmp
27.09.2005 22:36 107.512 Set40.tmp
27.09.2005 22:36 107.512 Set3C.tmp
27.09.2005 22:09 107.512 Set10E.tmp
27.09.2005 21:53 0 Twunk002.MTX
27.09.2005 21:49 107.512 SetD4.tmp
26.09.2005 21:42 33.698 31-05-05_1743.jpg
26.09.2005 17:38 6.750 26-09-05_1317.jpg
26.09.2005 17:37 20.682 26-09-05_1318.jpg
18.09.2005 00:50 16.384 ~DFDF2C.tmp
17.09.2005 23:46 32.768 ~DFDA5.tmp
17.09.2005 18:20 32.768 ~DFA53E.tmp
17.09.2005 16:39 69.157 btwinlog.txt
10.09.2005 19:52 65.536 ~DFFBBB.tmp
10.09.2005 19:40 62.753 TFR60.tmp
10.09.2005 19:40 10.225 TFR5B.tmp
10.09.2005 19:40 35.574 TFR57.tmp
10.09.2005 19:40 67.994 TFR52.tmp
10.09.2005 19:40 37.885 TFR4D.tmp
10.09.2005 19:40 70.357 TFR49.tmp
10.09.2005 19:40 16.178 TFR46.tmp
10.09.2005 19:40 59.218 TFR43.tmp
09.09.2005 14:45 512 ~DFCAEA.tmp
09.09.2005 13:41 512 ~DF16EC.tmp
09.09.2005 13:41 512 ~DFFF0C.tmp
09.09.2005 13:18 16.384 Perflib_Perfdata_c44.dat
08.09.2005 00:57 49.152 ~DFDC92.tmp
05.09.2005 20:04 62.753 TFR4A.tmp
05.09.2005 20:04 35.574 TFR45.tmp
05.09.2005 20:04 67.994 TFR41.tmp
05.09.2005 20:04 37.885 TFR3D.tmp
05.09.2005 20:04 70.357 TFR37.tmp
05.09.2005 20:04 16.178 TFR33.tmp
05.09.2005 20:04 59.218 TFR30.tmp
05.09.2005 19:46 21.122 TFR29.tmp
05.09.2005 19:37 23.427 TFR24.tmp
05.09.2005 19:36 10.225 TFR1E.tmp
05.09.2005 13:15 32.768 ~DF90E4.tmp
04.09.2005 00:55 190 ResHacker.ini
03.09.2005 00:26 62.753 TFR23.tmp
03.09.2005 00:26 10.225 TFR22.tmp
03.09.2005 00:26 35.574 TFR21.tmp
03.09.2005 00:26 67.994 TFR20.tmp
03.09.2005 00:26 37.885 TFR1F.tmp
03.09.2005 00:26 70.357 TFR1D.tmp
03.09.2005 00:26 16.178 TFR1C.tmp
03.09.2005 00:26 59.218 TFR16.tmp
01.09.2005 16:12 0 Camtasia Recorder_convert8dfb0b.wav
01.09.2005 15:07 0 WER63.tmp
31.08.2005 17:39 32.768 ~DFA784.tmp
31.08.2005 16:49 23.262 TFR65.tmp
31.08.2005 16:49 21.122 TFR62.tmp
31.08.2005 16:49 23.427 TFR5F.tmp
31.08.2005 16:49 62.753 TFR5A.tmp
31.08.2005 16:49 10.225 TFR56.tmp
31.08.2005 16:49 35.574 TFR53.tmp
31.08.2005 16:49 67.994 TFR4F.tmp
31.08.2005 16:49 37.885 TFR4E.tmp
30.08.2005 14:47 59.218 TFR51.tmp
30.08.2005 14:47 40.950 TFR50.tmp
30.08.2005 14:47 46.660 TFR4B.tmp
30.08.2005 14:47 20.560 TFR47.tmp
30.08.2005 14:47 23.608 TFR42.tmp
30.08.2005 14:47 16.178 TFR3F.tmp
30.08.2005 14:47 46.021 TFR3C.tmp
30.08.2005 14:46 73.578 TFR36.tmp
30.08.2005 14:42 23.262 TFR1B.tmp
30.08.2005 14:42 21.122 TFR1A.tmp
30.08.2005 14:42 23.427 TFR19.tmp
30.08.2005 14:42 62.753 TFR18.tmp
30.08.2005 14:42 10.225 TFR17.tmp
30.08.2005 14:42 35.574 TFR15.tmp
30.08.2005 14:42 67.994 TFR14.tmp
30.08.2005 14:42 37.885 TFR13.tmp
29.08.2005 01:55 16.384 ~DFCE4A.tmp
28.08.2005 23:30 46.021 TFR23C.tmp
28.08.2005 23:23 160.345 Cap0.asf
28.08.2005 23:09 92.864 au_setuph.dll
28.08.2005 23:09 9.920 au_res.dll
28.08.2005 23:09 302.611 au_all.cab
28.08.2005 23:09 14.238 msntb.cfg
28.08.2005 23:09 602 manifest.cfg
28.08.2005 22:59 58.895 msnclean.log
28.08.2005 22:43 32.768 ~DFC86A.tmp
28.08.2005 22:27 32.768 ~DF163D.tmp
09.08.2005 03:39 229.848 msnsearch.exe

Verzeichnis von C:\WINDOWS

28.11.2005 22:35 1.253 win.ini
28.11.2005 21:03 7.579 setupapi.log
28.11.2005 21:00 1.839.631 WindowsUpdate.log
28.11.2005 20:27 0 0.log
28.11.2005 20:26 2.048 bootstat.dat
28.11.2005 20:25 32.540 SchedLgU.Txt
28.11.2005 19:59 47 wiaservc.log
28.11.2005 19:59 216 wiadebug.log
28.11.2005 19:26 116 NeroDigital.ini
28.11.2005 17:09 163.055 Video Cleaner Pro Uninstaller.exe
28.11.2005 17:02 159.595 Video Cleaner Uninstaller.exe
28.11.2005 01:00 0 Sti_Trace.log
27.11.2005 23:13 2.033 hosts
27.11.2005 23:13 1.999 desktop.html
27.11.2005 23:13 3.049 secure32.html
27.11.2005 23:13 1.024 degbes.exe
27.11.2005 23:13 1.024 de.exe
27.11.2005 23:13 29.184 tool2.exe
27.11.2005 23:13 62.119 kl.exe
27.11.2005 23:13 0 uniq
27.11.2005 22:58 182.272 NDNuninstall6_98.exe

25.11.2005 15:24 1.064.746 setupapi.log.1.old
25.11.2005 00:32 10 WININIT.INI
24.11.2005 01:19 0 SwSys2.bmp
24.11.2005 01:19 0 SwSys1.bmp
23.11.2005 17:23 335 nsreg.dat
23.11.2005 17:23 99.024 MozillaUninstall.exe
23.11.2005 17:23 7.074 mozver.dat
23.11.2005 17:23 98.512 GREUninstall.exe
22.11.2005 20:42 50.688 ALCFDRTM.VER
22.11.2005 00:40 30 Iedit.INI
09.11.2005 13:30 19.456 shginas.dll
27.10.2005 14:10 130 videodeLuxe.INI
07.10.2005 21:49 2.195 shginasn.xml
27.09.2005 22:12 71 Pex.INI
27.09.2005 22:10 74 efdcet.dat
20.09.2005 15:04 117 cdplayer.ini
16.09.2005 18:22 2.016 ModemLog_Bluetooth Modem.txt
30.08.2005 11:53 211 uno.ini
29.08.2005 01:23 1.028.012 setupapi.log.0.old
29.08.2005 00:18 169 RtlRack.ini


Verzeichnis von C:\

28.11.2005 22:47 0 sys.txt
28.11.2005 22:47 6.004 system.txt
28.11.2005 22:44 13.247 systemtemp.txt
28.11.2005 22:43 95.614 system32.txt
28.11.2005 20:40 17.341 SDSSetup.log
28.11.2005 20:26 805.306.368 pagefile.sys
27.11.2005 23:13 3.049 secure32.html
27.11.2005 23:13 29.184 winstall.exe

