Home » Spyware & Browser Hijacker Support Forum » NewDotNet/NewDotNet.dll /A.7.Virus - keine Internetverbindung mehr ? » Themenansicht
NewDotNet/NewDotNet.dll /A.7.Virus - keine Internetverbindung mehr ?Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
03.04.2006, 18:50
Ehrenmitglied
Themenstarter  Beiträge: 29434 |
||
 
|
|
|
|
18.07.2006, 18:28
...neu hier
Beiträge: 2 |
#107
Hallo.
Ich hab mir auch den Mist mit dem Newdot eingefangen und hab jetzt kein Netz mehr. Ich benutze gerade den PC meiner Eltern und eine Freundin gab mir den Link zu deiner Anleitung. Ich hab alles befolgt und eigentlich ging alles ganz gut nur wurden mir kaum die beschriebenen Hijackthis Files angezeigt, nur wenige davon. Ich dachte mir die wurden dann halt vorher schon gelöscht aber nach Abschließen des "Prozesses" ging mein Netz trotzdem nicht. Gibts was was ich falsch gemacht haben könnte oder was ich noch machen kann? Danke schonmal, Leroy |
|
|
|
|
|
|
18.07.2006, 19:34
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#108
Leroy
bringe auf den rechner (per Diskette oder USB-Stick) WinsockFix und wende es an http://www.winsockfix.nl/ dann poste das Log vom HijackThis hier __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
18.07.2006, 22:09
...neu hier
Beiträge: 2 |
#109
Kay ich hoffe das hilft danke schonmal fürs durchguggen:
Logfile of HijackThis v1.99.1 Scan saved at 22:05:50, on 18.07.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\Winamp\winampa.exe C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Programme\T-DSL SpeedManager\SpeedMgr.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Dokumente und Einstellungen\leroy\Eigene Dateien\ICQ Lite\303621984\Julie_207128160\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:1080 F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {17A86DA3-EE15-4AA9-6853-359AACBB5E67} - (no file) O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll O2 - BHO: (no name) - {34871F22-7669-E6CE-11C0-EC26AE5EF9D8} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {63D1F4D2-F08F-A71D-F809-9394FEC6AF69} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: RegFreeze.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programme\GetRight\getright.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Programme\RegFreeze\rfsearchhandler.dll O9 - Extra 'Tools' menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Programme\RegFreeze\rfsearchhandler.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {1379A235-0769-4F0F-BEFB-B657B4683D82} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {1379A235-0769-4F0F-BEFB-B657B4683D82} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.sp2admin.biz O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe Mfg, Leroy |
|
|
|
|
|
|
18.07.2006, 22:52
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#110
Leroy
1. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) RegFreeze in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. 4. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
18.09.2006, 18:10
...neu hier
Beiträge: 2 |
#111
Hallo
Habe auch das Problem mit dem Newdot zeugs. Das Internet funktioniert noch einfach ein bisschen langsamer als normalerweise. MSN funktioniert nicht mehr und in den Arbeitsplatz komme ich nicht mehr rein. Wenn ich den Arbeitsplatz anklicke sucht und sucht er findet aber nichts. Hier noch die Logfile aud dem Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 18:09:51, on 18.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Logitech\ImageStudio\LogiTray.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Gemeinsame Dateien\{F0EBAE60-0BC6-1031-0825-030306260029}\Update.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LVComS.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Logitech\ImageStudio\LowLight.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Windows Media Player\wmplayer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Andreas\Desktop\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab O20 - Winlogon Notify: Zelda - C:\WINDOWS\system32\llmmm24.dll O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe Danke im voruas Gruss |
|
|
|
|
|
|
18.09.2006, 23:45
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#112
evidence
1. poste das log http://virus-protect.org/artikel/tools/combofix.html 2. poste das log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei 3. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 4. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.09.2006, 17:07
...neu hier
Beiträge: 2 |
||
|
|
|
|
|
21.09.2006, 16:09
Member
Beiträge: 12 |
#114
hallo erstmals, bin ein ziemlicher laie auf dem gebiet, aber ich habe mir so gut wie lales was ichzu meinem problem finden können durchgelesen...
