HAbe mir Alcra.B gefangen, -und bin überfordert

#0
21.08.2005, 13:40
Member
Avatar Yourhighness

Beiträge: 279
#16 Hallo,
lade Dir das LP einfach runter. Es ist eine extrahierende Setup. Installiere, starte Adaware und dann folge den Anweisungen die ich auf Nikitas Seite übersetzt habe...

MfG,
__________
Yourhighness
Yourhighness' Seite / Mein Blog (Englisch)
Seitenanfang Seitenende
21.08.2005, 18:41
Member

Themenstarter

Beiträge: 13
#17 So, mit dem LP hat es zwar nicht geklappt, aber ich hab das ganze dann in Englisch Konfiguriert ( war heute morgen nur zu Faul den Kopf zu benutzen )
Der erste scan hat nochmal 5 Dateien gefunden, der zweite war dann aber sauber!

Hier ist der Logfile vom zweiten scan...


Ad-Aware SE Build 1.06r1
Logfile Created on:Sonntag, 21. August 2005 18:24:04
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R62 17.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R62 17.08.2005
Internal build : 72
File location : D:\Programme\Security\Ad-Aware SE Personal\defs.ref
File size : 509965 Bytes
Total size : 1536749 Bytes
Signature data size : 1503983 Bytes
Reference data size : 32254 Bytes
Signatures total : 42805
CSI Fingerprints total : 1012
CSI data size : 35821 Bytes
Target categories : 15
Target families : 731


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:22 %
Total physical memory:261600 kb
Available physical memory:56152 kb
Total page file size:633528 kb
Available on page file:504512 kb
Total virtual memory:2097024 kb
Available virtual memory:2031532 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


21.08.2005 18:24:04 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 440
ThreadCreationTime : 21.08.2005 16:12:43
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 488
ThreadCreationTime : 21.08.2005 16:12:45
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 512
ThreadCreationTime : 21.08.2005 16:12:46
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 556
ThreadCreationTime : 21.08.2005 16:12:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 568
ThreadCreationTime : 21.08.2005 16:12:46
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 736
ThreadCreationTime : 21.08.2005 16:12:47
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 788
ThreadCreationTime : 21.08.2005 16:12:47
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 928
ThreadCreationTime : 21.08.2005 16:12:47
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 972
ThreadCreationTime : 21.08.2005 16:12:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1168
ThreadCreationTime : 21.08.2005 16:12:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1336
ThreadCreationTime : 21.08.2005 16:12:53
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:12 [delttray.exe]
ModuleName : C:\WINDOWS\System32\DeltTray.exe
Command Line : "C:\WINDOWS\System32\DeltTray.exe"
ProcessID : 1400
ThreadCreationTime : 21.08.2005 16:12:54
BasePriority : Normal
FileVersion : 5.1.0.01
ProductVersion : 5.1.0.01
ProductName : M Audio Delta Control Panel Interface System Tray Applet
CompanyName : Doug Fetter Software Wizardry
FileDescription : M Audio Delta Control Panel Interface System Tray Applet
InternalName : Delta Panel System Tray Applet
LegalCopyright : Copyright © 2002 Midiman, Inc. All rights reserved.
LegalTrademarks : M Audio (TM) is a legal trademark of MIDIMAN, Inc.
OriginalFilename : DeltTray.EXE
Comments : Developed by Doug Fetter Software Wizardry

#:13 [winampa.exe]
ModuleName : D:\Programme\Player\Winamp\winampa.exe
Command Line : "D:\Programme\Player\Winamp\winampa.exe"
ProcessID : 1436
ThreadCreationTime : 21.08.2005 16:12:55
BasePriority : Normal


#:14 [jusched.exe]
ModuleName : C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
Command Line : "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe"
ProcessID : 1444
ThreadCreationTime : 21.08.2005 16:12:55
BasePriority : Normal


#:15 [realsched.exe]
ModuleName : C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
Command Line : "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1452
ThreadCreationTime : 21.08.2005 16:12:55
BasePriority : Normal
FileVersion : 0.1.0.3292
ProductVersion : 0.1.0.3292
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:16 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 1496
ThreadCreationTime : 21.08.2005 16:12:56
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:17 [ad-aware.exe]
ModuleName : D:\Programme\Security\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Programme\Security\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1820
ThreadCreationTime : 21.08.2005 16:13:22
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:18 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2004
ThreadCreationTime : 21.08.2005 16:13:54
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [avguard.exe]
ModuleName : D:\Programme\anti VIR\AVGUARD.EXE
Command Line : "D:\Programme\anti VIR\AVGUARD.EXE"
ProcessID : 2024
ThreadCreationTime : 21.08.2005 16:13:55
BasePriority : Normal


#:20 [avwupsrv.exe]
ModuleName : D:\Programme\anti VIR\AVWUPSRV.EXE
Command Line : "D:\Programme\anti VIR\AVWUPSRV.EXE"
ProcessID : 2036
ThreadCreationTime : 21.08.2005 16:13:56
BasePriority : Normal


#:21 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 124
ThreadCreationTime : 21.08.2005 16:13:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:22 [ewidoctrl.exe]
ModuleName : D:\Programme\Security\security suite\ewidoctrl.exe
Command Line : "D:\Programme\Security\security suite\ewidoctrl.exe"
ProcessID : 172
ThreadCreationTime : 21.08.2005 16:13:57
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:23 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1792
ThreadCreationTime : 21.08.2005 16:15:18
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

#:24 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 124l
ProcessID : 1740
ThreadCreationTime : 21.08.2005 16:20:46
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (D;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (E;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (F;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Not Avaliable

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


18:32:53 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:49.632
Objects scanned:110508
Objects identified:0
Objects ignored:0
New critical objects:0

... der log von HJT kommt auch gleich!


Und hier ist er auch schon!

Logfile of HijackThis v1.99.1
Scan saved at 18:48:54, on 21.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
D:\Programme\Player\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programme\anti VIR\AVGUARD.EXE
D:\Programme\anti VIR\AVWUPSRV.EXE
C:\WINDOWS\System32\cisvc.exe
D:\Programme\Security\security suite\ewidoctrl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
D:\Programme\Firefox\firefox.exe
D:\Programme\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\anti VIR\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Player\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://D:\PROGRA~1\Office\1031\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCF6F0F3-675B-4A58-AC8E-E34182A14875}: NameServer = 217.237.149.161 217.237.150.97
O18 - Filter: text/html - {53B95211-7D77-11D2-9F80-00104B107C96} - (no file)
O18 - Filter: text/plain - {53B95211-7D77-11D2-9F80-00104B107C96} - (no file)
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O20 - AppInit_DLLs: cpan.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Programme\anti VIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\anti VIR\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Programme\Security\security suite\ewidoctrl.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bis gleich...
Dieser Beitrag wurde am 21.08.2005 um 18:53 Uhr von Tobi79 editiert.
Seitenanfang Seitenende
21.08.2005, 22:06
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 Fixe mit dem HijackThis:

O18 - Filter: text/html - {53B95211-7D77-11D2-9F80-00104B107C96} - (no file)
O18 - Filter: text/plain - {53B95211-7D77-11D2-9F80-00104B107C96} - (no file)
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)

neustarten

loesche.
C:\WINDOWS\hh.htt
cpan.dll

#neue Startseite

gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken

•CWShredder

http://virus-protect.org/antispywaretools.html
* Double-click on CWShredder.exe.
WÄHREND des Scanvorganges müssen ALLE
sonstige Anwendungen beendet werden und
alle Browserfenster müssen geschlossen sein!
* Click "Fix ->" und click "OK"
* CWShredder scannen lassen
* Click "Next->" und dann "Exit".

Onlinescan mit panda -->wenn der Antivirus "meckert" -->nicht beachten--->berichte vom Scan ;)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende