Brauche Unterstützung beim Entfernen von adtoolskeep.exe & Co. |
||
---|---|---|
#0
| ||
16.10.2005, 20:44
...neu hier
Beiträge: 1 |
||
|
||
18.10.2005, 15:25
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@niftybee
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://rd.yahoo.com/customize/ymsgr/defaults/sb/*h**p://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://rd.yahoo.com/customize/ymsgr/defaults/sp/*h**p://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://rd.yahoo.com/customize/ymsgr/defaults/*h**p://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://rd.yahoo.com/customize/ymsgr/defaults/su/*h**p://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://rd.yahoo.com/customize/ymsgr/defaults/sb/*h**p://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://rd.yahoo.com/customize/ymsgr/defaults/sp/*h**p://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://rd.yahoo.com/customize/ymsgr/defaults/*h**p://my.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.exactsearch.net/sidesearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://rd.yahoo.com/customize/ymsgr/defaults/su/*h**p://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: IDN Helper Object - {118CE65F-5D86-4AEA-A9BD-94F92B89119F} - C:\WINDOWS\DOWNLO~1\CNSMIN~1.DLL O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://static.windupdates.com/cab/CDT/ie/Bridge-c135.cab O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} - h**p://advnt01.com/dialer/internazionale_ver10.CAB O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - h**p://download.abacast.com/download/files/abasetup130f3.cab O18 - Filter: text/html - {3DE493CA-C59B-4B9E-ACA4-84E1DA021396} - C:\WINDOWS\Local Settings\Anwendungsdaten\microsoft\internet explorer\V0.34.dat PC neustarten CCleaner (loesche alle temp-Dateien) http://virus-protect.org/temp.html scanne mit kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html counterspy http://virus-protect.org/counterspy.html Klicke: "Run a Spyware Scan Now" - nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (poste den scanreport) poste den scanreport von ewido http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
Ich selbst bin ein Laie was das Auslesen von HiJack Logs und das Entfernen "unerwünschter" Programme angeht.
Deshalb hoffe ich, daß sich hier jemand findet, der mir dabei hilft..
Ich vermute, daß ich einen ganzen Zoo von unerwünschten Besuchern auf meinem System habe und auch wenn das Entfernen zeitintensiv sein sollte würde ich doch gerne erst diesen Weg versuchen und eine Neuinstallation möglichst umgehen.
Vielen Dank im Voraus
Und hier mein HiJack Log (um aktive Links zu vermeiden wurden alle http durch h**p ersetzt):
Logfile of HijackThis v1.99.1
Scan saved at 20:18:00, on 16.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\pupxpman.exe
F:\Programme\QuickTime\qttask.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
D:\Programme\AVPersonal\AVGNT.EXE
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
d:\Programme\AVPersonal\AVWUPSRV.EXE
d:\Programme\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Yahoo!\Messenger\Messenger\ymsgr_tray.exe
C:\DOKUME~1\***\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://rd.yahoo.com/customize/ymsgr/defaults/sb/*h**p://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://rd.yahoo.com/customize/ymsgr/defaults/sp/*h**p://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://rd.yahoo.com/customize/ymsgr/defaults/*h**p://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://rd.yahoo.com/customize/ymsgr/defaults/su/*h**p://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://rd.yahoo.com/customize/ymsgr/defaults/sb/*h**p://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://rd.yahoo.com/customize/ymsgr/defaults/sp/*h**p://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://rd.yahoo.com/customize/ymsgr/defaults/*h**p://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://rd.yahoo.com/customize/ymsgr/defaults/su/*h**p://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = h**p=proxy.btx.dtag.de:80;ftp=ftp-proxy.btx.dtag.de:80
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IDN Helper Object - {118CE65F-5D86-4AEA-A9BD-94F92B89119F} - C:\WINDOWS\DOWNLO~1\CNSMIN~1.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] d:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] d:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-aware] "D:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] "d:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Programme\Yahoo!\Messenger\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O8 - Extra context menu item: Visit &japanese keywords - res://C:\WINDOWS\DOWNLO~1\CnsMin.dll/203
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Programme\Yahoo!\Messenger\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Programme\Yahoo!\Messenger\Messenger\yhexbmes0819.dll
O9 - Extra button: D-Info - {5baf1db0-1d34-11d6-bf3c-005056303009} - D:\Programme\D\D-Info\html\toolbarscript.html
O9 - Extra 'Tools' menuitem: D-Info - {5baf1db0-1d34-11d6-bf3c-005056303009} - D:\Programme\D\D-Info\html\toolbarscript.html
O9 - Extra button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - D:\PROGRAMME\BüRO\LOTUS\ORGANIZE\BANDOBJS.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Backgammon - h**p://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Gin - h**p://download.games.yahoo.com/games/clients/y/ns0_x.cab
O16 - DPF: Yahoo! Pool 2 - h**p://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://static.windupdates.com/cab/CDT/ie/Bridge-c135.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - h**p://www.cult3d.com/download/cult.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - h**p://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - h**p://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - h**p://software-dl.real.com/24cf9e1854944d117b21/netzip/RdxIE601_de.cab
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} - h**p://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {BAE85C97-2CD4-45C3-A1ED-E4CEF7C6AA52} - h**p://www.online1net.com/kool/coolstuff4.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - h**p://download.abacast.com/download/files/abasetup130f3.cab
O18 - Filter: text/html - {3DE493CA-C59B-4B9E-ACA4-84E1DA021396} - C:\WINDOWS\Local Settings\Anwendungsdaten\microsoft\internet explorer\V0.34.dat
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - d:\Programme\CPUCooL\CooLSrv.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe