Home » Spyware & Browser Hijacker Support Forum » winfixer 2005 problem » Themenansicht

winfixer 2005 problem

Thema ist geschlossen!
Thema ist geschlossen!
#0
03.11.2005, 08:54
Ichthys
...neu hier

Beiträge: 7
#181 Ähm, leider gehöre ich nicht zu den Computer-Checkern. Kanns du mir erklähren, wie ich die Systemwiederherstellung auf einen Tag zurückstellen kann?
Danke ;)
Seitenanfang Seitenende
03.11.2005, 10:46
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#182 Ichthys

Start -> Hilfe und Support -> zur Option "Computeränderungen mit der Systemwiederherstellung rückgängig machen"

Dort wählst du: "Computer zu einem früheren Zeitpunkt wiederherstellen" -> Weiter

Die fett angezeigten Daten im Kalender zeigen dir gesetzte Wiederherstellungspunkte.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
03.11.2005, 11:42
gerry81
...neu hier

Beiträge: 2
#183 Hi Sabina,

ich habe mir auch den WinFixer eingefangen. Wäre echt super lieb, wenn du helfen könntest...

Viiiielen Dank im vorraus!

Hir mein Hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:44, on 03.11.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Winprog\VirusScan\mcshield.exe
C:\Winprog\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Winprog\VirusScan\SHSTAT.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINNT\system32\ioaoheej.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Netinst\NiAgnt32.exe
C:\ClarifyCRM\eFrontOffice11.5\ClarifyClient\clarify.exe
C:\Winprog\Citrix\ICA Client\Wfcrun32.exe
C:\Winprog\Citrix\ICACLI~1\WFICA32.EXE
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Tools\WinRaR\WinRAR.exe
C:\temp\Rar$EX00.734\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\winprog\adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Winprog\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ioaoheej] C:\WINNT\system32\ioaoheej.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [seclogon] C:\WINNT\system32\seclogon.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\sais.exe"
O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\ToolsI\PostIt\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZHxdm011XXDE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c18.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oa.pnrad.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oa.pnrad.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = oa.pnrad.net
O20 - AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Winprog\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Winprog\VirusScan\vstskmgr.exe
O23 - Service: NetInstall Service (NIAIServ) - NetSupport GmbH - C:\Program Files\NetInst\NiAiServ.exe
O23 - Service: NetInstall Executive (NiExServ) - NetSupport GmbH - C:\Program Files\NetInst\NiExServ.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\BIN\ONRSD.EXE

und mein L2mfix report.txt

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{AF8DE18D-9065-4102-BC40-EB294A95BB07}"="Novell Connections"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{7BB70121-6C78-11CF-BFC7-444553540000}"="Send To Command Line PowerToy"
"{AA7C7080-860A-11CE-8424-08002B2CFF76}"="Send To Any Folder PowerToy"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
nwgina.dll Fri 2 Sep 2005 8:27:32 A.... 348,241 340.08 K

1 item found: 1 file, 0 directories.
Total of file sizes: 348,241 bytes 340.08 K
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is System
Volume Seri*hier nicht!* Number is C8A1-8626

Directory of C:\WINNT\System32

09.09.2005 08:03 <DIR> dllcache
0 File(s) 0 bytes
1 Dir(s) 2,376,765,440 bytes free
Seitenanfang Seitenende
03.11.2005, 12:53
Xandi
...neu hier

Beiträge: 3
#184 Hi Sabina

Habe mir auch den Winfixer eingefangen. Dir geht das bestimmt schon auf die Nerven aber wäre echt super wenn du mir auch helfen könntest. Ich habe schon einige Sachen probiert die du anderen geraten hast was aber nicht funktioniert hat. Bei mir öffnet sich auch immer der Pop-up. Ich hoffe da ist noch was zu retten. ;-)

vielen Dank im voraus

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************


C:\WINDOWS\SYSTEM32\
ati2cqag.dll Wed 31 Aug 2005 2:42:50 A.... 233.472 228,00 K
ati2dvag.dll Wed 31 Aug 2005 3:42:54 A.... 238.592 233,00 K
ati2edxx.dll Wed 31 Aug 2005 3:37:22 A.... 39.936 39,00 K
ati2evxx.dll Wed 31 Aug 2005 3:37:12 A.... 46.080 45,00 K
ati3duag.dll Wed 31 Aug 2005 3:28:36 A.... 2.429.824 2,32 M
atiddc.dll Wed 31 Aug 2005 3:35:46 A.... 53.248 52,00 K
atidemgr.dll Wed 31 Aug 2005 5:33:32 A.... 258.048 252,00 K
atiiiexx.dll Wed 31 Aug 2005 6:08:36 A.... 307.200 300,00 K
atikvmag.dll Wed 31 Aug 2005 3:10:36 A.... 147.456 144,00 K
atioglx1.dll Wed 31 Aug 2005 4:57:50 A.... 6.684.672 6,38 M
atioglxx.dll Wed 31 Aug 2005 3:57:00 A.... 4.718.592 4,50 M
atipdlxx.dll Wed 31 Aug 2005 3:37:44 A.... 106.496 104,00 K
atitvo32.dll Wed 31 Aug 2005 2:47:46 A.... 17.408 17,00 K
ativvaxx.dll Wed 31 Aug 2005 3:23:04 A.... 600.672 586,59 K
browseui.dll Sat 3 Sep 2005 0:53:20 A.... 1.019.904 996,00 K
cdfview.dll Sat 3 Sep 2005 0:53:20 A.... 152.064 148,50 K
cdosys.dll Sat 10 Sep 2005 2:54:28 A.... 2.067.968 1,97 M
danim.dll Sat 3 Sep 2005 0:53:20 A.... 1.055.744 1,00 M
dxtrans.dll Sat 3 Sep 2005 0:53:22 A.... 205.312 200,50 K
extmgr.dll Sat 3 Sep 2005 0:53:22 ..... 55.808 54,50 K
iepeers.dll Sat 3 Sep 2005 0:53:22 A.... 251.392 245,50 K
inseng.dll Sat 3 Sep 2005 0:53:22 A.... 96.768 94,50 K
linkinfo.dll Thu 1 Sep 2005 2:44:42 A.... 19.968 19,50 K
mshtml.dll Tue 4 Oct 2005 16:26:02 A.... 3.013.120 2,87 M
mshtmled.dll Sat 3 Sep 2005 0:53:22 A.... 448.512 438,00 K
msrating.dll Sat 3 Sep 2005 0:53:22 A.... 146.432 143,00 K
mstime.dll Sat 3 Sep 2005 0:53:22 A.... 530.432 518,00 K
netman.dll Mon 22 Aug 2005 19:31:48 A.... 197.632 193,00 K
oemdspif.dll Wed 31 Aug 2005 3:37:34 A.... 73.728 72,00 K
pngfilt.dll Sat 3 Sep 2005 0:53:22 A.... 39.424 38,50 K
quartz.dll Tue 30 Aug 2005 4:55:36 A.... 1.292.800 1,23 M
shdocvw.dll Sat 3 Sep 2005 0:53:22 A.... 1.484.288 1,41 M
shell32.dll Fri 23 Sep 2005 4:06:22 A.... 8.491.520 8,10 M
shlwapi.dll Sat 3 Sep 2005 0:53:22 A.... 474.112 463,00 K
umpnpmgr.dll Tue 23 Aug 2005 4:39:58 A.... 124.416 121,50 K
urlmon.dll Sat 3 Sep 2005 0:53:22 A.... 605.696 591,50 K
wininet.dll Sat 3 Sep 2005 0:53:22 A.... 664.064 648,50 K
winsrv.dll Thu 1 Sep 2005 2:44:44 A.... 292.352 285,50 K

38 items found: 38 files, 0 directories.
Total of file sizes: 38.685.152 bytes 36,89 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: E4C7-32A2

Verzeichnis von C:\WINDOWS\System32

15.10.2005 12:13 <DIR> dllcache
07.04.2005 14:59 <DIR> Microsoft
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 3.222.953.984 Bytes frei
03.11.2005 11:16 305.652 perfh009.dat
03.11.2005 11:16 38.094 perfc009.dat
03.11.2005 11:16 310.384 perfh007.dat
03.11.2005 11:16 46.068 perfc007.dat
03.11.2005 11:16 705.468 PerfStringBackup.INI
03.11.2005 11:11 160.632 OODBS.lor
01.11.2005 18:16 13.646 wpa.dbl
06.10.2005 21:33 203.976 RICHTX32.OCX
05.10.2005 03:09 2.301.792 MRT.exe
04.10.2005 16:26 3.013.120 mshtml.dll
23.09.2005 04:06 8.491.520 shell32.dll
19.09.2005 19:27 111.784 FNTCACHE.DAT
10.09.2005 02:54 2.067.968 cdosys.dll
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 1.484.288 shdocvw.dll
03.09.2005 00:53 474.112 shlwapi.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 251.392 iepeers.dll
03.09.2005 00:53 605.696 urlmon.dll
03.09.2005 00:53 530.432 mstime.dll
03.09.2005 00:53 146.432 msrating.dll
03.09.2005 00:53 55.808 extmgr.dll
03.09.2005 00:53 205.312 dxtrans.dll
03.09.2005 00:53 39.424 pngfilt.dll
03.09.2005 00:53 448.512 mshtmled.dll
03.09.2005 00:53 1.055.744 danim.dll
03.09.2005 00:53 152.064 cdfview.dll
03.09.2005 00:53 1.019.904 browseui.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
31.08.2005 06:08 307.200 atiiiexx.dll
31.08.2005 05:33 258.048 ATIDEMGR.dll
31.08.2005 04:57 6.684.672 atioglx1.dll
31.08.2005 03:57 4.718.592 Atioglxx.dll
31.08.2005 03:42 238.592 ati2dvag.dll
31.08.2005 03:37 106.496 atipdlxx.dll
31.08.2005 03:37 73.728 Oemdspif.dll
31.08.2005 03:37 25.088 Ati2mdxx.exe
31.08.2005 03:37 39.936 ati2edxx.dll
31.08.2005 03:37 46.080 ati2evxx.dll
31.08.2005 03:36 376.832 ati2evxx.exe
31.08.2005 03:35 53.248 ATIDDC.DLL
31.08.2005 03:28 2.429.824 ati3duag.dll
31.08.2005 03:23 600.672 ativvaxx.dll
31.08.2005 03:10 147.456 atikvmag.dll
31.08.2005 02:47 17.408 atitvo32.dll
31.08.2005 02:42 233.472 ati2cqag.dll
30.08.2005 20:05 516.096 ati2sgag.exe
30.08.2005 04:55 1.292.800 quartz.dll
26.08.2005 15:54 104.373 atiicdxx.dat
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll
15.08.2005 11:40 0 ldi7af0r.html
15.08.2005 11:38 3.550 tln3lf0u.ini
05.08.2005 16:32 349 results.txt
05.08.2005 16:28 2.723 i34jvv5j.dat
05.08.2005 16:27 34.064 5tr64rgj.dat
05.08.2005 16:27 186.632 c5dcrq98.dat
05.08.2005 16:27 4.152 vk90dsnt.dat
05.08.2005 16:27 0 ocmpmuu8.dat
05.08.2005 16:27 35 4848v8mu.ini
05.08.2005 16:27 35 dq6rsbpa.ini

Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: E4C7-32A2

Verzeichnis von C:\DOKUME~1\Alex\LOKALE~1\Temp

03.11.2005 12:40 512 ~DF6101.tmp
03.11.2005 12:30 512 ~DFD24C.tmp
03.11.2005 12:30 512 ~DFCEDA.tmp
3 Datei(en) 1.536 Bytes
0 Verzeichnis(se), 3.222.953.984 Bytes frei

Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: E4C7-32A2

Verzeichnis von C:\WINDOWS

03.11.2005 11:26 1.017 winamp.ini
03.11.2005 11:13 1.642.369 WindowsUpdate.log
03.11.2005 11:12 0 0.log
03.11.2005 11:12 2.048 bootstat.dat
02.11.2005 17:59 32.564 SchedLgU.Txt
02.11.2005 17:13 512 randseed.rnd
27.10.2005 14:42 69 NeroDigital.ini
10.10.2005 13:16 26 HNetCtrl.INI
06.10.2005 21:34 91.720 Label9
06.10.2005 21:34 98 Label7
06.10.2005 21:34 28 Label10
19.09.2005 19:09 982 eReg.dat
19.09.2005 15:56 30.681 scunin.dat
19.09.2005 15:56 967 ScUnin.pif
19.09.2005 15:56 69.632 ScUnin.exe
11.09.2005 14:46 140 wb.ini
11.09.2005 13:54 522 ODBC.INI
11.09.2005 13:54 49 transp.gif
11.09.2005 02:33 169 RtlRack.ini
06.09.2005 15:31 650 win.ini
15.08.2005 11:38 32 switpc.dat
15.08.2005 11:38 384 switps.dat
11.08.2005 08:35 234 BUHL.INI
11.08.2005 08:28 64 wiso.ini

Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: E4C7-32A2

Verzeichnis von C:\

03.11.2005 12:48 0 sys.txt
03.11.2005 12:48 4.827 system.txt
03.11.2005 12:47 382 systemtemp.txt
03.11.2005 12:44 95.505 system32.txt
03.11.2005 11:11 805.306.368 pagefile.sys
02.11.2005 12:56 4.674 backup.zip
02.11.2005 12:56 7.787 log.txt
02.11.2005 12:53 0 test5.txt
15.09.2005 20:17 523 hpfr3420.xml
15.09.2005 20:17 50.223 hpfr3420.log
23.12.2004 21:05 211 boot.ini
23.12.2004 20:56 47.564 NTDETECT.COM
23.12.2004 20:56 251.184 ntldr
21.12.2004 15:40 0 MSDOS.SYS
21.12.2004 15:40 0 IO.SYS
21.12.2004 15:40 0 CONFIG.SYS
21.12.2004 15:40 0 AUTOEXEC.BAT
29.08.2002 13:00 4.952 bootfont.bin
18 Datei(en) 805.774.200 Bytes
0 Verzeichnis(se), 3.222.941.696 Bytes frei
Logfile of HijackThis v1.99.1
Scan saved at 12:52:35, on 03.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\SurfAccuracy\SAcc.exe
D:\Programme\D-Tools\daemon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Telekom\Eumex 504PC SE\Capictrl.exe
C:\Programme\Telekom\Eumex 504PC SE\HNetCtrl.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\oodag.exe
D:\Winamp\winamp.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Dokumente und Einstellungen\Alex\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sport1.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: HomeNet Control.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22d5d70773e0741ca806/netzip/RdxIE601_de.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041208/qtinstall.info.apple.com/pthalo/de/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103641784502
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Seitenanfang Seitenende
03.11.2005, 13:45
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#185 Xandi

Zitat

15.08.2005 11:40 0 ldi7af0r.html
15.08.2005 11:38 3.550 tln3lf0u.ini
05.08.2005 16:32 349 results.txt
05.08.2005 16:28 2.723 i34jvv5j.dat
05.08.2005 16:27 34.064 5tr64rgj.dat
05.08.2005 16:27 186.632 c5dcrq98.dat
05.08.2005 16:27 4.152 vk90dsnt.dat
05.08.2005 16:27 0 ocmpmuu8.dat
05.08.2005 16:27 35 4848v8mu.ini
05.08.2005 16:27 35 dq6rsbpa.ini
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
PC neustarten

KILLBOX
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\System32\ldi7af0r.html
C:\WINDOWS\System32\tln3lf0u.ini
C:\WINDOWS\System32\results.txt
C:\WINDOWS\System32\i34jvv5j.dat
C:\WINDOWS\System32\5tr64rgj.dat
C:\WINDOWS\System32\c5dcrq98.dat
C:\WINDOWS\System32\vk90dsnt.dat
C:\WINDOWS\System32\ocmpmuu8.dat
C:\WINDOWS\System32\4848v8mu.ini
C:\WINDOWS\System32\dq6rsbpa.ini

PC neustarten

Killbox:
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

C:\Programme\SurfAccuracy
C:\Programme\Preispiraten


Conterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)

poste mir noch mal das 1.Log vom datfindbat (System32),,,aber 05.08.2005 16:27 bis zum Ende Juli
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
03.11.2005, 13:52
Xandi
...neu hier

Beiträge: 3
#186 Danke Sabina für die Antwort, hier ist das was du noch sehen wolltest.