Ich hab die selbe fehlermeldung wie so viele zuvor beim starten meines pc's... laden von modul...newdot~2.dll nicht mögllich ich hab mir gleich hijackthis downgeloadet und dann noch mein logfile bei www.hijackthis.de analysieren lassen...(zur sicherheit hab ich mir auch winsockXPfix downgeloadet falls probleme mit meinem internet auftretten sollten) mein hijackthis log file: gelb markiert sind einträge die mir als eventuell böse oder unnötig (toolbar)angezeigt wurden, rot die bösen, anscheinend hab ich nicht nur ein problem Logfile of HijackThis v1.99.1 Scan saved at 15:53:29, on 21.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\Programme\Opera7\Opera.exe C:\Dokumente und Einstellungen\dorninger\Eigene Dateien\ProcessExplorerNt\procexp.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\dorninger\Eigene Dateien\Programme\hijack\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chello.at/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://subscriber.chello.at/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von UTA Telekom AG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: (no name) - {E915E62E-41DA-40D0-8106-3438B4D24394} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cgtask Services] C:\WINDOWS\System32\cgtask.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup O4 - HKCU\..\Run: [winshost.exe] C:\WINDOWS\system32\winshost.exe O4 - HKCU\..\Run: [SSK Service] C:\WINDOWS\winssk32.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\OFFICE~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/ wuweb_site.cab?1141894726437 O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) -------------- so, was hab ich jetzt zu tun um newdot und die anderen bösartigen datein zu entfernen? edit: da den ewido bericht dazu, er hat einiges gefunden und ichhab alles gelöscht --------------------------------------------------------- ewido anti-spyware - Scan-Bericht --------------------------------------------------------- + Erstellt um: 20:09:54 21.09.2006 + Scan-Ergebnis: C:\WINDOWS\system32\bdefdi.dll -> Adware.Altnet : Gesäubert. C:\WINDOWS\system32\bdeinsta25.dll -> Adware.Altnet : Gesäubert. C:\WINDOWS\system32\bdeinstallman3.exe -> Adware.Altnet : Gesäubert. HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : Gesäubert. HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : Gesäubert. HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : Gesäubert. HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : Gesäubert. C:\WINDOWS\BDE -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\BDEengine3.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\BDEplayer3.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\BDEwrapper3.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\b3d.b3d -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\b3dstats.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\bdeclean.exe -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\bdedetect1.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\installb3d3200.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\installb3dcodecs.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\installb3dplayer3200.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\installb3drasts.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\installb3dviewer2.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\playb3d3201.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Cache\syscheckb3dplayer.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Movies -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Movies\casino2 -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Movies\casino2\casino2.b3d -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Movies\casino3 -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\Movies\casino3\casino3.b3d -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\b3dlogo -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\b3dlogo\b3d.b3d -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\b3dsetup.exe -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\bdeclean.exe -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\bdedetect1.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\bdeimage.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\mskin -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\mskin\config3.ini -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\mskin\mskin.bmp -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\BDE\setup.cab -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\system32\BDESac10.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\system32\BDESac24.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\system32\BDErastDX3.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\system32\bdedownloader.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\system32\bdeload.dll -> Adware.BrilliantDigital : Gesäubert. C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Gesäubert. C:\WINDOWS\system32\AdCache\Thumbs.db -> Adware.Cydoor : Gesäubert. C:\WINDOWS\system32\cd_clint.dll -> Adware.Cydoor : Gesäubert. C:\WINDOWS\system32\cd_htm.dll -> Adware.Cydoor : Gesäubert. HKLM\SOFTWARE\Cydoor -> Adware.Cydoor : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Cydoor -> Adware.Cydoor : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Cydoor Services -> Adware.Cydoor : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Cydoor Services\Queue -> Adware.Cydoor : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Cydoor\Adwr_291 -> Adware.Cydoor : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Cydoor\Adwr_291\Loct_0 -> Adware.Cydoor : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Cydoor\Adwr_291\Loct_1 -> Adware.Cydoor : Gesäubert. HKLM\SOFTWARE\DelFin -> Adware.Delfin : Gesäubert. HKLM\SOFTWARE\DelFin\PromulGate -> Adware.Delfin : Gesäubert. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Adware.Delfin : Gesäubert. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Adware.Downloadware : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Httper -> Adware.Httper : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Httper\Settings -> Adware.Httper : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Updater -> Adware.KeenValue : Gesäubert. HKLM\SOFTWARE\Classes\MP.MediaPops -> Adware.NetworkEssentials : Gesäubert. HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Adware.NetworkEssentials : Gesäubert. HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Adware.NetworkEssentials : Gesäubert. HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Adware.NetworkEssentials : Gesäubert. C:\WINDOWS\NDNuninstall4_88.exe -> Adware.NewDotNet : Gesäubert. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\New.net Startup -> Adware.NewDotNet : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Microsoft\Windows\ CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\SafeSearch -> Adware.SafeSearch : Gesäubert. HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Gesäubert. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Gesäubert. C:\WINDOWS\whAgent.inf -> Adware.Webhancer : Gesäubert. C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Gesäubert. C:\WINDOWS\whInstaller.ini -> Adware.Webhancer : Gesäubert. C:\WINDOWS\Hot_Kiss.exe -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\Classes\dctl -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\Classes\dctl\shell -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\Classes\dctl\shell\open -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\Classes\dctl\shell\open\command -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\Classes\dctl\shell\open\ddeexec -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\Classes\dctl\shell\open\ddeexec\Application -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\Classes\dctl\shell\open\ddeexec\Topic -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\Comsoft -> Dialer.Generic : Gesäubert. HKLM\SOFTWARE\MainPean Highspeed -> Dialer.Generic : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Comsoft -> Dialer.Generic : Gesäubert. HKU\S-1-5-21-1567011825-3000887322-1647371527-1005\Software\Siteicons -> Dialer.Generic : Gesäubert. C:\Dokumente und Einstellungen\dorninger\Cookies\dorninger@2o7[2].txt -> TrackingCookie.2o7 : Gesäubert. C:\Dokumente und Einstellungen\dorninger\Cookies\dorninger@adbrite[2].txt -> TrackingCookie.Adbrite : Gesäubert. ::Berichtende Dieser Beitrag wurde am 21.09.2006 um 20:11 Uhr von Mfjd editiert.
|
|
|
|
|
|
|
22.09.2006, 01:10
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#115
Mfjd
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.09.2006, 17:31
Member
Beiträge: 12 |
#116
ich hab gesten noch ewido scanen lassen, die viren wurden angezeigt, mit ewide gelöscht und dann noch mit hikackthis die sachen gefixt, dann cleanup mit sden richtigen einstellungen rennen lassen, es scheint alles okay zu sein, systemleistung hjat sich danach extrem verschnellert, aber jetzt kommts mir vor das es wieder langsamer wäre, nur das hijacklog ist laut www.hijackthis.de okay
also die probkleme scheinen gelöst zu sein, aber trotzdem danke |
|
|
|
|
|
|
03.10.2006, 10:35
...neu hier
Beiträge: 2 |
#117
hallo, habe ebenfalls ein problem mit newdotnet. dsl läuft wieder. Allerdings taucht newdotnet immernoch beim scannen per spybot auf. hier mal der loglile von hijack:
Logfile of HijackThis v1.99.1 Scan saved at 10:17:32, on 03.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Apoint2K\Apoint.exe C:\Programme\TOSHIBA\E-KEY\CeEKey.exe C:\Programme\TOSHIBA\TouchPad\TPTray.exe C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\Winamp\winampa.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Apoint2K\Apntex.exe C:\Programme\Hardcopy\hardcopy.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\stahlhut\Desktop\hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programme\Accoona\ASearchAssist.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CPCAutoFileRegistrar] C:\WINDOWS\system32\mcpcreg.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - {ED55B148-547A-4658-BA20-212A8D5DD93E} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe |
|
|
|
|
|
|
03.10.2006, 10:40
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#118
chirikki
öffne das HijackThis -- Button "scan" -- vor diesen Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programme\Accoona\ASearchAssist.dll (file missing)PC neustarten ** scane, stelle dann alles auf remove und kopiere hier den scanreport http://virus-protect.org/counterspy.html ** auf dem Rechner ist/war ein Haxdoor-Backdoor + Rootkit. poste dieses log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.10.2006, 11:36
...neu hier
Beiträge: 2 |
#119
so hier der report des scans:
Spyware Scan Details Start Date: 03.10.2006 11:02:44 End Date: 03.10.2006 11:30:22 Total Time: 27 mins 38 secs Detected spyware Accoona.Toolbar Toolbar more information... Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs. Status: Deleted Infected files detected c:\programme\accoona\tbquiesce.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Accoona HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Search Assistant Tracking ID &utm_id=400010&utm_content=assist&utm_source=efc&utm_medium=bund&utm_campaign=efc0605 HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Search Assistant URL http://www.accoona.com/search.jsp? HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant CommServer URL http://www.accoona.com/soap HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Content Type text/xml HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Package ID 400010 HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Soap Action URL http://www.accoona.com/soap HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Updates Rate 1 HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant XMLNS http://search.accoona.com HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Update Stamp HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant XMLNS http://search.accoona.com HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Updates Rate 1 HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Soap Action URL http://www.accoona.com/soap HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Search Assistant URL http://www.accoona.com/search.jsp? HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant Content Type text/xml HKEY_LOCAL_MACHINE\SOFTWARE\Accoona\Search Assistant CommServer URL http://www.accoona.com/soap HKEY_CLASSES_ROOT\ABar.ABarBand HKEY_CLASSES_ROOT\ABar.ABarBand\CLSID @ {364B6276-C6C1-40B6-A6D7-6C48871FD707} HKEY_CLASSES_ROOT\ABar.ABarBand\CurVer @ ABar.ABarBand.1 HKEY_CLASSES_ROOT\ABar.ABarBand @ ABarBand HKEY_CLASSES_ROOT\ABar.ABarBand.1 HKEY_CLASSES_ROOT\ABar.ABarBand.1\CLSID @ {364B6276-C6C1-40B6-A6D7-6C48871FD707} HKEY_CLASSES_ROOT\ABar.ABarBand.1 @ ABarBand HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CurVer ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch ADefaultSearch Class HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class HKEY_CLASSES_ROOT\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} HKEY_CLASSES_ROOT\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\InprocServer32 @ C:\Programme\Accoona\atoolbar.dll HKEY_CLASSES_ROOT\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\ProgID @ ABar.ABarBand.1 HKEY_CLASSES_ROOT\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\TypeLib @ {21F022C8-C045-4555-8A90-651E6A3DC6C6} HKEY_CLASSES_ROOT\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}\VersionIndependentProgID @ ABar.ABarBand HKEY_CLASSES_ROOT\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} @ Accoona HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} IADefaultSearch HKEY_CLASSES_ROOT\Interface\{7ED983C3-FAAC-400C-BBD4-F519D74FF188} HKEY_CLASSES_ROOT\Interface\{7ED983C3-FAAC-400C-BBD4-F519D74FF188}\ProxyStubClsid @ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7ED983C3-FAAC-400C-BBD4-F519D74FF188}\ProxyStubClsid32 @ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7ED983C3-FAAC-400C-BBD4-F519D74FF188}\TypeLib @ {21F022C8-C045-4555-8A90-651E6A3DC6C6} HKEY_CLASSES_ROOT\Interface\{7ED983C3-FAAC-400C-BBD4-F519D74FF188}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{7ED983C3-FAAC-400C-BBD4-F519D74FF188} @ IABarBand HKEY_CLASSES_ROOT\TypeLib\{21F022C8-C045-4555-8A90-651E6A3DC6C6} HKEY_CLASSES_ROOT\TypeLib\{21F022C8-C045-4555-8A90-651E6A3DC6C6}\1.0\0\win32 @ C:\Programme\Accoona\atoolbar.dll HKEY_CLASSES_ROOT\TypeLib\{21F022C8-C045-4555-8A90-651E6A3DC6C6}\1.0\FLAGS @ 0 HKEY_CLASSES_ROOT\TypeLib\{21F022C8-C045-4555-8A90-651E6A3DC6C6}\1.0\HELPDIR @ C:\Programme\Accoona\ HKEY_CLASSES_ROOT\TypeLib\{21F022C8-C045-4555-8A90-651E6A3DC6C6}\1.0 @ Accoona Toolbar 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\0\win32 C:\Programme\Accoona\ASearchAssist.dll HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\HELPDIR C:\Programme\Accoona\ HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0 ASearchAssist 1.0 Type Library NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Deleted Infected files detected c:\windows\ndnuninstall6_38.exe c:\windows\ndnuninstall7_14.exe C:\WINDOWS\NDNuninstall6_98.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net Changed 0 KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 0 HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 0 HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\Software\Kazaa\DontShow SetDefaultHandler 1 HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoreAll 0 HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoredUsers HKEY_CURRENT_USER\Software\Kazaa\k-lite InstallSig 10 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 0 302 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 1 72 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 2 108 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 3 80 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 4 143 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 5 60 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 6 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 7 76 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 8 180 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 9 100 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 