winfixer 2005 problemThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
03.11.2005, 08:54
...neu hier
Beiträge: 7 |
||
|
||
03.11.2005, 10:46
Ehrenmitglied
Beiträge: 29434 |
#182
Ichthys
Start -> Hilfe und Support -> zur Option "Computeränderungen mit der Systemwiederherstellung rückgängig machen" Dort wählst du: "Computer zu einem früheren Zeitpunkt wiederherstellen" -> Weiter Die fett angezeigten Daten im Kalender zeigen dir gesetzte Wiederherstellungspunkte. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.11.2005, 11:42
...neu hier
Beiträge: 2 |
#183
Hi Sabina,
ich habe mir auch den WinFixer eingefangen. Wäre echt super lieb, wenn du helfen könntest... Viiiielen Dank im vorraus! Hir mein Hijackthis.log: Logfile of HijackThis v1.99.1 Scan saved at 11:34:44, on 03.11.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\NETSUP~1\client32.exe C:\Winprog\VirusScan\mcshield.exe C:\Winprog\VirusScan\vstskmgr.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\igfxtray.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINNT\system32\NWTRAY.EXE C:\Winprog\VirusScan\SHSTAT.EXE C:\Program Files\SurfAccuracy\SAcc.exe C:\WINNT\system32\ioaoheej.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Netinst\NiAgnt32.exe C:\ClarifyCRM\eFrontOffice11.5\ClarifyClient\clarify.exe C:\Winprog\Citrix\ICA Client\Wfcrun32.exe C:\Winprog\Citrix\ICACLI~1\WFICA32.EXE C:\WINNT\System32\SCardSvr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe D:\Tools\WinRaR\WinRAR.exe C:\temp\Rar$EX00.734\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\winprog\adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Winprog\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [ioaoheej] C:\WINNT\system32\ioaoheej.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [seclogon] C:\WINNT\system32\seclogon.exe O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\sais.exe" O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\ToolsI\PostIt\PsnLite.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZHxdm011XXDE O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c18.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oa.pnrad.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oa.pnrad.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = oa.pnrad.net O20 - AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Winprog\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Winprog\VirusScan\vstskmgr.exe O23 - Service: NetInstall Service (NIAIServ) - NetSupport GmbH - C:\Program Files\NetInst\NiAiServ.exe O23 - Service: NetInstall Executive (NiExServ) - NetSupport GmbH - C:\Program Files\NetInst\NiExServ.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\BIN\ONRSD.EXE und mein L2mfix report.txt L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Read BUILTIN\Power Users (ID-IO) ALLOW Read BUILTIN\Power Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder" "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer" "{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder" "{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut" "{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume" "{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension" "{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page" "{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook" "{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service" "{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service" "{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service" "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View" "{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu" "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service" "{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service" "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler" "{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions" "{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop" "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension" "{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon" "{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper" "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder" "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band" "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu" "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site" "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails" "{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor" "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{AF8DE18D-9065-4102-BC40-EB294A95BB07}"="Novell Connections" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{7BB70121-6C78-11CF-BFC7-444553540000}"="Send To Command Line PowerToy" "{AA7C7080-860A-11CE-8424-08002B2CFF76}"="Send To Any Folder PowerToy" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINNT\SYSTEM32\ nwgina.dll Fri 2 Sep 2005 8:27:32 A.... 348,241 340.08 K 1 item found: 1 file, 0 directories. Total of file sizes: 348,241 bytes 340.08 K Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in drive C is System Volume Seri*hier nicht!* Number is C8A1-8626 Directory of C:\WINNT\System32 09.09.2005 08:03 <DIR> dllcache 0 File(s) 0 bytes 1 Dir(s) 2,376,765,440 bytes free |
|
|
||
03.11.2005, 12:53
...neu hier
Beiträge: 3 |
#184
Hi Sabina
Habe mir auch den Winfixer eingefangen. Dir geht das bestimmt schon auf die Nerven aber wäre echt super wenn du mir auch helfen könntest. Ich habe schon einige Sachen probiert die du anderen geraten hast was aber nicht funktioniert hat. Bei mir öffnet sich auch immer der Pop-up. Ich hoffe da ist noch was zu retten. ;-) vielen Dank im voraus L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** C:\WINDOWS\SYSTEM32\ ati2cqag.dll Wed 31 Aug 2005 2:42:50 A.... 233.472 228,00 K ati2dvag.dll Wed 31 Aug 2005 3:42:54 A.... 238.592 233,00 K ati2edxx.dll Wed 31 Aug 2005 3:37:22 A.... 39.936 39,00 K ati2evxx.dll Wed 31 Aug 2005 3:37:12 A.... 46.080 45,00 K ati3duag.dll Wed 31 Aug 2005 3:28:36 A.... 2.429.824 2,32 M atiddc.dll Wed 31 Aug 2005 3:35:46 A.... 53.248 52,00 K atidemgr.dll Wed 31 Aug 2005 5:33:32 A.... 258.048 252,00 K atiiiexx.dll Wed 31 Aug 2005 6:08:36 A.... 307.200 300,00 K atikvmag.dll Wed 31 Aug 2005 3:10:36 A.... 147.456 144,00 K atioglx1.dll Wed 31 Aug 2005 4:57:50 A.... 6.684.672 6,38 M atioglxx.dll Wed 31 Aug 2005 3:57:00 A.... 4.718.592 4,50 M atipdlxx.dll Wed 31 Aug 2005 3:37:44 A.... 106.496 104,00 K atitvo32.dll Wed 31 Aug 2005 2:47:46 A.... 17.408 17,00 K ativvaxx.dll Wed 31 Aug 2005 3:23:04 A.... 600.672 586,59 K browseui.dll Sat 3 Sep 2005 0:53:20 A.... 1.019.904 996,00 K cdfview.dll Sat 3 Sep 2005 0:53:20 A.... 152.064 148,50 K cdosys.dll Sat 10 Sep 2005 2:54:28 A.... 2.067.968 1,97 M danim.dll Sat 3 Sep 2005 0:53:20 A.... 1.055.744 1,00 M dxtrans.dll Sat 3 Sep 2005 0:53:22 A.... 205.312 200,50 K extmgr.dll Sat 3 Sep 2005 0:53:22 ..... 55.808 54,50 K iepeers.dll Sat 3 Sep 2005 0:53:22 A.... 251.392 245,50 K inseng.dll Sat 3 Sep 2005 0:53:22 A.... 96.768 94,50 K linkinfo.dll Thu 1 Sep 2005 2:44:42 A.... 19.968 19,50 K mshtml.dll Tue 4 Oct 2005 16:26:02 A.... 3.013.120 2,87 M mshtmled.dll Sat 3 Sep 2005 0:53:22 A.... 448.512 438,00 K msrating.dll Sat 3 Sep 2005 0:53:22 A.... 146.432 143,00 K mstime.dll Sat 3 Sep 2005 0:53:22 A.... 530.432 518,00 K netman.dll Mon 22 Aug 2005 19:31:48 A.... 197.632 193,00 K oemdspif.dll Wed 31 Aug 2005 3:37:34 A.... 73.728 72,00 K pngfilt.dll Sat 3 Sep 2005 0:53:22 A.... 39.424 38,50 K quartz.dll Tue 30 Aug 2005 4:55:36 A.... 1.292.800 1,23 M shdocvw.dll Sat 3 Sep 2005 0:53:22 A.... 1.484.288 1,41 M shell32.dll Fri 23 Sep 2005 4:06:22 A.... 8.491.520 8,10 M shlwapi.dll Sat 3 Sep 2005 0:53:22 A.... 474.112 463,00 K umpnpmgr.dll Tue 23 Aug 2005 4:39:58 A.... 124.416 121,50 K urlmon.dll Sat 3 Sep 2005 0:53:22 A.... 605.696 591,50 K wininet.dll Sat 3 Sep 2005 0:53:22 A.... 664.064 648,50 K winsrv.dll Thu 1 Sep 2005 2:44:44 A.... 292.352 285,50 K 38 items found: 38 files, 0 directories. Total of file sizes: 38.685.152 bytes 36,89 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Datentr„ger in Laufwerk C: ist System Volumeseriennummer: E4C7-32A2 Verzeichnis von C:\WINDOWS\System32 15.10.2005 12:13 <DIR> dllcache 07.04.2005 14:59 <DIR> Microsoft 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 3.222.953.984 Bytes frei 03.11.2005 11:16 305.652 perfh009.dat 03.11.2005 11:16 38.094 perfc009.dat 03.11.2005 11:16 310.384 perfh007.dat 03.11.2005 11:16 46.068 perfc007.dat 03.11.2005 11:16 705.468 PerfStringBackup.INI 03.11.2005 11:11 160.632 OODBS.lor 01.11.2005 18:16 13.646 wpa.dbl 06.10.2005 21:33 203.976 RICHTX32.OCX 05.10.2005 03:09 2.301.792 MRT.exe 04.10.2005 16:26 3.013.120 mshtml.dll 23.09.2005 04:06 8.491.520 shell32.dll 19.09.2005 19:27 111.784 FNTCACHE.DAT 10.09.2005 02:54 2.067.968 cdosys.dll 03.09.2005 00:53 664.064 wininet.dll 03.09.2005 00:53 1.484.288 shdocvw.dll 03.09.2005 00:53 474.112 shlwapi.dll 03.09.2005 00:53 96.768 inseng.dll 03.09.2005 00:53 251.392 iepeers.dll 03.09.2005 00:53 605.696 urlmon.dll 03.09.2005 00:53 530.432 mstime.dll 03.09.2005 00:53 146.432 msrating.dll 03.09.2005 00:53 55.808 extmgr.dll 03.09.2005 00:53 205.312 dxtrans.dll 03.09.2005 00:53 39.424 pngfilt.dll 03.09.2005 00:53 448.512 mshtmled.dll 03.09.2005 00:53 1.055.744 danim.dll 03.09.2005 00:53 152.064 cdfview.dll 03.09.2005 00:53 1.019.904 browseui.dll 01.09.2005 02:44 292.352 winsrv.dll 01.09.2005 02:44 19.968 linkinfo.dll 31.08.2005 06:08 307.200 atiiiexx.dll 31.08.2005 05:33 258.048 ATIDEMGR.dll 31.08.2005 04:57 6.684.672 atioglx1.dll 31.08.2005 03:57 4.718.592 Atioglxx.dll 31.08.2005 03:42 238.592 ati2dvag.dll 31.08.2005 03:37 106.496 atipdlxx.dll 31.08.2005 03:37 73.728 Oemdspif.dll 31.08.2005 03:37 25.088 Ati2mdxx.exe 31.08.2005 03:37 39.936 ati2edxx.dll 31.08.2005 03:37 46.080 ati2evxx.dll 31.08.2005 03:36 376.832 ati2evxx.exe 31.08.2005 03:35 53.248 ATIDDC.DLL 31.08.2005 03:28 2.429.824 ati3duag.dll 31.08.2005 03:23 600.672 ativvaxx.dll 31.08.2005 03:10 147.456 atikvmag.dll 31.08.2005 02:47 17.408 atitvo32.dll 31.08.2005 02:42 233.472 ati2cqag.dll 30.08.2005 20:05 516.096 ati2sgag.exe 30.08.2005 04:55 1.292.800 quartz.dll 26.08.2005 15:54 104.373 atiicdxx.dat 23.08.2005 04:39 124.416 umpnpmgr.dll 22.08.2005 19:31 197.632 netman.dll 15.08.2005 11:40 0 ldi7af0r.html 15.08.2005 11:38 3.550 tln3lf0u.ini 05.08.2005 16:32 349 results.txt 05.08.2005 16:28 2.723 i34jvv5j.dat 05.08.2005 16:27 34.064 5tr64rgj.dat 05.08.2005 16:27 186.632 c5dcrq98.dat 05.08.2005 16:27 4.152 vk90dsnt.dat 05.08.2005 16:27 0 ocmpmuu8.dat 05.08.2005 16:27 35 4848v8mu.ini 05.08.2005 16:27 35 dq6rsbpa.ini Datentr„ger in Laufwerk C: ist System Volumeseriennummer: E4C7-32A2 Verzeichnis von C:\DOKUME~1\Alex\LOKALE~1\Temp 03.11.2005 12:40 512 ~DF6101.tmp 03.11.2005 12:30 512 ~DFD24C.tmp 03.11.2005 12:30 512 ~DFCEDA.tmp 3 Datei(en) 1.536 Bytes 0 Verzeichnis(se), 3.222.953.984 Bytes frei Datentr„ger in Laufwerk C: ist System Volumeseriennummer: E4C7-32A2 Verzeichnis von C:\WINDOWS 03.11.2005 11:26 1.017 winamp.ini 03.11.2005 11:13 1.642.369 WindowsUpdate.log 03.11.2005 11:12 0 0.log 03.11.2005 11:12 2.048 bootstat.dat 02.11.2005 17:59 32.564 SchedLgU.Txt 02.11.2005 17:13 512 randseed.rnd 27.10.2005 14:42 69 NeroDigital.ini 10.10.2005 13:16 26 HNetCtrl.INI 06.10.2005 21:34 91.720 Label9 06.10.2005 21:34 98 Label7 06.10.2005 21:34 28 Label10 19.09.2005 19:09 982 eReg.dat 19.09.2005 15:56 30.681 scunin.dat 19.09.2005 15:56 967 ScUnin.pif 19.09.2005 15:56 69.632 ScUnin.exe 11.09.2005 14:46 140 wb.ini 11.09.2005 13:54 522 ODBC.INI 11.09.2005 13:54 49 transp.gif 11.09.2005 02:33 169 RtlRack.ini 06.09.2005 15:31 650 win.ini 15.08.2005 11:38 32 switpc.dat 15.08.2005 11:38 384 switps.dat 11.08.2005 08:35 234 BUHL.INI 11.08.2005 08:28 64 wiso.ini Datentr„ger in Laufwerk C: ist System Volumeseriennummer: E4C7-32A2 Verzeichnis von C:\ 03.11.2005 12:48 0 sys.txt 03.11.2005 12:48 4.827 system.txt 03.11.2005 12:47 382 systemtemp.txt 03.11.2005 12:44 95.505 system32.txt 03.11.2005 11:11 805.306.368 pagefile.sys 02.11.2005 12:56 4.674 backup.zip 02.11.2005 12:56 7.787 log.txt 02.11.2005 12:53 0 test5.txt 15.09.2005 20:17 523 hpfr3420.xml 15.09.2005 20:17 50.223 hpfr3420.log 23.12.2004 21:05 211 boot.ini 23.12.2004 20:56 47.564 NTDETECT.COM 23.12.2004 20:56 251.184 ntldr 21.12.2004 15:40 0 MSDOS.SYS 21.12.2004 15:40 0 IO.SYS 21.12.2004 15:40 0 CONFIG.SYS 21.12.2004 15:40 0 AUTOEXEC.BAT 29.08.2002 13:00 4.952 bootfont.bin 18 Datei(en) 805.774.200 Bytes 0 Verzeichnis(se), 3.222.941.696 Bytes frei Logfile of HijackThis v1.99.1 Scan saved at 12:52:35, on 03.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe d:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\SurfAccuracy\SAcc.exe D:\Programme\D-Tools\daemon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Telekom\Eumex 504PC SE\Capictrl.exe C:\Programme\Telekom\Eumex 504PC SE\HNetCtrl.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\oodag.exe D:\Winamp\winamp.exe C:\Programme\Internet Explorer\iexplore.exe D:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\Programme\Outlook Express\msimn.exe C:\Dokumente und Einstellungen\Alex\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sport1.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: CAPIControl.lnk = ? O4 - Global Startup: HomeNet Control.lnk = ? O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22d5d70773e0741ca806/netzip/RdxIE601_de.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041208/qtinstall.info.apple.com/pthalo/de/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103641784502 O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe |
|
|
||
03.11.2005, 13:45
Ehrenmitglied
Beiträge: 29434 |
#185
Xandi
Zitat 15.08.2005 11:40 0 ldi7af0r.htmlöffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe PC neustarten KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\ldi7af0r.html C:\WINDOWS\System32\tln3lf0u.ini C:\WINDOWS\System32\results.txt C:\WINDOWS\System32\i34jvv5j.dat C:\WINDOWS\System32\5tr64rgj.dat C:\WINDOWS\System32\c5dcrq98.dat C:\WINDOWS\System32\vk90dsnt.dat C:\WINDOWS\System32\ocmpmuu8.dat C:\WINDOWS\System32\4848v8mu.ini C:\WINDOWS\System32\dq6rsbpa.ini PC neustarten Killbox: DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Programme\SurfAccuracy C:\Programme\Preispiraten Conterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) poste mir noch mal das 1.Log vom datfindbat (System32),,,aber 05.08.2005 16:27 bis zum Ende Juli __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.11.2005, 13:52
...neu hier
Beiträge: 3 |
#186
Danke Sabina für die Antwort, hier ist das was du noch sehen wolltest.
05.08.2005 16:32 349 results.txt 05.08.2005 16:28 2.723 i34jvv5j.dat 05.08.2005 16:27 34.064 5tr64rgj.dat 05.08.2005 16:27 186.632 c5dcrq98.dat 05.08.2005 16:27 4.152 vk90dsnt.dat 05.08.2005 16:27 0 ocmpmuu8.dat 05.08.2005 16:27 35 4848v8mu.ini 05.08.2005 16:27 35 dq6rsbpa.ini 26.07.2005 05:39 397.824 rpcss.dll 26.07.2005 05:39 101.376 txflog.dll 26.07.2005 05:39 37.888 olecnv32.dll 26.07.2005 05:39 74.752 olecli32.dll 26.07.2005 05:39 11.776 xolehlp.dll 26.07.2005 05:39 1.285.120 ole32.dll 26.07.2005 05:39 91.136 mtxoci.dll 26.07.2005 05:39 161.280 msdtcuiu.dll 26.07.2005 05:39 945.152 msdtctm.dll 26.07.2005 05:39 66.560 mtxclu.dll 26.07.2005 05:39 425.472 msdtcprx.dll 26.07.2005 05:39 243.200 es.dll 26.07.2005 05:39 540.160 comuid.dll 26.07.2005 05:39 1.267.200 comsvcs.dll 26.07.2005 05:39 60.416 colbact.dll 26.07.2005 05:39 97.792 comrepl.dll 26.07.2005 05:39 498.688 clbcatq.dll 26.07.2005 05:39 625.152 catsrvut.dll 26.07.2005 05:39 110.080 clbcatex.dll 26.07.2005 05:39 225.792 catsrv.dll 08.07.2005 17:28 249.344 tapisrv.dll 08.07.2005 17:28 76.800 remotesp.tsp 06.07.2005 16:17 1.060.864 mfc71.dll ??????????? 02.07.2005 02:54 5.496 atifglpf.xml Gruß Xandi |
|
|
||
03.11.2005, 13:56
Ehrenmitglied
Beiträge: 29434 |
#187
Xandi
vor dem Loeschen--> rechtsklick-->mit dem Notepad oeffnen--> poste den Inhalt C:\WINDOWS\System32\i34jvv5j.dat C:\WINDOWS\System32\5tr64rgj.dat C:\WINDOWS\System32\c5dcrq98.dat C:\WINDOWS\System32\vk90dsnt.dat C:\WINDOWS\System32\ocmpmuu8.dat C:\WINDOWS\System32\4848v8mu.ini C:\WINDOWS\System32\dq6rsbpa.ini Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://virusscan.jotti.org/de/ http://www.virustotal.com/flash/index_en.html http://sandbox.norman.no/live_4.html C:\WINDOWS\System32\mfc71.dll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.11.2005, 14:05
...neu hier
Beiträge: 1 |
#188
Auch ich bin mit diesem verflixten WinFixer überfordert!
Hoffe mir kann jemand helfen, ich hab absolut keine Ahnung davon! Hier mein erstelltes Log-File: Logfile of HijackThis v1.99.1 Scan saved at 13:55:54, on 03.11.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe H:\AntiVir\AVWUPSRV.EXE C:\WINNT\System32\CTsvcCDA.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\drivers\KodakCCS.exe C:\Programme\Kodak\Kodak EasyShare software\bin\ptssvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Programme\Creative\SBLive\Diagnostics\diagent.exe C:\Programme\Microsoft Hardware\Mouse\point32.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\WINNT\tleivg.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\Programme\SurfAccuracy\SAcc.exe C:\Programme\ISTsvc\istsvc.exe C:\WINNT\system32\internat.exe C:\Programme\PowerStrip\pstrip.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\WINNT\system32\wuauclt.exe H:\Programme\ICQLite\ICQLite.exe C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE I:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.aol.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e55/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file) O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft UpLink] plcpSPOOL.exe O4 - HKLM\..\Run: [Windows Service] WINSVC.EXE O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [hVGD5tBc] C:\WINNT\tleivg.exe O4 - HKLM\..\Run: [hSùõB#¦²‘Æ&ßæÉjb‰»C:\Programme\ISTsvc\istsvc.exe] C:\WINNT\tleivg.exe O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [hV=äSùõB#¦²‘Æ&ßæÉjC:\Programme\ISTsvc\istsvc.exe] C:\WINNT\tleivg.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [Windows Firewall] firewall.exe O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe O4 - HKLM\..\RunServices: [Microsoft UpLink] plcpSPOOL.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Windows Firewall] firewall.exe O4 - HKCU\..\Run: [Windows Service] WINSVC.EXE O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe O4 - HKCU\..\Run: [Microsoft UpLink] plcpSPOOL.exe O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: GMX Clicktionary 2.8.lnk = H:\Programme\Clicktionary\Cleverlearn Clicktionary.exe O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: SYSTRAN: &Alle Rahmen übersetzen - h:\englich\Systranet\menuTranslateAll.html O8 - Extra context menu item: SYSTRAN: &Nach Aktualisierungen durchsuchen - h:\englich\Systranet\menuUpdate.html O8 - Extra context menu item: SYSTRAN: &Optionen - h:\englich\Systranet\menuConfigure.html O8 - Extra context menu item: SYSTRAN: &Registrieren - h:\englich\Systranet\menuRegister.html O8 - Extra context menu item: SYSTRAN: &Übersetzen - h:\englich\Systranet\menuTranslate.html O8 - Extra context menu item: SYSTRAN: Übersetzungstemporärspeicher &leeren - h:\englich\Systranet\menuClearCache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - I:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - I:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuTranslate.html (file missing) O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuTranslate.html (file missing) O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuTranslateAll.html (file missing) O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuTranslateAll.html (file missing) O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuConfigure.html (file missing) O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuConfigure.html (file missing) O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuClearCache.html (file missing) O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuClearCache.html (file missing) O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuRegister.html (file missing) O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuRegister.html (file missing) O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuUpdates.html (file missing) O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - h:\englich\Systranet\MenuUpdates.html (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e55/ O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_Crac*hier nicht!*.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EB19A8A0-882D-4E37-8926-EFD9DAB0C1D4}: NameServer = 217.237.149.161 217.237.151.225 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINNT\system32\vbsys2.dll (file missing) O23 - Service: AOL lnstant Messenger 2 (a2) - Unknown owner - C:\WINNT\system32\winsup.exe" -service (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\AntiVir\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\AntiVir\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: ptssvc - KODAK - C:\Programme\Kodak\Kodak EasyShare software\bin\ptssvc.exe O23 - Service: Remote_Procedure_Call (svchost) - Unknown owner - %windir%\system32\svchost.cmd (file missing) O23 - Service: TSMService - T-Systems Nova, Berkom - I:\T-DSL SpeedManager\tsmsvc.exe |
|
|
||
03.11.2005, 17:09
...neu hier
Beiträge: 3 |
#189
Hallo Sabina
Ich hab jetzt die Dateien gelöscht mit Killbox: C:\WINDOWS\System32\ldi7af0r.html C:\WINDOWS\System32\tln3lf0u.ini C:\WINDOWS\System32\results.txt C:\WINDOWS\System32\i34jvv5j.dat C:\WINDOWS\System32\5tr64rgj.dat C:\WINDOWS\System32\c5dcrq98.dat C:\WINDOWS\System32\vk90dsnt.dat C:\WINDOWS\System32\ocmpmuu8.dat C:\WINDOWS\System32\4848v8mu.ini C:\WINDOWS\System32\dq6rsbpa.ini Mit CounterSpy gescant (Scanreport) und C:\WINDOWS\System32\mfc71.dll scanen lassen (Report) ich hoffe dass ich es jetzt los habe. Viiiiiiiiiiiiiiielen Dank nochmal Gruß Xandi Datei: mfc71.dll Status: OK (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.) Entdeckte Packprogramme: - AntiVir Keine Viren gefunden ArcaVir Keine Viren gefunden Avast Keine Viren gefunden AVG Antivirus Keine Viren gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Keine Viren gefunden F-Prot Antivirus Keine Viren gefunden Fortinet Keine Viren gefunden Kaspersky Anti-Virus Keine Viren gefunden NOD32 Keine Viren gefunden Norman Virus Control Keine Viren gefunden UNA Keine Viren gefunden VBA32 Keine Viren gefunden Spyware Scan Details Start Date: 03.11.2005 16:01:51 End Date: 03.11.2005 16:54:51 Total Time: 53 mins Detected spyware SurfAccuracy Adware more information... Status: Deleted Infected files detected c:\programme\surfaccuracy\sacc.exe c:\programme\surfaccuracy\sacc.cfg Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy HKEY_LOCAL_MACHINE\Software\SAcc HKEY_LOCAL_MACHINE\Software\SAcc DbgInfo |2005-11-03 15:43:05 LoadDataFromRegistry - RegQueryValueEx for accid produced error 2: Das System kann die angegebene Datei nicht finden. |2005-11-03 15:59:32 LoadDataFromRegistry - RegQueryValueEx for accid pro HKEY_LOCAL_MACHINE\Software\SAcc Version 1108 HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1131056541 HKEY_LOCAL_MACHINE\Software\SAcc SAData uid:1-cnt:37-t:1131015546;1131015694;1131008999;1131027543;-c:1517367;ce:1131101946|c:1517524;ce:1131102094|c:1516775;ce:1131095399|c:1516893;ce:1131113943|- HKEY_LOCAL_MACHINE\Software\SAcc Counter 34 HKEY_LOCAL_MACHINE\Software\SAcc NextInvoke 1131028482 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString C:\Programme\SurfAccuracy\SAccU.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy YourSiteBar Spyware more information... Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar. Status: Deleted Infected files detected c:\programme\yoursitebar\imagemap_normal.bmp c:\programme\yoursitebar\version.txt c:\programme\yoursitebar\yoursitebar.xml c:\programme\yoursitebar\ysb.dll c:\windows\downloaded program files\ysbactivex.dll C:/WINDOWS/Downloaded Program Files/YSBactivex.dll Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InfFile HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 C:\WINDOWS\Downloaded Program Files\YSBactivex.dll HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID YSBactivex.Installer HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} Installer Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer Installer Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\YSBactivex.dll HKEY_CLASSES_ROOT\Ysbactivex.installer HKEY_CLASSES_ROOT\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\Ysbactivex.installer Installer Class HKEY_CLASSES_ROOT\YSBactivex.Installer HKEY_CLASSES_ROOT\YSBactivex.Installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\YSBactivex.Installer Installer Class misc.winsoftware.winfixer Misc more information... Details: Typically part of a bundle attack, WinFixer is a disabled, data repair utility that nags the user to purchase. Status: Deleted Infected files detected c:\windows\system32\drivers\df_kmd.sys Winfixer Potentially Unwanted Software more information... Details: Winfixer is known to be installed through inappropriate bundling and without users consent. It is a software that scans the users system for damaged files and attempts to fix it if the user pays a fee. Status: Deleted Infected files detected C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll C:\WINDOWS\system32\drivers\df_kmd.sys Internet Optimizer Browser Hijacker more information... Details: Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Alex\Internet Optimizer\update\actalert.exe C:\Program Files\Internet Optimizer\actalert.exe AvenueMedia.DyFuCA Browser Plug-in more information... Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Alex\Internet Optimizer\update\rogue.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 MoneyTree Dialer more information... Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj IST.PowerScan Adware more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest IST.SideFind Adware more information... Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807} IST.SlotchBar Toolbar more information... Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} IST.ISTbar.ActiveX Spyware more information... Details: ISTactivex is an Internet Explorer hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} IST.XXXToolbar Toolbar more information... Details: Adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj IST.ISTbar Browser Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} eXact.BargainBuddy Adware more information... Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\iexplore Count 21 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\iexplore Time Zango Search Assistant Adware more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Count 2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Time ATDMT.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\alex\cookies\alex@atdmt[1].txt DoubleClick Cookie more information... Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\alex\cookies\alex@doubleclick[1].txt BS.Serving-Sys Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\alex\cookies\alex@serving-sys[1].txt Adserver.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\alex\cookies\alex@z1.adserver[1].txt |
|
|
||
03.11.2005, 18:07
Ehrenmitglied
Beiträge: 29434 |
#190
Xandi
es ist eine neue Version von Winfixer....., danke, dass du das Log vom Counterspy gepostet hast C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll C:\WINDOWS\system32\drivers\df_kmd.sys der setzt sich sogar in den Treibern fest....... Nun muesste alles wieder in Ordnung sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.11.2005, 18:11
Ehrenmitglied
Beiträge: 29434 |
#191
Purisima
KEINE CHANCE EINER REINIGUNG...DER WINFIXER IST HIER DAS KLEINSTE UEBEL...DER PC IST MIT BACKDOORS UND ANDEREM "UNGEZIEFER" VERSEUCHT...... http://virus-protect.org/kompsystem.html http://virus-protect.org/nachneuinst.html Du mussty sofort diesen Rechner aus dem Netz nehmen und formatieren. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.11.2005, 11:17
...neu hier
Beiträge: 7 |
#192
Hallo Sabina,
sorry, ich steh gerade wohl auf 'm Schlauch. Oder kann das auch daran liegen, dass ich nur Windows 98 habe?? |
|
|
||
04.11.2005, 11:34
Ehrenmitglied
Beiträge: 29434 |
#193
gerry81
LSPfix.exe http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"--Remove und loesche die newdotnet6_98.dll (eventuell musst du die dll von links nach rechts bringen) bevor wir uns dem Winfixer zuwenden, mache bitte eine Systemwiederherstellung, sonst laesst sich new.net (eine andere Verseuchung) nicht beseitigen. Dann poste das neue Log vom HijckThis Zitat Start -> Hilfe und Support -> zur Option "Computeränderungen mit der Systemwiederherstellung rückgängig machen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.11.2005, 11:44
Ehrenmitglied
Beiträge: 29434 |
#194
Ichthys
entschuldige...nicht aufgepasst. LSPfix.exe http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"--Remove und loesche die newdotnet6_98.dll (eventuell musst du die dll von links nach rechts bringen) öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten F1 - win.ini: load=ptsnoop.exe O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_98.dll O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [wVPJA5] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" /PC=CP.IST2 /SHUN /UNAR="/CTUN" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.de O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab PC neustarten Bitte führe folgendes aus: Erstelle auf dem Desktop eine Datei findit.bat. Rechte Maustaste - Bearbeiten Dort fügst Du ein und speicherst: @echo off cd\ cd %windir%\system dir /a:-d /o:-d > %systemdrive%\system.txt cd\ cd %temp%\ dir /a:-d /o:-d > %systemdrive%\systemtemp.txt cd\ cd %windir% dir /a:-d /o:-d > %systemdrive%\win.txt cd\ dir /a:-d /o:-d > %systemdrive%\sys.txt exit Ausführen! Im Verzeichnis C:\ liegen nun vier Text-Dateien. Die öffnest Du bitte und kopierst alle Einträge der letzten 2 Monate hier Zitat Troj/Ptsnoop ist ein Backdoor-Trojaner. Er kopiert sich nach \windows\system\ptsnoop.exe und ändert die win.ini, indem zur Zeile 'load = ' 'c:\windows\system\ptsnoop.exe' hinzufügt. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.11.2005, 14:40
...neu hier
Beiträge: 7 |
#195
Ich hab alles erdenkliche ausprobiert, aber ich bin einfach nicht draufgekommen. Wie kann man eine bat Datei auf dem Desktop erstellen?
|
|
|
||
Danke