05.08.2005 16:32 349 results.txt
05.08.2005 16:28 2.723 i34jvv5j.dat
05.08.2005 16:27 34.064 5tr64rgj.dat
05.08.2005 16:27 186.632 c5dcrq98.dat
05.08.2005 16:27 4.152 vk90dsnt.dat
05.08.2005 16:27 0 ocmpmuu8.dat
05.08.2005 16:27 35 4848v8mu.ini
05.08.2005 16:27 35 dq6rsbpa.ini
26.07.2005 05:39 397.824 rpcss.dll
26.07.2005 05:39 101.376 txflog.dll
26.07.2005 05:39 37.888 olecnv32.dll
26.07.2005 05:39 74.752 olecli32.dll
26.07.2005 05:39 11.776 xolehlp.dll
26.07.2005 05:39 1.285.120 ole32.dll
26.07.2005 05:39 91.136 mtxoci.dll
26.07.2005 05:39 161.280 msdtcuiu.dll
26.07.2005 05:39 945.152 msdtctm.dll
26.07.2005 05:39 66.560 mtxclu.dll
26.07.2005 05:39 425.472 msdtcprx.dll
26.07.2005 05:39 243.200 es.dll
26.07.2005 05:39 540.160 comuid.dll
26.07.2005 05:39 1.267.200 comsvcs.dll
26.07.2005 05:39 60.416 colbact.dll
26.07.2005 05:39 97.792 comrepl.dll
26.07.2005 05:39 498.688 clbcatq.dll
26.07.2005 05:39 625.152 catsrvut.dll
26.07.2005 05:39 110.080 clbcatex.dll
26.07.2005 05:39 225.792 catsrv.dll
08.07.2005 17:28 249.344 tapisrv.dll
08.07.2005 17:28 76.800 remotesp.tsp
06.07.2005 16:17 1.060.864 mfc71.dll ???????????
02.07.2005 02:54 5.496 atifglpf.xml

Gruß

Xandi
Seitenanfang Seitenende
03.11.2005, 13:56
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#187 Xandi

vor dem Loeschen--> rechtsklick-->mit dem Notepad oeffnen--> poste den Inhalt

C:\WINDOWS\System32\i34jvv5j.dat
C:\WINDOWS\System32\5tr64rgj.dat
C:\WINDOWS\System32\c5dcrq98.dat
C:\WINDOWS\System32\vk90dsnt.dat
C:\WINDOWS\System32\ocmpmuu8.dat
C:\WINDOWS\System32\4848v8mu.ini
C:\WINDOWS\System32\dq6rsbpa.ini

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://virusscan.jotti.org/de/
http://www.virustotal.com/flash/index_en.html
http://sandbox.norman.no/live_4.html

C:\WINDOWS\System32\mfc71.dll
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
03.11.2005, 14:05
Purisima
...neu hier

Beiträge: 1
#188 Auch ich bin mit diesem verflixten WinFixer überfordert! ;)
Hoffe mir kann jemand helfen, ich hab absolut keine Ahnung davon!

Hier mein erstelltes Log-File:

Logfile of HijackThis v1.99.1
Scan saved at 13:55:54, on 03.11.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
H:\AntiVir\AVWUPSRV.EXE
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINNT\tleivg.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\Programme\ISTsvc\istsvc.exe
C:\WINNT\system32\internat.exe
C:\Programme\PowerStrip\pstrip.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\WINNT\system32\wuauclt.exe
H:\Programme\ICQLite\ICQLite.exe
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
I:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e55/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft UpLink] plcpSPOOL.exe
O4 - HKLM\..\Run: [Windows Service] WINSVC.EXE
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hVGD5tBc] C:\WINNT\tleivg.exe
O4 - HKLM\..\Run: [hSùõB#¦²‘Æ&ßæÉjb‰»C:\Programme\ISTsvc\istsvc.exe] C:\WINNT\tleivg.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [hV=äSùõB#¦²‘Æ&ßæÉjC:\Programme\ISTsvc\istsvc.exe] C:\WINNT\tleivg.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Windows Firewall] firewall.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft UpLink] plcpSPOOL.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Windows Firewall] firewall.exe
O4 - HKCU\..\Run: [Windows Service] WINSVC.EXE
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft UpLink] plcpSPOOL.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: GMX Clicktionary 2.8.lnk = H:\Programme\Clicktionary\Cleverlearn Clicktionary.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: SYSTRAN: &Alle Rahmen übersetzen - h:\englich\Systranet\menuTranslateAll.html
O8 - Extra context menu item: SYSTRAN: &Nach Aktualisierungen durchsuchen - h:\englich\Systranet\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: &Optionen - h:\englich\Systranet\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Registrieren - h:\englich\Systranet\menuRegister.html
O8 - Extra context menu item: SYSTRAN: &Übersetzen - h:\englich\Systranet\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: Übersetzungstemporärspeicher &leeren - h:\englich\Systranet\menuClearCache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - I:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - I:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuTranslate.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuTranslate.html (file missing)
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuTranslateAll.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuTranslateAll.html (file missing)
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuConfigure.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuConfigure.html (file missing)
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuClearCache.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuClearCache.html (file missing)
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuRegister.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuRegister.html (file missing)
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuUpdates.html (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e55/
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_Crac*hier nicht!*.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB19A8A0-882D-4E37-8926-EFD9DAB0C1D4}: NameServer = 217.237.149.161 217.237.151.225
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINNT\system32\vbsys2.dll (file missing)
O23 - Service: AOL lnstant Messenger 2 (a2) - Unknown owner - C:\WINNT\system32\winsup.exe" -service (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\AntiVir\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: ptssvc - KODAK - C:\Programme\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Remote_Procedure_Call (svchost) - Unknown owner - %windir%\system32\svchost.cmd (file missing)
O23 - Service: TSMService - T-Systems Nova, Berkom - I:\T-DSL SpeedManager\tsmsvc.exe
Seitenanfang Seitenende
03.11.2005, 17:09
Xandi
...neu hier

Beiträge: 3
#189 Hallo Sabina

Ich hab jetzt die Dateien gelöscht mit Killbox:
C:\WINDOWS\System32\ldi7af0r.html
C:\WINDOWS\System32\tln3lf0u.ini
C:\WINDOWS\System32\results.txt
C:\WINDOWS\System32\i34jvv5j.dat
C:\WINDOWS\System32\5tr64rgj.dat
C:\WINDOWS\System32\c5dcrq98.dat
C:\WINDOWS\System32\vk90dsnt.dat
C:\WINDOWS\System32\ocmpmuu8.dat
C:\WINDOWS\System32\4848v8mu.ini
C:\WINDOWS\System32\dq6rsbpa.ini

Mit CounterSpy gescant (Scanreport) und
C:\WINDOWS\System32\mfc71.dll scanen lassen (Report) ich hoffe dass ich es jetzt los habe.

Viiiiiiiiiiiiiiielen Dank nochmal

Gruß

Xandi



Datei: mfc71.dll
Status: OK (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme: -

AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VBA32 Keine Viren gefunden



Spyware Scan Details
Start Date: 03.11.2005 16:01:51
End Date: 03.11.2005 16:54:51
Total Time: 53 mins

Detected spyware

SurfAccuracy Adware more information...
Status: Deleted

Infected files detected
c:\programme\surfaccuracy\sacc.exe
c:\programme\surfaccuracy\sacc.cfg

