Home » Spyware & Browser Hijacker Support Forum » Ständige Werbefenster » Themenansicht

Ständige Werbefenster
#0
17.09.2005, 19:30
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 Talullah

loesche alles BackUps vom HijackThis, dann :

loesche mit der Killbox:

C:\System Volume Information\_restore{E20F4D18-5573-4984-AFCE-37F5525C946C}\RP236\A0024175.exe

PC neustarten

falls es weg ist, brauchst du nicht die gesamte Systemwiederherstellung zu deaktivieren.
Ueberpruefe mit Kaspersky, ob der Eintrag geloescht wurde und berichte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.09.2005, 16:41
Talullah
...neu hier

Themenstarter

Beiträge: 9
#17 sieht doch ganz gut aus oder??


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, September 18, 2005 16:21:37
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/09/2005
Kaspersky Anti-Virus database records: 140840
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 73576
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 4005 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.





ich habe auch mal ein ad aware log erstellt. vielleit kannst du damit ja noch was anfagen


Ad-Aware SE Build 1.06r1
Logfile Created on:Sonntag, 18. September 2005 16:23:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R66 14.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Claria(TAC index:7):1 total references
EzuLa(TAC index:6):5 total references
MRU List(TAC index:0):20 total references
Tracking Cookie(TAC index:3):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk Thread
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


18.09.2005 16:23:08 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Kati\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\automap\11.0\findmru
Description : list of recently used find queries used in microsoft automap-based products


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-2262210842-1081218078-2496759010-1005\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 540
ThreadCreationTime : 18.09.2005 11:43:54
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 18.09.2005 11:43:59
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 18.09.2005 11:44:00
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 18.09.2005 11:44:00
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 18.09.2005 11:44:00
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 840
ThreadCreationTime : 18.09.2005 11:44:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 904
ThreadCreationTime : 18.09.2005 11:44:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1068
ThreadCreationTime : 18.09.2005 11:44:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1100
ThreadCreationTime : 18.09.2005 11:44:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1252
ThreadCreationTime : 18.09.2005 11:44:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1512
ThreadCreationTime : 18.09.2005 11:44:05
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:12 [ehtray.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 1668
ThreadCreationTime : 18.09.2005 11:44:06
BasePriority : Normal
FileVersion : 5.1.2600.1217 (WXPMCE.030729-0430)
ProductVersion : 5.1.2600.1217
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:13 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1700
ThreadCreationTime : 18.09.2005 11:44:06
BasePriority : Normal
FileVersion : 5.1.09
ProductVersion : 5.1.09
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:14 [hpztsb07.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 1716
ThreadCreationTime : 18.09.2005 11:44:06
BasePriority : Normal
FileVersion : 2,140,0,0
ProductVersion : 2,140,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2002

#:15 [wkufind.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\
ProcessID : 1732
ThreadCreationTime : 18.09.2005 11:44:07
BasePriority : Normal
FileVersion : 9.00.0603.0
ProductVersion : 9.00.0603.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works-Aktualisierungserkennung
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:16 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_03\bin\
ProcessID : 1744
ThreadCreationTime : 18.09.2005 11:44:07
BasePriority : Normal


#:17 [ituneshelper.exe]
FilePath : C:\Programme\iTunesQuicktime\
ProcessID : 1752
ThreadCreationTime : 18.09.2005 11:44:07
BasePriority : Normal
FileVersion : 4.2.0.72
ProductVersion : 4.2.0.72
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iTunesHelper.exe

#:18 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 1760
ThreadCreationTime : 18.09.2005 11:44:07
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:19 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 1768
ThreadCreationTime : 18.09.2005 11:44:07
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1776
ThreadCreationTime : 18.09.2005 11:44:07
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:21 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1784
ThreadCreationTime : 18.09.2005 11:44:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:22 [bttray.exe]
FilePath : C:\Programme\Sitecom\Bluetooth Software\
ProcessID : 1812
ThreadCreationTime : 18.09.2005 11:44:07
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTTray.exe

#:23 [watch.exe]
FilePath : C:\WINDOWS\twain_32\A4CIS600\
ProcessID : 1840
ThreadCreationTime : 18.09.2005 11:44:08
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 1, 0, 0
ProductName : Watch Dog
CompanyName : Common Group
FileDescription : Watch Dog
InternalName : Gloria
LegalCopyright : Copyright (C) 1998
OriginalFilename : WATCH.EXE

#:24 [icq.exe]
FilePath : C:\PROGRA~1\ICQ\
ProcessID : 1896
ThreadCreationTime : 18.09.2005 11:44:08
BasePriority : Normal
FileVersion : 5,5,6,3916
ProductVersion : 2003b
ProductName : ICQ
CompanyName : ICQ Inc.
FileDescription : ICQ
InternalName : ICQ
LegalCopyright : Copyright © 1996 - 2001 ICQ Inc. All Rights Reserved.
OriginalFilename : ICQ.exe
Comments : ICQ V2003b

#:25 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1928
ThreadCreationTime : 18.09.2005 11:44:08
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [avwupsrv.exe]
FilePath : C:\Programme\AVPersonal antivir\
ProcessID : 1940
ThreadCreationTime : 18.09.2005 11:44:08
BasePriority : Normal


#:27 [btwdins.exe]
FilePath : C:\Programme\Sitecom\Bluetooth Software\bin\
ProcessID : 1956
ThreadCreationTime : 18.09.2005 11:44:09
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTWDIns.EXE

#:28 [ehsched.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 1980
ThreadCreationTime : 18.09.2005 11:44:09
BasePriority : Normal
FileVersion : 5.1.2600.1217 (WXPMCE.030729-0430)
ProductVersion : 5.1.2600.1217
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:29 [ewidoctrl.exe]
FilePath : C:\Programme\ewido\security suite\
ProcessID : 2004
ThreadCreationTime : 18.09.2005 11:44:09
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:30 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2040
ThreadCreationTime : 18.09.2005 11:44:09
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:31 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 212
ThreadCreationTime : 18.09.2005 11:44:09
BasePriority : Normal
FileVersion : 6.14.01.4351
ProductVersion : 6.14.01.4351
ProductName : NVIDIA Driver Helper Service, Version 43.51
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 43.51
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:32 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 412
ThreadCreationTime : 18.09.2005 11:44:09
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:33 [ipodservice.exe]
FilePath : C:\Programme\iPod\bin\
ProcessID : 1680
ThreadCreationTime : 18.09.2005 11:44:14
BasePriority : Normal
FileVersion : 4.2.0.72
ProductVersion : 4.2.0.72
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iPodService.exe

#:34 [ehmsas.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 2216
ThreadCreationTime : 18.09.2005 11:44:15
BasePriority : Normal
FileVersion : 5.1.2600.1217 (WXPMCE.030729-0430)
ProductVersion : 5.1.2600.1217
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2540
ThreadCreationTime : 18.09.2005 11:45:26
BasePriority : Normal
FileVersion : 5.4.3630.1106 (xpsp1.020828-1920)
ProductVersion : 5.4.3630.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Client des automatischen Updates von Windows Update
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

#:36 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3604
ThreadCreationTime : 18.09.2005 11:58:24
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:37 [acrord32.exe]
FilePath : C:\Programme\Adobe\Acrobat 6.0\Reader\
ProcessID : 360
ThreadCreationTime : 18.09.2005 12:03:56
BasePriority : Normal
FileVersion : 6.0.0.2003051900
ProductVersion : 6.0.0.2003051900
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 6.0
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe

#:38 [wisptis.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 572
ThreadCreationTime : 18.09.2005 12:04:31
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020828-1920)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE

#:39 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 1308
ThreadCreationTime : 18.09.2005 14:11:04
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:40 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3896
ThreadCreationTime : 18.09.2005 14:21:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE

#:41 [ad-aware.exe]
FilePath : C:\Programme\Ad-Aware SE Personal\
ProcessID : 4016
ThreadCreationTime : 18.09.2005 14:22:56
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulabootexe.installctrl.1

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 22


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@partners.webmasterplan[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:kati@partners.webmasterplan.com/
Expires : 11.09.2015
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:kati@mediaplex.com/
Expires : 22.06.2009 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:kati@advertising.com/
Expires : 17.09.2010 16:18:46
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:kati@imrworldwide.com/cgi-bin
Expires : 16.09.2015 15:02:32
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:kati@doubleclick.net/
Expires : 16.09.2008 19:45:34
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:kati@atdmt.com/
Expires : 12.09.2010 02:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:kati@2o7.net/
Expires : 17.09.2010 16:21:14
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:kati@real.com/
Expires : 02.11.2005 12:53:00
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:25
Value : Cookie:kati@as1.falkag.de/
Expires : 18.10.2005 16:20:16
LastSync : Hits:25
UseCount : 0
Hits : 25

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:kati@tradedoubler.com/
Expires : 12.09.2025 13:36:14
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kati@servedby.advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:kati@servedby.advertising.com/
Expires : 18.10.2005 16:18:46
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 33



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : File
Data : A0021593.exe
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{E20F4D18-5573-4984-AFCE-37F5525C946C}\RP222\
FileVersion : 4.1.0.4
ProductVersion : 4.1.0.4
OriginalFilename : Trickler.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 34




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

EzuLa Object Recognized!
Type : Folder
TAC Rating : 6
Category : Data Miner
Comment : EzuLa
Object : C:\Dokumente und Einstellungen\Kati\Startmenü\Programme\TopText iLookup

EzuLa Object Recognized!
Type : File
Data : ezstub.exe
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
ProductName : eZstub Module
CompanyName : Imesh20
FileDescription : eZstub Module
InternalName : eZstub
LegalCopyright : Copyright 2000
OriginalFilename : eZstub.EXE


Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 37

16:39:04 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:56.360
Objects scanned:154097
Objects identified:17
Objects ignored:0
New critical objects:17
Seitenanfang Seitenende
19.09.2005, 00:23
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 Hallo@Kati

fein ;)
ich denke, dass nun alles in Ordnung ist ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.09.2005, 16:56
Talullah
...neu hier

Themenstarter

Beiträge: 9
#19 hey super!! ganz dickes DANKE!!!!

nur noch eine sache. was empfiehlst du mir, dass es auch in ordnung bleibt??
Seitenanfang Seitenende
21.09.2005, 11:37
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 lade die WindowsUpdates (SP2) , und surfe nur noch mit dem Firefox, nicht mit dem IE ;)

#Alternativbrowser zum IE
Firefox
http://www.firefox-browser.de/windows.php
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.09.2005, 14:59
Mastero
...neu hier

Beiträge: 1
#21 ich hab auch nen problem mit popups und evtl. mit winfix
hier meine hijack logs
ebenfalls bekomme ich gerade virenwarnung von exploit-mht.redirg

Logfile of HijackThis v1.99.1
Scan saved at 14:40:11, on 23.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\ Network Associates\McAfee Desktop Firewall für Windows XP\FireSvc.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Network Associates\VirusScan\MCUPDATE.EXE
C:\Programme\Network Associates\Common Framework\McScript_InUse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\NetPumper\NetPumperIEProxy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Multimedia\main\launchpd.exe
C:\Programme\ATI Multimedia\main\ATIDtct.EXE
C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\NetPumper\NetPumperIEProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Multimedia\main\ATIDtct.EXE
C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Steam\Steam.exe
C:\Programme\s-t-i-n-g-e-r.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Robin\LOKALE~1\Temp\Rar$EX05.203\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.t-online.de/service/redir/tosw5_webtour.htm
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] REM ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] REM ALCMTR.EXE
O4 - HKLM\..\Run: [CARPService] REM carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] REM C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] REM C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OEM-Reset] REM
O4 - HKLM\..\Run: [ICQ Lite] REM C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Programme\ Network Associates\McAfee Desktop Firewall für Windows XP\Firetray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Programme\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [exit file surf live] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ByteAmenExitFile\teamfind.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [] REM
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programme\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programme\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [chinhole] C:\DOKUME~1\Robin\ANWEND~1\UPLOAD~1\Obj dog.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.de
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121345254814
O17 - HKLM\System\CCS\Services\Tcpip\..\{0488DDF0-AACF-420D-A164-91F4AC13060C}: NameServer = 217.237.151.161 217.237.151.33
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Programme\ Network Associates\McAfee Desktop Firewall für Windows XP\FireSvc.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Dieser Beitrag wurde am 23.09.2005 um 15:03 Uhr von Mastero editiert.
Seitenanfang Seitenende
23.09.2005, 16:36
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 Hallo@Mastero

CCleaner (loesche alle temp.Dateien)
http://virus-protect.org/virusprotect/temp.html

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [exit file surf live] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ByteAmenExitFile\teamfind.exe
O4 - HKCU\..\Run: [chinhole] C:\DOKUME~1\Robin\ANWEND~1\UPLOAD~1\Obj dog.exe

PC neustarten

deinstallieren:
C:\Programme\NetPumper

scanne mit escan und poste mir, was infiziert und target ist:
http://virus-protect.org/virusprotect/escan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12