10 60 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ApplicationWidth 11 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 0 386 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 1 41 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 2 126 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 3 66 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 4 82 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 5 60 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 6 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 7 141 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 8 76 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 9 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 10 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\AudioWidth 11 180 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 0 392 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 1 160 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 2 130 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 3 153 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 4 102 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 5 153 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 6 204 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 7 102 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Download Width 8 204 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 0 386 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 1 41 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 2 126 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 3 59 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 4 145 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 5 60 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 6 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 7 141 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 8 76 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 9 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 10 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 11 180 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 0 205 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 1 153 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 2 153 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 3 153 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 4 124 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 5 153 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 6 204 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 7 102 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 8 204 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Upload Width 9 204 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 0 303 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 1 72 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 2 108 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 3 80 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 4 82 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 5 60 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 6 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 7 76 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 8 76 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 9 180 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 10 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 11 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\VideoWidth 12 64 HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableSharing 0 HKEY_CURRENT_USER\Software\Kazaa\LocalContent DownloadDir E:\Download HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter adult_filter_level 0 HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter showDisableAdultFilter 1 HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter password HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter virus_filter 0 HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter firewall_filter 1 HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter bogus_filter 1 HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter custom_filter_phrases .scr, .vbs, .jpg.exe, .jpg.vbs, .avi.exe, .avi.vbs, .mp3.exe, .mp3.vbs, -fulldownloader, 3-fulldwnloader, -full-downloader, -games-fulldownloader, divx-fulldownloader, 3-full-dwnloader- HKEY_CURRENT_USER\Software\Kazaa\Settings SetDefaultHandler 0 HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0 HKEY_CURRENT_USER\Software\Kazaa\Skins SkinsDir C:\Programme\Kazaa Lite\Skins HKEY_CURRENT_USER\Software\Kazaa\SOCKS Enabled 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer ConcurrentDownloads 30 HKEY_CURRENT_USER\Software\Kazaa\Transfer ConcurrentUploads 6 HKEY_CURRENT_USER\Software\Kazaa\Transfer UploadBandwidth 368 HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir0 E:\Download HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheHost 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer CachePort 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheDiscoveryTime 1156357704 HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserName kazaalite HKEY_CURRENT_USER\Software\Kazaa\UserDetails Email someone@somewhere.abc HKEY_CURRENT_USER\Software\Kazaa\UserDetails Newsletter 0 HKEY_CURRENT_USER\Software\Kazaa\UserDetails AutoConnected 0 HKEY_CURRENT_USER\Software\Kazaa\UserDetails CountryCode DE HKEY_CURRENT_USER\Software\Kazaa LimitBitrate 0 HKEY_CURRENT_USER\Software\Kazaa LastSearchHash eDonkey2000 P2P Program more information... Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 C:\Programme\eDonkey2000\plugins\ed2kie.dll HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1 HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5} HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\.plp HKEY_CLASSES_ROOT\.plp ACDSee 7.0.plp Cookie: ad.yieldmanager Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@ad.yieldmanager[1].txt Cookie: PointRoll.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@ads.pointroll[2].txt Cookie: PriceBandit Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@apmebf[2].txt Cookie: ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@atdmt[1].txt Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@a[1].txt Cookie: Bluestreak.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@bluestreak[1].txt Cookie: Bravenet.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@bravenet[2].txt Cookie: BS.Serving-Sys Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@bs.serving-sys[1].txt c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@serving-sys[2].txt Cookie: BurstNet.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@burstnet[2].txt Cookie: CGI-Bin Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@cgi-bin[1].txt c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@cgi-bin[3].txt c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@cgi-bin[4].txt c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@cgi-bin[5].txt c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@cgi-bin[6].txt Cookie: e-Surveiller 1.6 Cookies Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@com[1].txt Cookie: DealTime Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@dealtime[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@doubleclick[1].txt Cookie: Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@hitbox[2].txt Cookie: IndexTools.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@indextools[2].txt Cookie: Overture.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@overture[1].txt Cookie: PayCounter.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@paycounter[2].txt Cookie: QuestionMarket.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@questionmarket[2].txt Cookie: SageAnalyst Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@sageanalyst[1].txt Cookie: statcounter.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@statcounter[1].txt Cookie: Radar Spy Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@tradedoubler[2].txt Cookie: TribalFusion.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@tribalfusion[1].txt Cookie: ValueClick.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@valueclick[3].txt Cookie: Ajan 1.0 Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\stahlhut\cookies\stahlhut@xiti[1].txt habe blacklight nochmal laufen lassen, nichts gefunden, scheint alles i.o zu sein... Dieser Beitrag wurde am 03.10.2006 um 12:00 Uhr von chirikki editiert.
|
|
|
|
|
|
|
01.12.2006, 21:13
...neu hier
Beiträge: 5 |
#120
Hab auch ein Problem mit New.net. Das wählt sich bei mir einfach ins Netz ein und treibt meine Inet-Kosten nach oben. Immer alle 10 Minuten gehts rein (wenn das Kabel steckt) und mein Provider sieht das jedesmal als 1mb Transfer, weil das die kleinste Recheneinhaeit ist. Bei nem Volumentarif kann das dann ziemlich unvorteilhaft sein.
Ich denk es liegt an New.Net und hoffe ich hab mir nix anderes draufgezogen. Ich hoffe ihr könnt mir helfen. Hier mal das HijackThis Logfile: Logfile of HijackThis v1.99.1 Scan saved at 21:04:00, on 01.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\HHVcdV5Sys\VC5SecS.exe C:\WINDOWS\wanmpsvc.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\system32\Prismsta.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE D:\D-Tools\daemon.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\HHVcdV5Sys\VC5Play.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Virtual CD v5\System\VC5Tray.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\DrvMon.exe C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\mousometer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Anti-Viren-Programme\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Prism_Utility] Prismsta.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [kav] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe O4 - Startup: Mousometer(2).lnk = C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\mousometer.exe O4 - Startup: Mousometer(3).lnk = C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\mousometer.exe O4 - Startup: Mousometer.lnk = C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\mousometer.exe O4 - Startup: PowerReg Scheduler(2).exe O4 - Startup: PowerReg Scheduler(3).exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader - Schnellstart(2).lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader - Schnellstart(3).lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office(2).lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Office(3).lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Thx schon im vorraus. Grz Uriel |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
dein Misstrauen ist korrekt.
man sollte nicht die Viren mit anderen Viren beseitigen.
ewido
http://virus-protect.org/ewido.html
Beispiele:
http://virus-protect.org/lspfix.html
__________
MfG Sabina
rund um die PC-Sicherheit