lop entfernen? + O4 - HKCU\..\Run: [Microsoft DirectX] rasmngr.exe

#31 Hallo@melaberlin

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:


dir %Windir%\tasks /a h > files.txt
notepad files.txt


- Speichern als: findjobs.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text
__________
MfG Sabina

rund um die PC-Sicherheit

#32 hallo sabina

hier der text von findjobs :

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 58EC-EF6E

Verzeichnis von C:\WINDOWS\tasks

28.08.2005 02:44 <DIR> .
28.08.2005 02:44 <DIR> ..
15.09.2005 16:00 258 976049A1B203F925.job
29.08.2002 14:00 65 desktop.ini
02.08.2005 05:22 582 Norton AntiVirus - Meinen Computer pr�fen - ingo.job
13.09.2005 10:37 366 Norton SystemWorks One Button Checkup.job
14.09.2005 20:32 6 SA.DAT
14.09.2005 19:54 346 Symantec NetDetect.job
6 Datei(en) 1.623 Bytes

Verzeichnis von C:\Dokumente und Einstellungen\ingo\Desktop


MfG mela

#33 melaberlin

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h 976049A1B203F925.job
del 976049A1B203F925.job

- Speichern als: remjob.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal

Poste nochmals findjobs.bat
__________
MfG Sabina

rund um die PC-Sicherheit

#34 smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!

*********************************************************

Jetzt das aus EScan!


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Wed Sep 14 18:23:26 2005 => Offending file found: C:\WINDOWS\gpinstall.exe
2: Wed Sep 14 18:23:26 2005 => System found infected with Conducent FlexPak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.
3: Wed Sep 14 18:24:17 2005 => File C:\WINDOWS\System32\hgqhp.exe infected by "Trojan.Win32.DNSChanger.x" Virus! Action Taken: No Action Taken.
4: Wed Sep 14 18:25:31 2005 => File C:\WINDOWS\System32\winupdates.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
5: Wed Sep 14 18:27:30 2005 => File C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a5399d2-3f487523.zip infected by "Trojan.Java.ClassLoader.ai" Virus! Action Taken: No Action Taken.
6: Wed Sep 14 18:54:00 2005 => File C:\WINDOWS\system32\hgqhp.exe infected by "Trojan.Win32.DNSChanger.x" Virus! Action Taken: No Action Taken.
7: Wed Sep 14 18:55:46 2005 => File C:\WINDOWS\system32\winupdates.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Wed Sep 14 18:22:21 2005 => File C:\Dokumente und Einstellungen\Marcus\Desktop\test\backups\backup-20050913-153010-289.dll tagged as not-a-virusownloader.Win32.PopCap.b. No Action Taken.
2: Wed Sep 14 18:24:15 2005 => File C:\WINDOWS\System32\flsmngr.dll tagged as "not-a-virus:AdWare.Searcher.j". Action Taken: No Action Taken.
3: Wed Sep 14 18:27:44 2005 => File C:\Dokumente und Einstellungen\Marcus\Desktop\test\backups\backup-20050913-153010-289.dll tagged as not-a-virusownloader.Win32.PopCap.b. No Action Taken.
4: Wed Sep 14 18:42:46 2005 => File C:\RECYCLER\NPROTECT\00104023.DLL tagged as not-a-virusownloader.Win32.PopCap.b. No Action Taken.
5: Wed Sep 14 18:53:57 2005 => File C:\WINDOWS\system32\flsmngr.dll tagged as "not-a-virus:AdWare.Searcher.j". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Wed Sep 14 18:22:25 2005 => ERROR!!! Invalid Entry C:\WINDOWS\System32\eaopaaaa.exe in SYSTEM\CurrentControlSet\Services\Distributed Link Tracking Client Helper...
2: Wed Sep 14 18:23:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
3: Wed Sep 14 18:23:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
4: Wed Sep 14 18:23:36 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\Default.rul". Action Taken: No Action Taken.
5: Wed Sep 14 18:23:37 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.
6: Wed Sep 14 18:23:37 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Activision\Star Trek - Armada". Action Taken: No Action Taken.
7: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
8: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
9: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken.
10: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Wireless-G Notebook Adapter" refers to invalid object "C:\Program Files\Linksys\Wireless-G Notebook Adapter\Wireless-G Notebook Adapter". Action Taken: No Action Taken.
11: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\WUSB54G Wireless-G Adapter\YourApp.exe". Action Taken: No Action Taken.
12: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\System32\LogFiles\". Action Taken: No Action Taken.
13: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Intel Network Adapters\". Action Taken: No Action Taken.
14: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Norton AntiVirus\". Action Taken: No Action Taken.
15: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Norton Personal Firewall\". Action Taken: No Action Taken.
16: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\PrintMe Internet Printing\". Action Taken: No Action Taken.
17: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Firaxis Games\Sid Meier's Pirates!\". Action Taken: No Action Taken.
18: Wed Sep 14 18:23:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Firaxis Games\". Action Taken: No Action Taken.
19: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".002". Action Taken: No Action Taken.
20: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".003". Action Taken: No Action Taken.
21: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.
22: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cgi[1]". Action Taken: No Action Taken.
23: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".csv". Action Taken: No Action Taken.
24: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.
25: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m2v". Action Taken: No Action Taken.
26: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m4a". Action Taken: No Action Taken.
27: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mp1". Action Taken: No Action Taken.
28: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken.
29: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
30: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pls". Action Taken: No Action Taken.
31: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pps". Action Taken: No Action Taken.
32: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
33: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
34: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken.
35: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".thumbnail". Action Taken: No Action Taken.
36: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tib". Action Taken: No Action Taken.
37: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VOB". Action Taken: No Action Taken.
38: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".W02". Action Taken: No Action Taken.
39: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpl". Action Taken: No Action Taken.
40: Wed Sep 14 18:23:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
41: Wed Sep 14 18:23:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spy Cleaner 7.1.3 Free Version". Action Taken: No Action Taken.
42: Wed Sep 14 18:23:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{000425D5-C69B-4C02-943D-73713516D8EF}". Action Taken: No Action Taken.
43: Wed Sep 14 18:23:39 2005 => Entry "HKCR\CLSID\{36773DF3-37FC-47B6-9F8F-CC4699917938}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
44: Wed Sep 14 18:23:40 2005 => Entry "HKCR\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}" refers to invalid object "C:\WINDOWS\System32\Hmbkdbap.dll". Action Taken: No Action Taken.
45: Wed Sep 14 18:23:40 2005 => Entry "HKCR\CLSID\{7F7061D5-7D67-11D3-92C5-006067310535}" refers to invalid object "E:\Acer\tools\regactvx.exe". Action Taken: No Action Taken.
46: Wed Sep 14 18:23:40 2005 => Entry "HKCR\CLSID\{90914AA1-0A85-407B-AA90-AD5BE725D805}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
47: Wed Sep 14 18:23:40 2005 => Entry "HKCR\CLSID\{9F19664B-C033-4F4A-80BD-4280397D9D91}" refers to invalid object "E:\Setup.exe". Action Taken: No Action Taken.
48: Wed Sep 14 18:23:41 2005 => Entry "HKCR\CLSID\{D725B551-443E-4E18-858D-AE3D88715F18}" refers to invalid object "E:\Setup.exe". Action Taken: No Action Taken.
49: Wed Sep 14 18:23:41 2005 => Entry "HKCR\TypeLib\{746BAB70-810C-4FC5-8583-C1E7A40642C7}" refers to invalid object "E:\Acer\tools\LaunchRS.ocx". Action Taken: No Action Taken.
50: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
51: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
52: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.bzm\shell\open\command" refers to invalid object "C:\Programme\Nival Interactive\Blitzkrieg\Run\mapeditor.exe ". Action Taken: No Action Taken.
53: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
54: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
55: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
56: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
57: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
58: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
59: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
60: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
61: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
62: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.scb" refers to invalid object "SpeedProject.SpeedCommander.SCBFile". Action Taken: No Action Taken.
63: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
64: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
65: Wed Sep 14 18:23:42 2005 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
66: Wed Sep 14 18:23:42 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
67: Wed Sep 14 18:23:43 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
68: Wed Sep 14 18:23:43 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
69: Wed Sep 14 18:23:43 2005 => Entry "HKCR\Shareaza.SkinInfoExtractor.1" refers to invalid object "{0EEDB912-C5FA-486F-8334-57288578C627}". Action Taken: No Action Taken.
70: Wed Sep 14 18:23:43 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
71: Wed Sep 14 18:23:43 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
72: Wed Sep 14 18:23:43 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
73: Wed Sep 14 18:23:43 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
74: Wed Sep 14 18:23:43 2005 => Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
75: Wed Sep 14 18:23:43 2005 => Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
76: Wed Sep 14 18:26:03 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
77: Wed Sep 14 18:26:03 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy\Recovery\HangUpTeamTechnicRat.zip is Not Scanned
78: Wed Sep 14 18:26:03 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spybot - Search & Destroy\Recovery\PSGuardmsmsgs.zip is Not Scanned

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\Dokumente und Einstellungen\Marcus\Desktop\test\backups\backup-20050913-153010-289.dll => taggedownloader.Win32.PopCap.b.
2: C:\WINDOWS\System32\hgqhp.exe => Trojan.Win32.DNSChanger.x
3: C:\WINDOWS\System32\winupdates.exe => Backdoor.Win32.Rbot.gen
4: C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a5399d2-3f487523.zip => Trojan.Java.ClassLoader.ai
5: C:\RECYCLER\NPROTECT\00104023.DLL => taggedownloader.Win32.PopCap.b.
6: C:\WINDOWS\system32\hgqhp.exe => Trojan.Win32.DNSChanger.x
7: C:\WINDOWS\system32\winupdates.exe => Backdoor.Win32.Rbot.gen

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Wed Sep 14 18:56:27 2005 => Total Objects Scanned: 77420
Wed Sep 14 18:56:27 2005 => Total Virus(es) Found: 12
Wed Sep 14 18:56:27 2005 => Total Errors: 78
Wed Sep 14 18:56:27 2005 => Virus Database Date: 2005/09/14
Wed Sep 14 18:56:27 2005 => Virus Database Count: 149277
Wed Sep 14 18:59:32 2005 => Total Objects Scanned: 77420
Wed Sep 14 18:59:32 2005 => Total Virus(es) Found: 12
Wed Sep 14 18:59:32 2005 => Total Errors: 78


Wie geht es weiter....
endlich hab ich das geschafft! *schwitz*
Danke wieder mal ))

#35 Hallo@Marcus77

•LSPfix.exe
http://www.spychecker.com/program/lspfix.html

hake an: "I know what Im doing"-->Remove
und loesche die flsmngr.dll (falls die dll im Tool sichtbar ist)

kopiere alles in die killbox, wenn es noch da ist, wird es angezeigt, wenn nicht, um so besser, beim letzten starte den PC neu

•KillBox
http://www.bleepingcomputer.com/files/killbox.php
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\System32\winupdates.exe
C:\WINDOWS\System32\hgqhp.exe
C:\WINDOWS\System32\eaopaaaa.exe
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\System32\Hmbkdbap.dll
C:\WINDOWS\System32\flsmngr.dll
C:\WINDOWS\gpinstall.exe
C:\RECYCLER\NPROTECT\00104023.DLL

PC neustarten

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

dir %Windir%\tasks /a h > files.txt
notepad files.txt

- Speichern als: findjobs.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text

scanne mit kaspersky und panda + berichte
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#36 hallo sabina

hier der text von findjobs:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 58EC-EF6E

Verzeichnis von C:\WINDOWS\tasks

15.09.2005 18:10 <DIR> .
15.09.2005 18:10 <DIR> ..
29.08.2002 14:00 65 desktop.ini
02.08.2005 05:22 582 Norton AntiVirus - Meinen Computer pr�fen - ingo.job
13.09.2005 10:37 366 Norton SystemWorks One Button Checkup.job
14.09.2005 20:32 6 SA.DAT
14.09.2005 19:54 346 Symantec NetDetect.job
5 Datei(en) 1.365 Bytes

Verzeichnis von C:\Dokumente und Einstellungen\ingo\Desktop


MfG mela
PS: geht es jetzt etwa noch weiter ?

also egal wie es auch immer ausgeht ob ich die vieren würmer und trojaner noch loswerde oder nicht, die einladung steht also sollte es dich mal nach berlin verschlagen warum auch immer geb bescheid

#37

Zitat

also egal wie es auch immer ausgeht ob ich die vieren würmer und trojaner noch loswerde oder nicht, die einladung steht also sollte es dich mal nach berlin verschlagen warum auch immer geb bescheid

na dann...es ist alles sauber, aber ich will es noch mal sehen, also poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#38 hallo sabina

hier mein neuer log :

Logfile of HijackThis v1.99.1
Scan saved at 13:46:14, on 16.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
D:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\ingo\Desktop\hijackthis\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.siiysrtvndhzpggsbyzzby.uk/8SmIDqImDdx9l4ER097L2XRSrMnKOfUCBxSNpdNHHHKVZf_yGqSEIFVv6rZp9XfZ.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/us/*http://www.yahoo.de
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/us/*http://www.yahoo.de
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CC8A9A92-A710-300A-FE8A-47B17B05BCC5} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [enc htm] C:\DOKUME~1\ingo\ANWEND~1\ADMINS~1\CreativeTool.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = D:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Mensch - http://download.games.yahoo.com/games/clients/y/mat3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E52441EB-7973-456D-B75F-92DDA510EA12}: NameServer = 195.247.247.195 62.27.27.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

MfG mela

#39 Hallo@melaberlin

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.siiysrtvndhzpggsbyzzby.uk/8SmIDqImDdx9l4ER097L2XRSrMnKOfUCBxSNpdNHHHKVZf_yGqSEIFVv6rZp9XfZ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/us/*http://www.yahoo.de
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/us/*http://www.yahoo.de
O4 - HKCU\..\Run: [enc htm] C:\DOKUME~1\ingo\ANWEND~1\ADMINS~1\CreativeTool.exe

PC neustarten

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken

poste das Log noch einmal
__________
MfG Sabina

rund um die PC-Sicherheit

#40 hallo sabina

weil es so schön war gleich noch mal

Logfile of HijackThis v1.99.1
Scan saved at 13:59:08, on 16.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
D:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\ingo\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CC8A9A92-A710-300A-FE8A-47B17B05BCC5} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [enc htm] C:\DOKUME~1\ingo\ANWEND~1\ADMINS~1\CreativeTool.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = D:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Mensch - http://download.games.yahoo.com/games/clients/y/mat3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E52441EB-7973-456D-B75F-92DDA510EA12}: NameServer = 195.247.247.195 62.27.27.62
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


Mfg mela

#41 Hallo@melaberlin

Fixe mit dem HijackThis:

O2 - BHO: (no name) - {CC8A9A92-A710-300A-FE8A-47B17B05BCC5} - (no file)
O4 - HKCU\..\Run: [enc htm] C:\DOKUME~1\ingo\ANWEND~1\ADMINS~1\CreativeTool.exe

neustarten

schau, ob das wirklich geloescht ist (im abgesicherten Modus -->F 8 druecken, wenn der PC hochfaehrt)

C:\Dokumente und Einstellungen\ingo\Anwendungsdaten\Admin Stupid Body
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\BoldPokeBagsStart
__________
MfG Sabina

rund um die PC-Sicherheit

#42 musste editieren.

Zitat

Sabina postete
Hallo@melaberlin

Fixe mit dem HijackThis:

O2 - BHO: (no name) - {CC8A9A92-A710-300A-FE8A-47B17B05BCC5} - (no file)
O4 - HKCU\..\Run: [enc htm] C:\DOKUME~1\ingo\ANWEND~1\ADMINS~1\CreativeTool.exe

neustarten

schau, ob das wirklich geloescht ist (im abgesicherten Modus -->F 8 druecken, wenn der PC hochfaehrt)

C:\Dokumente und Einstellungen\ingo\Anwendungsdaten\Admin Stupid Body
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\BoldPokeBagsStart

__________
MfG Sabina

rund um die PC-Sicherheit

#43 hehe ich auch bekommst den text noch mal zum schluss :o)

#44 nun ja, auf den ersten Blick war das Log o.k. wegen der Startseite, aber auf den zweiten Blick......
also alles noch mal von vorn....
__________
MfG Sabina

rund um die PC-Sicherheit

#45 hallo sabina

die beiden ordner waren und sind wirklich beide gelöscht habe noch mal nachgeschaut im normalen sowie im abgesicherten modus sind sie weg beim scannen habe ich die 2 dateien gefixt hier nochmal der erneute scan :

Logfile of HijackThis v1.99.1
Scan saved at 20:35:59, on 16.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\Brmfl04a\BrStDvPt.exe
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
D:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Dokumente und Einstellungen\ingo\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = D:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Mensch - http://download.games.yahoo.com/games/clients/y/mat3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


MfG mela