Winfix 2005 startet von alleine ??? |
||
---|---|---|
#0
| ||
18.10.2005, 23:15
...neu hier
Beiträge: 2 |
||
|
||
19.10.2005, 00:26
Member
Beiträge: 4730 |
#2
Mache bitte ein HijackThis-Log (Hijacker = [Flugzeug-]Entführer; in der IT sind es Browser-Entführer)
http://managor.de/hjt.htm __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
19.10.2005, 17:54
...neu hier
Themenstarter Beiträge: 2 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 17:54:10, on 19.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\ATI-CPanel\atiptaxx.exe C:\Programme\PestPatrol\PPMemCheck.exe C:\Programme\PestPatrol\CookiePatrol.exe C:\WINDOWS\system32\LVCOMS.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\AIM95\aim.exe C:\WINDOWS\System32\imapi.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Norton AntiVirus\OPScan.exe C:\Dokumente und Einstellungen\Stephan\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.globalefinder.com/sp2.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googel.de/ R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O1 - Hosts: 255.255.255.255 www.casinoxo.com O1 - Hosts: 255.255.255.255 www.casinoxo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [taskmanager] c:\windows\taskmgr.com O4 - HKLM\..\Run: [routcnf] C:\Programme\Telekom\Eumex 504PC USB\routcnf.exe O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE O4 - HKLM\..\Run: [killer1000] killer1000.exe O4 - HKLM\..\Run: [Internet Services] systemdev.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOKUME~1\Stephan\LOKALE~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail O4 - HKLM\..\Run: [XM2002] C:\Programme\IPPS\XM2002®\XM2002.exe -auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NI.UWFX5U_0001_LP] "C:\Dokumente und Einstellungen\Stephan\Desktop\WinFixer2005ScannerInstallDE.exe" O4 - HKLM\..\RunServices: [Internet Services] systemdev.exe O4 - HKCU\..\Run: [WinMX] C:\Progra~1\WinMX\WinMX.exe -m O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - C:\Programme\SchnapperPro\SchnapperPro.exe O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing) O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: HXD Service 100 (HackerDefender100) - Unknown owner - C:\WINDOWS\hxdef100.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe hoffe das hilft dir weiter wie bekomme ich den mist weg |
|
|
||
28.10.2005, 16:41
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@Darksoldier1
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.globalefinder.com/sp2.php R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O1 - Hosts: 255.255.255.255 www.casinoxo.com O1 - Hosts: 255.255.255.255 www.casinoxo.com O4 - HKLM\..\Run: [killer1000] killer1000.exe O4 - HKLM\..\Run: [Internet Services] systemdev.exe O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOKUME~1\Stephan\LOKALE~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail O4 - HKLM\..\Run: [NI.UWFX5U_0001_LP] "C:\Dokumente und Einstellungen\Stephan\Desktop\WinFixer2005ScannerInstallDE.exe" O4 - HKLM\..\RunServices: [Internet Services] systemdev.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) PC neustarten loesche: C:\Dokumente und Einstellungen\Stephan\Desktop\WinFixer2005ScannerInstallDE.exe CCleaner (loesche alle temporaeren Dateien) http://virus-protect.org/temp.html scanne mit Kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.11.2005, 15:00
...neu hier
Beiträge: 2 |
#5
Hallo Sabina,
da ich sehe dass du dich mit diesem Problem echt auskennst hoffe ich dass du mir auch helfen kannst. Das wäre mir echt eine große hilfe.Ich habe die Dateien wie guard.temp usw. nicht auf meien Rechner. Habe die log datei erstellt, kann da aber nichts finden. Danke im Vorraus!!! Logfile of HijackThis v1.99.1 Scan saved at 14:42:27, on 02.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\system32\RunDll32.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\HighCriteria\TotalRecorder\TotRecSched.exe C:\Programme\ISTsvc\istsvc.exe C:\WINDOWS\qwbqrtpu.exe C:\WINDOWS\Twain_32\FlatBed\HotKey.exe C:\Program Files\Media Access\MediaAccK.exe C:\temp\salm.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Vtsvdor\Xpzy.exe C:\Program Files\Media Access\MediaAccess.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\SurfAccuracy\SAcc.exe C:\Programme\Time Sync\time.exe C:\Program Files\Internet Optimizer\actalert.exe C:\Program Files\Internet Optimizer\actalert.exe C:\PROGRA~1\CLOCKS~1\Sync.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE C:\Programme\Save\Save.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\iosdt\iosdt.exe C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton2004\navapsvc.exe C:\WINDOWS\system32\niSvcLoc.exe C:\Programme\Norton2004\AdvTools\NPROTECT.EXE C:\Programme\Norton2004\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Dastbaravardeh\Eigene Dateien\Stuff\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton2004\NavShExt.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton2004\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64" O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programme\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [- ] C:\WINDOWS\qwbqrtpu.exe O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe O4 - HKLM\..\Run: [Á³#K"h'þ9Óœ÷3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qwbqrtpu.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [qfqtov] C:\WINDOWS\qfqtov.exe O4 - HKLM\..\Run: [Khkqzhi] C:\Program Files\Vtsvdor\Xpzy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Time Sync] C:\Programme\Time Sync\time.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU" O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_Crac*hier nicht!*.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programme\AutoCAD 2002\AcDcToday.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\AutoCAD 2002\InstBanr.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programme\AutoCAD 2002\InstFred.ocx O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programme\AutoCAD 2002\AcPreview.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A081CD00-A2D6-43E5-BA1C-BC36F07EF4D6}: NameServer = 217.237.151.97 217.237.150.33 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\system32\iosdt\iosdt.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton2004\navapsvc.exe O23 - Service: NILM License manager - Macrovision Corporation - C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton2004\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton2004\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe |
|
|
||
02.11.2005, 15:14
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@Navid2006
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [- ] C:\WINDOWS\qwbqrtpu.exe O4 - HKLM\..\Run: [Á³#K"h'þ9Óœ÷3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qwbqrtpu.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [qfqtov] C:\WINDOWS\qfqtov.exe O4 - HKLM\..\Run: [Khkqzhi] C:\Program Files\Vtsvdor\Xpzy.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Time Sync] C:\Programme\Time Sync\time.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" O4 - Startup: PowerReg Scheduler V3.exe O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_Crac*hier nicht!*.cab PC neustarten KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: c:\temp\salm.exe C:\WINDOWS\qwbqrtpu.exe C:\WINDOWS\qfqtov.exe C:\Program Files\Vtsvdor\Xpzy.exe C:\WINDOWS\nem220.dll C:\WINDOWS\wsem303.dll C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll C:\Programme\Gemeinsame Dateien\CMEII\GController.dll C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" pc neustarten deinstalliere: KeenValue Internet Optimizer Time Sync Media Access killbox DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Programme\MyWay C:\PROGRA~1\PerfectNav C:\Programme\Time Sync C:\Program Files\Internet Optimizer C:\Programme\Save C:\Programme\MyWay C:\Programme\SurfAccuracy C:\Program Files\Vtsvdor C:\Program Files\Media Access C:\Programme\ISTsvc C:\Programme\Gemeinsame Dateien\CMEII PC neustarten CCleaner http://www.ccleaner.com/ccdownload.asp lösche alle temp-Dateien scanne mit: Entfernungstool: http://virus-protect.org/spyware2.html#Trojan-Downloader.Win32.IstBar FxIstbar.exe AdAware http://virus-protect.org/adaware.html ewido http://virus-protect.org/ewido.html Conterspy Klicke: "Run a Spyware Scan Now" - nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu Panda http://virus-protect.org/onlinescan.html loesche dann manuell, was noch angezeigt wird __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.11.2005, 17:16
...neu hier
Beiträge: 2 |
#7
Wow,danke für die schnelle Antwort.Du hast ja echt Ahnung,bin dir was schuldig. DANKE!!!!
|
|
|
||
23.11.2005, 21:50
...neu hier
Beiträge: 1 |
#8
Hallo Sabina,
ich hoffe das auch du mir helfen kannst. Die erste Maus ist dem winfixer schon zum Opfer gefallen. Bin kurz vorm Ausrasten!!! DANKE!! Hier der Inhalt der LogDatei: ogfile of HijackThis v1.99.1 Scan saved at 21:31:46, on 23.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\Dit.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\ISTsvc\istsvc.exe C:\program files\internet optimizer\sim\msbb.exe C:\Programme\SPAMfighter\SFAgent.exe C:\Programme\SurfAccuracy\SAcc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lexpps.exe C:\PROGRA~1\Web Offer\wo.exe C:\Programme\Save\Save.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\Programme\Mustek 1200 UB Plus\Driver\WATCH.exe C:\WINDOWS\DitExp.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Outlook Express\MSIMN.EXE C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Frank\LOKALE~1\Temp\Rar$EX00.266\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=135849 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=135849 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{C4F5E343-9494-47E4-8E35-440B49E25FD5} - (no file) R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing) O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_98.dll O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file) O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho13.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [updmgr] C:\Programme\Common files\updmgr\updmgr.exe O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Cwuizydg] C:\Program Files\Bfgr\Jkgfp.exe O4 - HKLM\..\Run: [msbb] c:\program files\internet optimizer\sim\msbb.exe O4 - HKLM\..\Run: [shijehmh] C:\WINDOWS\shijehmh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Watch.lnk = C:\Programme\Mustek 1200 UB Plus\Driver\WATCH.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind13.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Programme\ShopperReports\Bin\1.0.8.0\ShprRprt.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.de/ O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.stardialer.de/InstallationsAssistent.ocx O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
||
23.11.2005, 21:52
Ehrenmitglied
Beiträge: 29434 |
#9
glennMA
selten sehe ich so einen verseuchten PC und ich empfehle zu formatieren...was meinst du ? http://virus-protect.org/nachneuinst.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.12.2005, 00:08
Member
Beiträge: 14 |
#10
hey ... habe hier ein log von escan ... sehr lang *grml, obwohl ich erst vor zwei tagen im abgesicherten adaware und antivir hab durchlaufen lassen ...
was ich definitiv weiss, dass ich winfix2005 drauf habe (vor ca 15uhr gefangen) ... nur kann ich mit den logs leider nicht viel anfangen ...=/ danke fuer die hilfe ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Dec 13 16:33:50 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Tue Dec 13 16:33:50 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Tue Dec 13 16:33:56 2005 => System found infected with lop.com Spyware/Adware (backup.reg)! Action taken: No Action Taken. Tue Dec 13 16:33:57 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken. Tue Dec 13 16:33:57 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Dec 13 17:00:41 2005 => File C:\DOKUME~1\ADMINI~1\ANWEND~1\HoleRegs\mp3bone.exe infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus! Action Taken: No Action Taken. Tue Dec 13 17:01:05 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Tue Dec 13 17:01:05 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Tue Dec 13 17:01:11 2005 => System found infected with lop.com Spyware/Adware (backup.reg)! Action taken: No Action Taken. Tue Dec 13 17:01:13 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken. Tue Dec 13 17:01:13 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken. Tue Dec 13 17:01:13 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:13 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. Tue Dec 13 17:01:13 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken. Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken. Tue Dec 13 17:11:54 2005 => File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\bis2FB.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken. Tue Dec 13 18:34:22 2005 => Scanning Folder: C:\Programme\antivir\INFECTED\*.* Tue Dec 13 18:40:38 2005 => File D:\DownLoads\exe\security\pccillininternetsecurity 2005v12.0keyg*hier nicht*\mirror_plugin.exe infected by "Trojan-Downloader.Win32.INService.gen" Virus! Action Taken: No Action Taken. Tue Dec 13 20:38:30 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Dec 13 16:30:12 2005 => File C:\DOKUME~1\ADMINI~1\ANWEND~1\HoleRegs\mp3bone.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. Tue Dec 13 16:33:09 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86.rar tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken. Tue Dec 13 16:33:16 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86\VNCHooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken. Tue Dec 13 16:33:17 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86\winvnc.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken. Tue Dec 13 16:36:52 2005 => File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\bis2FB.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. Tue Dec 13 17:21:56 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86.rar tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken. Tue Dec 13 17:22:03 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86\VNCHooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken. Tue Dec 13 17:22:04 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86\winvnc.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken. Tue Dec 13 18:34:42 2005 => File C:\Recycled\Dc6.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken. Tue Dec 13 18:34:43 2005 => File C:\Recycled\Dc19.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken. Tue Dec 13 18:40:52 2005 => File D:\DownLoads\exe\folder guard\Stealth Folder Hider Eval.exe tagged as not-a-virus:Monitor.Win32.WinSpy.a. No Action Taken. Tue Dec 13 18:42:22 2005 => File D:\DownLoads\exe\coolscrl.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.ar". Action Taken: No Action Taken. Tue Dec 13 19:12:30 2005 => File D:\irc quakenet\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken. Tue Dec 13 19:55:29 2005 => File D:\irc gamesurge\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken. Tue Dec 13 19:55:37 2005 => File D:\irc gamesurge II\Gamers.IRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Dec 13 16:33:51 2005 => Offending Key found: HKCU\Software\gnu !!! Tue Dec 13 16:33:56 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sd4hide-skl\backup.reg Tue Dec 13 16:33:57 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\{1068130f-17ab-11d5-9875-00105ace7734}\ebay.url Tue Dec 13 16:33:57 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\outlook logging\firstrun.log Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\temporary internet files\content.ie5\2oq2fn7p\ads[1].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\adswrapper[1].js Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\adsend[1].js Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\ads[1].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\pop[1].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\ads[2].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\kxybo1e3\ads[1].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\kxybo1e3\ads[2].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\formie[1].css Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\pop[1].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\stylesheet[1].css Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\ads[1].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\show_ads[2].js Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\f54gt19d\ads[1].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\f54gt19d\ads[2].htm Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\u723q5mb\formie[1].css Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\adswrapper[1].js Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\adsend[1].js Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\ads[1].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\pop[1].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\ads[2].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxybo1e3\ads[1].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxybo1e3\ads[2].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\formie[1].css Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\pop[1].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\stylesheet[1].css Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\ads[1].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\show_ads[2].js Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\f54gt19d\ads[1].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\f54gt19d\ads[2].htm Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\u723q5mb\formie[1].css Tue Dec 13 17:01:06 2005 => Offending Key found: HKCU\Software\gnu !!! Tue Dec 13 17:01:11 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sd4hide-skl\backup.reg Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\{1068130f-17ab-11d5-9875-00105ace7734}\ebay.url Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\outlook logging\firstrun.log Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\temporary internet files\content.ie5\2oq2fn7p\ads[1].htm Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\adswrapper[1].js Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\adsend[1].js Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\ads[1].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\pop[1].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\ads[2].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\kxybo1e3\ads[1].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\kxybo1e3\ads[2].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\formie[1].css Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\pop[1].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\stylesheet[1].css Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\ads[1].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\show_ads[2].js Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\f54gt19d\ads[1].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\f54gt19d\ads[2].htm Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\u723q5mb\formie[1].css Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\adswrapper[1].js Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\adsend[1].js Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\ads[1].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\pop[1].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\ads[2].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxybo1e3\ads[1].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxybo1e3\ads[2].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\formie[1].css Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\pop[1].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\stylesheet[1].css Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\ads[1].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\show_ads[2].js Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\f54gt19d\ads[1].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\f54gt19d\ads[2].htm Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\u723q5mb\formie[1].css ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Dec 13 20:38:30 2005 => Total Virus(es) Found: 50 Tue Dec 13 20:38:30 2005 => Total Errors: 2229 Tue Dec 13 20:38:30 2005 => Time Elapsed: 03:38:00 Tue Dec 13 20:38:30 2005 => Total Objects Scanned: 162294 Tue Dec 13 16:28:42 2005 => Virus Database Date: 2005/12/12 Tue Dec 13 16:55:13 2005 => Virus Database Date: 2005/12/12 Tue Dec 13 16:55:30 2005 => Virus Database Date: 2005/12/13 Tue Dec 13 17:00:08 2005 => Virus Database Date: 2005/12/13 Tue Dec 13 20:38:30 2005 => Virus Database Date: 2005/12/13 Tue Dec 13 21:39:22 2005 => Virus Database Date: 2005/12/13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ der zweite rechner: xp2400+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Dec 13 16:42:33 2005 => Virus Database Date: 2005/12/12 Tue Dec 13 16:42:41 2005 => Virus Database Date: 2005/12/12 Tue Dec 13 16:43:13 2005 => Virus Database Date: 2005/12/13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ |
|
|
||
14.12.2005, 11:54
Ehrenmitglied
Beiträge: 29434 |
#11
sto_teac
wende CleanUp an, wie auf der Seite beschrieben http://virus-protect.org/cleanup.html loesche: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\bis2FB.exe D:\DownLoads\exe\coolscrl.exe D:\DownLoads\exe\folder guard D:\DownLoads\exe\security\pccillininternetsecurity 2005v12.0keyg*hier nicht*\mirror_plugin.exe C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HoleRegs Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: Zitat dir %Windir%\tasks /a h > files.txt- Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" dann sehen wir weiter..... ----------------------------------------------------------------------- info LOP - Trojaner TR/Swizzor http://virus-protect.org/artikel/spyware/lop.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.12.2005, 15:03
...neu hier
Beiträge: 3 |
#12
Hallo Sabina,
auch mich hat Winfixer leider erwischt und auch nach eine Gewaltkur mit einem halben Dutzend Scannern (MS Anti-Spyware, Ad-Aware, SpySweeper, Spybot, ewido, CounterSpy) und Virenkillern (AntiVir, McAfee, AVG) werde ich weiterhin ständig von Werbepoups genervt. Vielleicht findest Du ja die Zeit, auch mir bei der Beseitigung dieses lästigen Untermieters etwas zu helfen? Besten Dank im Vorraus! Hier Mein Hijackthis-Log: Logfile of HijackThis v1.99.1 Scan saved at 14:51:45, on 14.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE E:\BF1942_Editing\TortoiseSVN\bin\TSVNCache.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\LXSUPMON.EXE C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\taskswitch.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\Programme\Microsoft Hardware\Mouse\point32.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Programme\Spamihilator\spamihilator.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\svchost.exe C:\HJT\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125932067437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127143264437 O16 - DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} (NCWeb.Launcher) - http://www.guildwars.co.kr/common/ocx/ncweb.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4645/mcfscan.cab O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\lvpq0975e.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE |
|
|
||
14.12.2005, 15:22
Ehrenmitglied
Beiträge: 29434 |
#13
Parabellum
das ist kein Winfixer mehr, dass ist eine Look2Me-Verseuchung Zitat O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\lvpq0975e.dllarbeite option 2 und nach dem neustart option 4 ab und kopiere hier das log vom scann http://virus-protect.org/l2mfix.html + Hoster.zip -> anwenden http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.12.2005, 16:29
Member
Beiträge: 14 |
#14
erstmal danke fuer die hilfe ... cleanup hat ca 1.47gb bereinigt Oo
-> frage: schmeisst der nur muell wie temp, temp inet und cookies runter? dann mach ich das immer bevor ich nen log posten will -> die sachen unter "d\:downloads\exe..." sind eigentlich auszufuehrende daein, die ich mal mit absicht runtergeladen hatte ... was war an den zweifelhaft/schlimm? -> "holereg" hat mir massive probleme bereitet ... unter normalem win war es "in betrieb" und konnte nicht geloescht werden ... darauf hin bin ich in den abgesicherten modus ... dieser ist mir 3 mal abgeschmiert!!!! -> hab die datei mp3bone.exe dann im normalen modus umbenannt und neu gestartet, danach konnte ich sie loeschen ... hier nun die von dir gewuenschten logs ... und ein grosses danke fuer deine hilfe! findjobs.bat: Zitat Datentr„ger in Laufwerk C: hat keine Bezeichnung.hijackthis: Zitat Logfile of HijackThis v1.99.1hab mal diesen autmatischen analyser durchlaufen lassen ... Zitat O2 - BHO: (no name) - {0108CA46-B928-F59A-7D79-1846BB9E6D1A} - C:\DOKUME~1\ADMINI~1\ANWEND~1\HoleRegs\mp3bone.exe (file missing)hab ich daraufhin geloescht (mit hijacker selbst) O2 -> kennen wir ja schon -.- O9 -> hatte das prog eigentlich schon vor ner weile geloescht O9 -> hatte das prog eigentlich schon vor ner weile geloescht Zitat O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (file missing)O23 -> wurde mir auch als unsicher angezeigt ... aber trendmicro stellt bei mir pc cillin und ist eigentlich (mit) fuer sicherheit verantwortlich ... Dieser Beitrag wurde am 14.12.2005 um 19:58 Uhr von sto_teac editiert.
|
|
|
||
14.12.2005, 16:33
...neu hier
Beiträge: 3 |
#15
Das nach Option 2 erscheinende Log findest Du hier: http://www.aves-dsa.de/temp/log.txt
Danach wollte ich Option 4 machen, aber es ging nur ein Editor-Fenster auf mit folgender Meldung: Zitat Der Benutzername konnte nicht gefunden werden.Hoster ging ohne Fehlermeldung. |
|
|
||
bei mir startet immer von alleine der downloader zu winfix2005 da öffnen sich immer von alleine fenster habe mich mal in internet umgeschaut da standimmer irgendwas mit highjack oder lowjack oder sowas, nun meine frage wie bekomme ich den mist weg es wird langsam lästig Bitte helft mir.
mfg
darksoldier