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy
HKEY_LOCAL_MACHINE\Software\SAcc
HKEY_LOCAL_MACHINE\Software\SAcc DbgInfo |2005-11-03 15:43:05 LoadDataFromRegistry - RegQueryValueEx for accid produced error 2: Das System kann die angegebene Datei nicht finden. |2005-11-03 15:59:32 LoadDataFromRegistry - RegQueryValueEx for accid pro
HKEY_LOCAL_MACHINE\Software\SAcc Version 1108
HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1131056541
HKEY_LOCAL_MACHINE\Software\SAcc SAData uid:1-cnt:37-t:1131015546;1131015694;1131008999;1131027543;-c:1517367;ce:1131101946|c:1517524;ce:1131102094|c:1516775;ce:1131095399|c:1516893;ce:1131113943|-
HKEY_LOCAL_MACHINE\Software\SAcc Counter 34
HKEY_LOCAL_MACHINE\Software\SAcc NextInvoke 1131028482
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString C:\Programme\SurfAccuracy\SAccU.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy


YourSiteBar Spyware more information...
Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar.
Status: Deleted

Infected files detected
c:\programme\yoursitebar\imagemap_normal.bmp
c:\programme\yoursitebar\version.txt
c:\programme\yoursitebar\yoursitebar.xml
c:\programme\yoursitebar\ysb.dll
c:\windows\downloaded program files\ysbactivex.dll
C:/WINDOWS/Downloaded Program Files/YSBactivex.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InfFile
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID YSBactivex.Installer
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} Installer Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer Installer Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
HKEY_CLASSES_ROOT\Ysbactivex.installer
HKEY_CLASSES_ROOT\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\Ysbactivex.installer Installer Class
HKEY_CLASSES_ROOT\YSBactivex.Installer
HKEY_CLASSES_ROOT\YSBactivex.Installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\YSBactivex.Installer Installer Class


misc.winsoftware.winfixer Misc more information...
Details: Typically part of a bundle attack, WinFixer is a disabled, data repair utility that nags the user to purchase.
Status: Deleted

Infected files detected
c:\windows\system32\drivers\df_kmd.sys


Winfixer Potentially Unwanted Software more information...
Details: Winfixer is known to be installed through inappropriate bundling and without users consent. It is a software that scans the users system for damaged files and attempts to fix it if the user pays a fee.
Status: Deleted

Infected files detected
C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
C:\WINDOWS\system32\drivers\df_kmd.sys


Internet Optimizer Browser Hijacker more information...
Details: Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Alex\Internet Optimizer\update\actalert.exe
C:\Program Files\Internet Optimizer\actalert.exe


AvenueMedia.DyFuCA Browser Plug-in more information...
Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Alex\Internet Optimizer\update\rogue.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0


MoneyTree Dialer more information...
Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj


IST.PowerScan Adware more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest


IST.SideFind Adware more information...
Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807}


IST.SlotchBar Toolbar more information...
Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}


IST.ISTbar.ActiveX Spyware more information...
Details: ISTactivex is an Internet Explorer hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}


IST.XXXToolbar Toolbar more information...
Details: Adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj


IST.ISTbar Browser Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}


eXact.BargainBuddy Adware more information...
Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\iexplore Type 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\iexplore Count 21
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\iexplore Time


Zango Search Assistant Adware more information...
Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Type 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Count 2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Time


ATDMT.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\alex\cookies\alex@atdmt[1].txt


DoubleClick Cookie more information...
Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\alex\cookies\alex@doubleclick[1].txt


BS.Serving-Sys Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\alex\cookies\alex@serving-sys[1].txt


Adserver.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\alex\cookies\alex@z1.adserver[1].txt
Seitenanfang Seitenende
03.11.2005, 18:07
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#190 Xandi

es ist eine neue Version von Winfixer....., danke, dass du das Log vom Counterspy gepostet hast ;)
C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
C:\WINDOWS\system32\drivers\df_kmd.sys

der setzt sich sogar in den Treibern fest.......
Nun muesste alles wieder in Ordnung sein ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
03.11.2005, 18:11
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#191 Purisima

KEINE CHANCE EINER REINIGUNG...DER WINFIXER IST HIER DAS KLEINSTE UEBEL...DER PC IST MIT BACKDOORS UND ANDEREM "UNGEZIEFER" VERSEUCHT......
http://virus-protect.org/kompsystem.html
http://virus-protect.org/nachneuinst.html

Du mussty sofort diesen Rechner aus dem Netz nehmen und formatieren.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.11.2005, 11:17
Ichthys
...neu hier

Beiträge: 7
#192 Hallo Sabina,
sorry, ich steh gerade wohl auf 'm Schlauch. Oder kann das auch daran liegen, dass ich nur Windows 98 habe??
Seitenanfang Seitenende
04.11.2005, 11:34
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#193 gerry81

LSPfix.exe
http://www.spychecker.com/program/lspfix.html

hake an: "I know what Im doing"--Remove

und loesche die newdotnet6_98.dll

(eventuell musst du die dll von links nach rechts bringen)

bevor wir uns dem Winfixer zuwenden, mache bitte eine Systemwiederherstellung, sonst laesst sich new.net (eine andere Verseuchung) nicht beseitigen.
Dann poste das neue Log vom HijckThis

Zitat

Start -> Hilfe und Support -> zur Option "Computeränderungen mit der Systemwiederherstellung rückgängig machen"
Dort wählst du: "Computer zu einem früheren Zeitpunkt wiederherstellen" -> Weiter
Die fett angezeigten Daten im Kalender zeigen dir gesetzte Wiederherstellungspunkte.

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.11.2005, 11:44
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#194 Ichthys

entschuldige...nicht aufgepasst.

LSPfix.exe
http://www.spychecker.com/program/lspfix.html

hake an: "I know what Im doing"--Remove
und loesche die newdotnet6_98.dll
(eventuell musst du die dll von links nach rechts bringen)
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

F1 - win.ini: load=ptsnoop.exe
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_98.dll
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [wVPJA5] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.de
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

PC neustarten

Bitte führe folgendes aus:
Erstelle auf dem Desktop eine Datei findit.bat. Rechte Maustaste - Bearbeiten
Dort fügst Du ein und speicherst:

@echo off
cd\
cd %windir%\system
dir /a:-d /o:-d > %systemdrive%\system.txt
cd\
cd %temp%\
dir /a:-d /o:-d > %systemdrive%\systemtemp.txt
cd\
cd %windir%
dir /a:-d /o:-d > %systemdrive%\win.txt
cd\
dir /a:-d /o:-d > %systemdrive%\sys.txt
exit

Ausführen!
Im Verzeichnis C:\ liegen nun vier Text-Dateien. Die öffnest Du bitte und kopierst alle Einträge der letzten 2 Monate hier

Zitat

Troj/Ptsnoop ist ein Backdoor-Trojaner. Er kopiert sich nach \windows\system\ptsnoop.exe und ändert die win.ini, indem zur Zeile 'load = ' 'c:\windows\system\ptsnoop.exe' hinzufügt.

C:\Program Files\CxtPls\proxystub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\AproposClient\UninstallString: ""C:\Program Files\CxtPls\uninstaller.ex
http://vil.nai.com/vil/content/v_101223.htm

* ace.dll (581,632 bytes) - detected as Adware-Apropos
* AI_11-02-2005.log
* atl.dll (74,810 bytes)
* CxtPls.dll (90,112 bytes) - detected as Adware-Apropos
* CxtPls.exe (716,800 bytes) - detected as Adware-Apropos
* data.bin (116,873)
* libexpat.dll (143,360 bytes) - detected as Adware-Apropos
* ProxyStub.dll (28,762) - detected as Adware-Apropos
* uninstaller.exe(167,936 bytes) - detected as Adware-Apropos
* WinGenerics.dll (573,440 bytes)

C:\PROGRAMME\SURFACCURACY\SACC.EXE

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.11.2005, 14:40
Ichthys
...neu hier

Beiträge: 7
#195 Ich hab alles erdenkliche ausprobiert, aber ich bin einfach nicht draufgekommen. Wie kann man eine bat Datei auf dem Desktop erstellen?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: