kein internet aufgrund "newdot~1.dll"Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
27.09.2005, 23:19
Member
Beiträge: 11 |
||
|
||
29.09.2005, 18:28
...neu hier
Beiträge: 2 |
#47
hallo, ich habe das gleiche problem.
habe nun alles gemacht wie gesagt wurde. bittet helft mir nun. Logfile of HijackThis v1.99.0 Scan saved at 18:11:16, on 29.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\AVPersonal\AVWUPSRV.EXE c:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\htpatch.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Dit.exe C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\PROGRA~1\ICQ\ICQNet.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\phonostar\ps_agent.exe C:\Programme\phonostar\ps_timer.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\AOL 9.0a\aoltray.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\DitExp.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Microsoft Office\Office\FINDFAST.EXE C:\Programme\Microsoft Office\Office\OSA.EXE C:\Programme\PrecisionTime\PrecisionTime.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\ZyAIR G-200\OdHost.exe C:\Programme\ZyAIR G-200\WLUSBCfg.exe C:\WINDOWS\system32\msiexec.exe C:\Dokumente und Einstellungen\Tobias\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/ R3 - Default URLSearchHook is missing O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll (file missing) O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll (file missing) O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll (file missing) O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Programme\Starware\bin\Starware.dll (file missing) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Programme\Starware\bin\Starware.dll (file missing) O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [websx] C:\Programme\websx\int159606.exe -auto O4 - HKLM\..\Run: [SExplorer] C:\Programme\SexExplorer\sexexplorer.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe O4 - Global Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Programme\PrecisionTime\PrecisionTime.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O4 - Global Startup: ZyAIR G-200 Wireless LAN Utility.lnk = C:\Programme\ZyAIR G-200\Startup.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU) O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_38.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/ O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106846579843 O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.download-url.de/install/StarInstall.ocx O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.stardialer.de/InstallationsAssistent.ocx O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: CA License Client - Computer Associates International Inc. - c:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server - Computer Associates International Inc. - c:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Event Log Watch - Computer Associates - c:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: McAfee.com Personal Firewall Service - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
||
29.09.2005, 18:34
Ehrenmitglied
Beiträge: 29434 |
#48
Hallo@ tobig
Falls ein Virenscanner die newdotnet6_38.dll (oder eine andere dll) schon gelöscht hat und keine Internetverbindung mehr zustande kommt, bringe WinsockFix auf den PC und wende das Tool an: WinsockFix http://www.tacktech.com/display.cfm?ttid=257 öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R3 - Default URLSearchHook is missing O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll (file missing) O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll (file missing) O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll (file missing) O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Programme\Starware\bin\Starware.dll (file missing) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Programme\Starware\bin\Starware.dll (file missing) O4 - HKLM\..\Run: [websx] C:\Programme\websx\int159606.exe -auto O4 - HKLM\..\Run: [SExplorer] C:\Programme\SexExplorer\sexexplorer.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - Global Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.download-url.de/install/StarInstall.ocx O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.stardialer.de/InstallationsAssistent.ocx O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll PC neustarten HijackThis (Uninstall Manager) *öffne HijackThis *click Config - Misc Tools - "Open Uninstall Manager" - "Save List" (generates uninstall_list.txt) *click - Save - *nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" alle 4 Logs abkopieren http://virus-protect.org/datfindbat.html HijackThis (StartupListe) Starte den Rechner bitte im abgesicherten Modus und erstelle dort ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lassen. *HijackThis - Config *List also minor sections (full) -- Häkchen setzen *List empty sections (complete) -- Häkchen setzen *HijackThis - Config - MiscTools -- Generate StartupListlog *(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten) danach beginnt die Reinigung __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.09.2005, 14:39
...neu hier
Beiträge: 2 |
#49
bis zum uninstall manager habe ich alles gemacht.
ich habe misc tools gedrückt und nach "open uninstall manager" gesucht. diesen buttan gibt es bei mir aber nicht also habe ich "unistall hijackthis & exit" gedrückt. war das ein fehler? den danach wurde kein log gerufen den ich hätte speichern können. |
|
|
||
30.09.2005, 18:33
Ehrenmitglied
Beiträge: 29434 |
#50
installiere das HijackThis neu, denn du hast es geloescht.....
ich sage dir heute Abend, wie es weiter geht...jetzt nicht (keine Zeit) Vielleicht schaffst du es bis dahin, click Config - Misc Tools - "Open Uninstall Manager" - "Save List" zu finden. Gruss Sabina __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.09.2005, 20:49
Ehrenmitglied
Beiträge: 29434 |
#51
Hallo@ tobig
LSPfix.exe http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"-->Remove und loesche die newdotnet6_38.dll (eventuell musst du die dll von links nach rechts bringen) ist die dll nicht vorhanden: WinsockFix http://www.tacktech.com/display.cfm?ttid=257 fixe mit dem HijackThis, was ich oben gwschrieben habe und starte den PC neu deinstallieren: New.net MyWay\myBar quickbar Starware P2P Networking Kazaa Date Manager Web Offer (im abgesicherten modus, dazu drueckst du F8, wenn der PC hochfaehrt und meldest dich als Administrator an) loeschen C:\Programme\websx C:\Programme\Kazaa C:\WINDOWS\System32\P2P Networking c:\program files\altnet\ C:\Programme\Gemeinsame Dateien\CMEII C:\Programme\Date Manager C:\PROGRA~1\Web Offer C:\Programme\Gemeinsame Dateien\GMT C:\WINDOWS\system32\lmf32v.dll scane mit ewido und poste den scanreport http://virus-protect.org/ewido.html scanne mit escan und erstelle den Scanreport http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.10.2005, 23:45
Member
Beiträge: 12 |
#52
Hallo zusammen,
seit gestern ich mein Rechner auch befallen. Ich habe auch schon einiges ausprobiert aber komme nicht so wirklich weiter. Bin auch nicht so fit in diesem Bereich. Vielleicht kann mir hier jemand weiterhelfen. Logfile of HijackThis v1.99.1 Scan saved at 22:54:54, on 15.10.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\McAfee\McAfee Firewall\CPD.EXE C:\Programme\McAfee\McAfee Firewall\CPD.EXE C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Programme\FRITZ!DSL\Awatch.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\ctfmon.exe C:\Dokumente und Einstellungen\Marco Hampel\Eigene Dateien\Viren Scan\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westline.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.com/b1redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.ath.cx/x_sidesearch/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1&1 Internet AG R3 - URLSearchHook: stoolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing) O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ToolHelper - {AAAE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: stoolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Name of App] C:\Programme\Samsung\FW LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Sin Espias] C:\Programme\SinEspias\No-Spy.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [McAfee Guardian] "C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing) O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.com/b1redirect O16 - DPF: {00000000-DCCD-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe O16 - DPF: {4C26E1A7-5C92-4D48-A098-921005ED55C5} - ms-its:mhtml:file://c:\nosuxyz.mht!http://213.158.119.18/auto/stoolbar.chm::/stoolbar.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/011044a54099d746a120/netzip/RdxIE601_de.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.power-url.de/StarInstall.ocx O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5672987D-F75E-4E74-9473-A425FCC83209}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C5F2E3-29A1-48C8-9858-9E980C1F0B1D}: NameServer = 217.237.151.225 217.237.150.225 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: McAfee Firewall - Unknown owner - C:\Programme\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
|
||
15.10.2005, 23:58
Ehrenmitglied
Beiträge: 29434 |
#53
Hallo@peppinoweb
wenn man im Windows Explorer in den Windows-Ordner schaut, dann findet man darin die Ordner Downloaded Program Files und Downloaded Installations. kopiere bitte hier , was du dort findest . öffne das HijackThis-- Button "scan" -- Häkchen setzen -- Button "Fix checked" -- PC neustarten R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.ath.cx/x_sidesearch/ R3 - URLSearchHook: stoolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing) O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll (file missing) O2 - BHO: ToolHelper - {AAAE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: stoolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing) O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O16 - DPF: {00000000-DCCD-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe O16 - DPF: {4C26E1A7-5C92-4D48-A098-921005ED55C5} - ms-its:mhtml:file://c:\nosuxyz.mht!http://213.158.119.18/auto/stoolbar.chm::/stoolbar.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.power-url.de/StarInstall.ocx O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab PC neustarten deinstallieren: New.net ,stoolbar CCleaner -- loesche alle *temp-Datein http://virus-protect.org/temp.html Ewido (scannen)-->poste den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.10.2005, 12:08
Member
Beiträge: 12 |
#54
Hallo,
das habe ich dort gefunden: Downloaded Program Files: {9BFAD254-E7B8-42FC-B34D-DEDAB4C0D17D} {825D4AA5-DED8-4F99-8F3E-98ABEA13A3B0} Powertoys For Windows XP {04B60750-B794-11D7-9210-003054004C01} Downloaded Installations: {00000000-DCCD-0704-0B53-2C8830E9FAEC} {11111111-1111-1111-1111-111111111123} {4C26E1A7-5C92-4D48-A098-921005ED55C5} {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} HouseCall-Button.setup HouseCall-Kontrol Java Runtime Environment 1.3.3_06 Java Runtime Environment 1.4.2 Java Runtime Environment 1.4.2 RdxIE Class Shockwave Flash Object Update Class Scanreport: --------------------------------------------------------- ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 12:03:59, 16.10.2005 + Report-Checksumme: 2CB117A2 + Scanergebnis: HKLM\SOFTWARE\Classes\.b3dini -> Spyware.BrilliantDigital : Gesäubert mit Backup HKLM\SOFTWARE\Classes\.s3d -> Spyware.BrilliantDigital : Gesäubert mit Backup HKLM\SOFTWARE\Classes\CLSID\{00000000-CDDC-0704-0B53-2C8830E9FAEC} -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Classes\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6} -> Spyware.BrilliantDigital : Gesäubert mit Backup HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE} -> Spyware.NetworkEssentials : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\TypeLib\\ -> Spyware.NetworkEssentials : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{B0CE21C5-6A79-45B7-AB9C-0008E75F2DBF} -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{B0CE21C5-6A79-45B7-AB9C-0008E75F2DBF}\TypeLib\\ -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{CD6B926C-903F-46A4-9C7D-F3839F081788} -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{CD6B926C-903F-46A4-9C7D-F3839F081788}\TypeLib\\ -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{FACCC49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Gesäubert mit Backup HKLM\SOFTWARE\Classes\MP.MediaPops -> Spyware.NetworkEssentials : Gesäubert mit Backup HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Spyware.NetworkEssentials : Gesäubert mit Backup HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID\\ -> Spyware.Medialoads : Gesäubert mit Backup HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Spyware.NetworkEssentials : Gesäubert mit Backup HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Spyware.NetworkEssentials : Gesäubert mit Backup HKLM\SOFTWARE\Classes\MP.MediaPops.1\CLSID\\ -> Spyware.Medialoads : Gesäubert mit Backup HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Gesäubert mit Backup HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID\\ -> Spyware.NewDotNet : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID\\ -> Spyware.NewDotNet : Gesäubert mit Backup HKLM\SOFTWARE\Classes\ToolBand.ToolHelper\CLSID\\ -> Spyware.CoolWebSearch : Gesäubert mit Backup HKLM\SOFTWARE\Classes\ToolBand.ToolHelper.1\CLSID\\ -> Spyware.CoolWebSearch : Gesäubert mit Backup HKLM\SOFTWARE\Classes\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1} -> Spyware.NetworkEssentials : Gesäubert mit Backup HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Gesäubert mit Backup HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Gesäubert mit Backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StarInstall.ocx\\.Owner -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StarInstall.ocx\\{E0B795B4-FD95-4ABD-A375-27962EFCE8CF} -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/EPlugin.ocx\\.Owner -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/EPlugin.ocx\\{F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Spyware.Delfin : Gesäubert mit Backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Gesäubert mit Backup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup HKU\S-1-5-21-343818398-839522115-1343024091-1003\Software\DelFin -> Spyware.Delfin : Gesäubert mit Backup HKU\S-1-5-21-343818398-839522115-1343024091-1003\Software\DelFin\PromulGate -> Spyware.Delfin : Gesäubert mit Backup HKU\S-1-5-21-343818398-839522115-1343024091-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Fehler beim Säubern C:\Programme\cbild\Warn0190.ex_ -> Heuristic.Win32.Dialer : Gesäubert mit Backup C:\Programme\MediaLoads Enhanced\ME1.DLL -> Spyware.MediaPops : Gesäubert mit Backup C:\Programme\MediaLoads Enhanced\install.exe -> Spyware.Downloadware : Gesäubert mit Backup C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\WINDOWS\EPlugin.ocx -> Dialer.Generic : Gesäubert mit Backup C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031471.ex_ -> Heuristic.Win32.Dialer : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031472.exe -> Spyware.Downloadware : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031473.DLL -> Spyware.MediaPops : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031474.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031475.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031476.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031477.ocx -> Dialer.Generic : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031478.exe -> Spyware.NewDotNet : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031479.exe -> Spyware.NewDotNet : Gesäubert mit Backup ::Report Ende |
|
|
||
16.10.2005, 13:31
Ehrenmitglied
Beiträge: 29434 |
#55
Downloaded Installations:
loeschen: {00000000-DCCD-0704-0B53-2C8830E9FAEC} {11111111-1111-1111-1111-111111111123} {4C26E1A7-5C92-4D48-A098-921005ED55C5} {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} --> ist wahrscheinlich schon geloescht {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} counterspy (lade, scanne und poste den scanreport) http://virus-protect.org/counterspy.html dann poste das neue Log vom HijackTHIS __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.10.2005, 13:48
Member
Beiträge: 12 |
||
|
||
16.10.2005, 13:53
Ehrenmitglied
Beiträge: 29434 |
||
|
||
16.10.2005, 14:28
Member
Beiträge: 12 |
#58
Spyware Scan Details
Start Date: 16.10.2005 13:53:13 End Date: 16.10.2005 14:21:35 Total Time: 28 mins 22 secs Detected spyware BearShare P2P more information... Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs. Status: Ignored Infected files detected c:\programme\bearshare\bearshare.exe c:\programme\bearshare\bsidle.dll c:\programme\bearshare\runmsc.dll c:\programme\bearshare\webstats.bat c:\programme\bearshare\webstats.exe c:\programme\bearshare\webstats.ini c:\programme\bearshare\history.txt c:\programme\bearshare\install.log c:\programme\bearshare\bearshare.dat c:\programme\bearshare\freepeers.ini c:\programme\bearshare\unwise.exe c:\programme\bearshare\unwise.ini c:\programme\bearshare\sounds\notify.wav c:\programme\bearshare\installer\bsinstallde.exe c:\programme\bearshare\db\hbcache.dat c:\programme\bearshare\db\gnucache.dat c:\programme\bearshare\db\connect.txt c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\hostiles.txt c:\programme\bearshare\db\library.dat c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt Infected registry entries detected HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare HKEY_LOCAL_MACHINE\software\classes\gnufile HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8 HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536 HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 4.6.1.2DE HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare IEPlugin Spyware more information... Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword. Status: Deleted Infected files detected c:\programme\se\data\app.dat c:\programme\se\data\bm.dat NetworkEssentials Browser Plug-in more information... Details: Network Essentials is an IE Browser Helper Object which monitors URLs being viewed in the web browser. Status: Quarantined AntiLeech Plugin Adware more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Quarantined Infected files detected c:\programme\anti-leech\alnn\npalnn.dll c:\programme\anti-leech\alnn\al2np.dll c:\programme\anti-leech\alnn\setup2.exe c:\programme\anti-leech\alnn\alhlp.exe C:\Programme\Mozilla Firefox\plugins\npalnn.dll C:\Programme\Mozilla Firefox\plugins\al2np.dll C:\Programme\Mozilla Firefox\plugins\alhlp.exe Infected registry entries detected HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0 C:\Programme\Mozilla Firefox\Plugins HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\Suffixes HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Path C:\Programme\Anti-Leech\ALNN\npalnn.dll HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Description Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Version 1.0.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Vendor Anti-Leech HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 ProductName Anti-Leech Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u PriceBandit Low Risk Adware more information... Details: It is an adware program that creates advertisments on your PC. Status: Ignored Delfin Media Viewer 2.11 Adware more information... Details: DelFin Media Viewer 2.11 is a program which creates advertisement on user's PC. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer Changed 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer Cydoor Adware more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Quarantined Infected files detected c:\windows\system32\cd_clint.dll WhenU.SaveNow Adware more information... Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior. Status: Quarantined Infected files detected C:\Programme\BearShare\RunMSC.dll C:\Programme\BearShare\Webstats.exe C:\Programme\BearShare\Webstats.ini Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1 SearchExe Hijacker Adware more information... Details: SearchExe changes the Internet Explorer SearchUrl to search-exe.com and displays ads on your desktop using popups. Status: Deleted Infected files detected C:\Programme\se\Data\app.dat C:\Programme\se\Data\bm.dat NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Quarantined Infected files detected C:\WINDOWS\NDNuninstall4_94.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033320.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033321.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033323.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033324.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033325.exe Infected registry entries detected HKEY_CLASSES_ROOT\tldctl2.urllink.1 HKEY_CLASSES_ROOT\tldctl2.urllink.1 URLLink Class HKEY_CLASSES_ROOT\tldctl2.urllink HKEY_CLASSES_ROOT\tldctl2.urllink\CurVer Tldctl2.URLLink.1 HKEY_CLASSES_ROOT\tldctl2.urllink URLLink Class HKEY_LOCAL_MACHINE\software\classes\tldctl2.urllink\clsid HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1 HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag HKEY_LOCAL_MACHINE\SOFTWARE\New.net InstalledVersion 393254 HKEY_LOCAL_MACHINE\software\new.net HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 393254 HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet6_38.dll HKEY_LOCAL_MACHINE\software\new.net Tag id=9dd38d1b6984185722da27efe72e5e08 HKEY_LOCAL_MACHINE\software\new.net DiscardTag HKEY_LOCAL_MACHINE\software\new.net FirstTime HKEY_LOCAL_MACHINE\software\new.net Source kazaa_336 HKEY_LOCAL_MACHINE\software\new.net Prt NN100 HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29738217 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1926096592 HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2 HKEY_LOCAL_MACHINE\software\new.net Search 1 HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 393254 HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet6_38.dll HKEY_LOCAL_MACHINE\software\new.net Tag id=9dd38d1b6984185722da27efe72e5e08 HKEY_LOCAL_MACHINE\software\new.net DiscardTag HKEY_LOCAL_MACHINE\software\new.net FirstTime HKEY_LOCAL_MACHINE\software\new.net Source kazaa_336 HKEY_LOCAL_MACHINE\software\new.net Prt NN100 HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29738217 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1926096592 HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2 HKEY_LOCAL_MACHINE\software\new.net Search 1 HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag Adw.Anquiro.Toolbar Adware more information... Details: Anquiro is an Adware Toolbar which changes the IE homepage and adds a Toolbar. Status: Quarantined Infected files detected C:\WINDOWS\Downloaded Program Files\nav.bmp C:\WINDOWS\Downloaded Program Files\tbu2CF\nav.bmp C:\WINDOWS\Downloaded Program Files\tbu2C9\nav.bmp DownloadWare MediaLoads Browser Plug-in more information... Details: DownloadWare MediaLoads, a Downloadware variant will connect to its servers, which can direct it to download and install software from advertisers. Status: Quarantined Infected files detected C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033318.DLL C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033319.exe PornDialer.EPlugin Dialer more information... Details: PornDialer.IO is an ActiveX component, to download dialer programs. The dialer program may be used to access premium-rate services. Status: Quarantined Infected files detected C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033322.ocx EverAd Trojan Adware more information... Status: Quarantined Infected registry entries detected HKEY_CURRENT_USER\software\everad HKEY_CURRENT_USER\software\everad\PlayJ Player Base Priority 32 HKEY_CURRENT_USER\software\everad\PlayJ Player String1 0 HKEY_CURRENT_USER\software\everad\PlayJ Player String2 1 HKEY_CURRENT_USER\software\everad\PlayJ Player Preset -1 HKEY_CURRENT_USER\software\everad\PlayJ Player Equalizer On 0 HKEY_CURRENT_USER\software\everad\PlayJ Player Last EQ Values HKEY_CURRENT_USER\software\everad\PlayJ Player Loop 1 HKEY_CURRENT_USER\software\everad\PlayJ Player Shuffle 0 HKEY_CURRENT_USER\software\everad\PlayJ Player Volume HKEY_CURRENT_USER\software\everad\PlayJ Player Balance HKEY_CURRENT_USER\software\everad\PlayJ Player StayBig 0 HKEY_CURRENT_USER\software\everad\PlayJ Player MainTop 315 HKEY_CURRENT_USER\software\everad\PlayJ Player MainLeft 392 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListTop 548 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListLeft 86 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListHeight 138 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListWidth 241 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListSticky 4 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListStickyTo 0 HKEY_CURRENT_USER\software\everad\PlayJ Player EQTop 453 HKEY_CURRENT_USER\software\everad\PlayJ Player EQLeft 392 HKEY_CURRENT_USER\software\everad\PlayJ Player EQSticky 3 HKEY_CURRENT_USER\software\everad\PlayJ Player EQStickyTo 1 HKEY_CURRENT_USER\software\everad\PlayJ Player ShowEqualizer 1 WhenU.WeatherCast Low Risk Adware more information... Details: a local weather information program that sits in the desktop tray and offers current weather data, forecasts, and other weather information. Weathercast is often bundled with the Save advertising program and/or the WhenUSearch desktop toolbar. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VVSN C:\Programme\VVSN\VVSN.exe DownloadWare Adware more information... Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\software\mlh HKEY_LOCAL_MACHINE\software\mlh\dating RunCount 1 HKEY_LOCAL_MACHINE\software\mlh Guid 6A21071796F249A9BB93E8636E115289 HKEY_LOCAL_MACHINE\software\mlh Version 9 HKEY_LOCAL_MACHINE\software\mlh InstallTime 1049823751 HKEY_LOCAL_MACHINE\software\mlh Country -- HKEY_LOCAL_MACHINE\software\mlh PrevTime 1020042767 HKEY_LOCAL_MACHINE\software\mlh PrevApp 2 HKEY_CURRENT_USER\software\medialoads HKEY_CURRENT_USER\software\medialoads\Enhanced\Params paramversion 1 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params poprate 7200 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params popdelay 30 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params updateinterval 345600 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params retryrate 86400 HKEY_CURRENT_USER\software\medialoads\Enhanced Guid 5C2AE80FFC874036B4752560D30C4F8D HKEY_CURRENT_USER\software\medialoads\Enhanced Version 2 HKEY_CURRENT_USER\software\medialoads\Enhanced Register 0 HKEY_CURRENT_USER\software\medialoads\Enhanced PrevTime 1104768900 HKEY_CURRENT_USER\software\medialoads\Enhanced Cookie RF*TR_RF_SPMEDIAPOP|SU*#145:1104615370:1104615370:1104615370|PU*#145-1:1104615370:1104615370:1104615370|LU*#145-1-46:1104615370:1104615370:1104615370|AT*A:21189:2:1101750477_A:16471:10:1104615370_A:21 Logfile of HijackThis v1.99.1 Scan saved at 14:27:10, on 16.10.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\McAfee\McAfee Firewall\CPD.EXE C:\Programme\McAfee\McAfee Firewall\CPD.EXE C:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Programme\FRITZ!DSL\Awatch.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\ewido\security suite\ewidoguard.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe C:\Programme\Sitecom\Bluetooth Software\BTTray.exe C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe C:\Dokumente und Einstellungen\Marco Hampel\Eigene Dateien\Viren Scan\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westline.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.com/b1redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1&1 Internet AG O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Name of App] C:\Programme\Samsung\FW LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Sin Espias] C:\Programme\SinEspias\No-Spy.exe /autorun O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [McAfee Guardian] "C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing) O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_38.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.com/b1redirect O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/011044a54099d746a120/netzip/RdxIE601_de.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{5672987D-F75E-4E74-9473-A425FCC83209}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C5F2E3-29A1-48C8-9858-9E980C1F0B1D}: NameServer = 217.237.151.225 217.237.150.225 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: McAfee Firewall - Unknown owner - C:\Programme\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
|
||
16.10.2005, 15:20
Ehrenmitglied
Beiträge: 29434 |
#59
deinstalliere:
PlayJ Player medialoads C:\Programme\se<--loeschen TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner dann berichte, wie es laeuft __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.10.2005, 20:54
Member
Beiträge: 12 |
#60
Hallo,
die Programme finde ich nicht. C:\Programme\se gibt es bei mir auch nicht. TuneUp 2006 führe ich jetzt mal aus. Was muss ich dann machen? |
|
|
||
danke danke danke sabina!