27.10.2005 14:10 0 getframes.log
29.09.2005 19:51 700.416 StubInstaller.exe
17.09.2005 17:04 0 Xxx Pizza Africana (Coco Brown) Porn Black Ebony Girl F*** Hard Geile Negerin.mpg
17.09.2005 16:21 192 BcBtRmv.log
19.07.2005 12:37 3 TCPCheckResult.txt
10.07.2005 16:57 235.296 ntldr
10.07.2005 16:57 47.580 NTDETECT.COM
10.07.2005 15:50 429 TO_InstallLog.txt
10.07.2005 10:21 211 boot.ini

ich hoffe du kannst mir weiter helfen Sabina
Seitenanfang Seitenende
29.11.2005, 00:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#40 waver

gehe in die Registry

Start-->Ausfuehren--> regedit

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"Wallpaper" = "C:\WINDOWS\desktop.html"<.---loeschen

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\sporder.dll
C:\DOKUME~1\alex\LOKALE~1\Temp\~WinFixer2005ScannerSetup.exe
C:\DOKUME~1\alex\LOKALE~1\Temp\msnsearch.exe
C:\WINDOWS\hosts
C:\WINDOWS\desktop.html
C:\WINDOWS\secure32.html
C:\WINDOWS\degbes.exe
C:\WINDOWS\de.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\uniq
C:\WINDOWS\NDNuninstall6_98.exe
C:\secure32.html
C:\winstall.exe
C:\StubInstaller.exe

PC neustarten

wende Cleanup an (C:\DOKUME~1\alex\LOKALE~1\Temp muss leer sein)...sichere vorher deine Fotos (jpg )
http://virus-protect.org/cleanup.html

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu

Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.11.2005, 22:18
Member

Beiträge: 20
#41 hallo Sabina erst mal dankeschön es es ist weg
hier mein log

Logfile of HijackThis v1.99.1
Scan saved at 22:15:43, on 29.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Program Files\Rljvab\Tgpp.exe
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Shareaza\Shareaza.exe
C:\WINDOWS\DitExp.exe
C:\Programme\WinZip\WZQKPICK.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Norton Personal Firewall\ISSVC.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
C:\Dokumente und Einstellungen\alex\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [begLClb] C:\WINDOWS\tasuaxl.exe
O4 - HKLM\..\Run: [Opcjnc] C:\Program Files\Rljvab\Tgpp.exe
O4 - HKLM\..\Run: [AnyDVD] "C:\Programme\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DumbHeartPopTrans] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak Bait Dumb Heart\ACID STORE.exe
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [interstart] C:\DOKUME~1\alex\ANWEND~1\MP3ITCH\ENC LOGO.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_98.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B35238D-0241-439C-BF81-2F2DF9001145}: NameServer = 217.237.150.141 217.237.150.97
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
Seitenanfang Seitenende
30.11.2005, 01:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#42 waver

LSPfix
http://www.spychecker.com/program/lspfix.html

hake an: "I know what Im doing"--Remove
und loesche die newdotnet6_98.dll
(eventuell musst du die dll von links nach rechts bringen)

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [begLClb] C:\WINDOWS\tasuaxl.exe
O4 - HKLM\..\Run: [Opcjnc] C:\Program Files\Rljvab\Tgpp.exe
O4 - HKLM\..\Run: [DumbHeartPopTrans] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak Bait Dumb Heart\ACID STORE.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [interstart] C:\DOKUME~1\alex\ANWEND~1\MP3ITCH\ENC LOGO.exe

neustarten

Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren


loeschen:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Peak Bait Dumb Heart
C:\Dokumente und Einstellungen\alex\Anwendungsdaten\MP3ITCH
C:\WINDOWS\tasuaxl.exe
C:\Program Files\Rljvab\Tgpp.exe
C:\Program Files\Rljvab

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

Zitat

dir %Windir%\tasks /a h > files.txt
notepad files.txt
- Speichern als: findjobs.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text

scanne mit Panda und poste den scanreport (er wird alle verseuchten Dateien von LOP finden)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.12.2005, 23:28
...neu hier

Beiträge: 1
#43 Hallo Zusammen!
Seit heute Abend habe ich auch dies Nachricht in der Task-Leiste. Ich habe nur wenig Ahnung von Computern und mich regt dieses Zeichen echt auf. Daher meine Frage: Wie krige ich das weg? Welche Programme muss ich ausführen? Was macht dieses "Ding" eigentlich-zerstört der mein System sodass ich es nicht mehr verwenden kann oder ist da nur die Nervige Warnmeldung? Fall er nicht so schlimm ist wäre es auch gut wenn der sich einfach nicht mehr melden würde. Ich weiß dass hier schon viel dazu geschrieben wurde doch da blicke ich nicht durch. Neuinstallation mag ich gar nicht...

Wäre echt super wenn mir einer eine Lösung geben könnte!!!

Gruss MFB
Seitenanfang Seitenende
08.12.2005, 11:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#44 MJB

wende CleanUp an
http://virus-protect.org/cleanup.html

Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.12.2005, 16:25
Member

Beiträge: 21
#45 Hallo, ich hatte 3 rote Kreise mit dem weissen X. Die habe ich entfernen können, wie auch immer. Mein Antivir meldet immer noch "Trojaner". Hoffentlich könnt ihr mir helfen. Hier mein Logfile von HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 15:37:19, on 11.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla1.7.6\mozilla.exe
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC32E40C-7D6A-4C7B-8C3B-8923F7D8B79E}: NameServer = 213.191.74.11 213.191.92.82
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

und von datFind.bat:


Verzeichnis von C:\WINDOWS\system32

07.12.2005 17:29 2.206 wpa.dbl
29.11.2005 17:14 375.542 perfh009.dat
29.11.2005 17:14 51.340 perfc009.dat
29.11.2005 17:14 62.166 perfc007.dat
29.11.2005 17:14 386.058 perfh007.dat
29.11.2005 17:14 884.200 PerfStringBackup.INI
27.11.2005 22:54 4.073 paytime.exe
31.07.2005 10:52 262.232 FNTCACHE.DAT

Verzeichnis von C:\WINDOWS

11.12.2005 13:44 817 win.ini
11.12.2005 13:44 243 system.ini
11.12.2005 12:53 5.396 ModemLog_Bluetooth DUN Modem.txt
11.12.2005 12:53 0 0.log
11.12.2005 12:53 4.568 ModemLog_Creatix V.92 Data Fax Modem.txt
11.12.2005 12:53 2.020 ModemLog_Bluetooth Fax Modem.txt
11.12.2005 12:53 159 wiadebug.log
11.12.2005 12:53 50 wiaservc.log
11.12.2005 12:52 738.175 setupapi.log
11.12.2005 12:52 2.048 bootstat.dat
11.12.2005 11:12 32.544 SchedLgU.Txt
11.12.2005 11:12 399.268 WindowsUpdate.log
09.12.2005 19:06 2.024 ModemLog_Bluetooth LAP Modem.txt
09.12.2005 19:06 2.024 ModemLog_Bluetooth LAP Modem #2.txt
05.12.2005 20:14 7.619 setupact.log
28.11.2005 17:46 151 WLP.ini
27.11.2005 22:54 29.184 tool2.exe
27.11.2005 22:54 62.119 kl.exe
27.11.2005 22:54 0 uniq

25.11.2005 23:37 12.967 wmsetup.log
21.11.2005 21:09 116 NeroDigital.ini
03.11.2005 18:16 346 Wininit.ini
14.09.2005 13:03 2.252 PTP2004G.INI
14.09.2005 13:01 190 LangIDlib.INI

Verzeichnis von C:\

11.12.2005 16:24 0 sys.txt
11.12.2005 16:24 105.396.788 wialog.txt
11.12.2005 16:23 6.547 system.txt
11.12.2005 16:23 124 systemtemp.txt
11.12.2005 15:43 99.484 system32.txt
11.12.2005 13:44 211 boot.ini
11.12.2005 12:52 1.073.270.784 hiberfil.sys
11.12.2005 12:52 1.610.612.736 pagefile.sys
13.11.2005 17:54 13.886 hpfr5550.log

Danke schonmal
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: