Home » Spyware & Browser Hijacker Support Forum » Warning! Your Computer might be infected with spyware or adware! » Themenansicht
Warning! Your Computer might be infected with spyware or adware! |
||
|---|---|---|
| #0
| ||
|
27.10.2005, 22:56
...neu hier
Beiträge: 7 |
||
 
|
|
|
|
28.10.2005, 15:18
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo@CamCo
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file) O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll O4 - HKCU\..\Run: [ObjectDock] - O4 - HKCU\..\Run: [WinRoll] - O4 - HKCU\..\Run: [Yz Shadow] - O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing) O18 - Protocol: bw+0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll PC neustarten deinstallieren: C:\Programme\Security Toolbar kopiere bitte die 4 Logs hier (3 Monate vom Datum her genuegen http://virus-protect.org/datfindbat.html + das Log vom Silentrunner http://virus-protect.org/silentrunner.html + Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ doppelklick: blbeta.exe nach dem Check klicke -- next nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.10.2005, 17:44
...neu hier
Themenstarter Beiträge: 7 |
#3
Zitat deinstallieren:wie geht das? da is nur eine "security toolbar" und "uninstall.bat" drinnen... wie verwendet man die? Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A02A-1A7F Verzeichnis von C:\WINDOWS\system32 28.10.2005 17:35 5.304 ncompat.tlb 28.10.2005 17:33 4.608 msvol.tlb 28.10.2005 17:33 16.384 hp7F19.tmp 28.10.2005 17:33 15.360 ld78FE.tmp 27.10.2005 19:49 4.286 ot.ico 27.10.2005 19:49 4.286 ts.ico 27.10.2005 19:49 12.432 nvctrl.exe 27.10.2005 19:47 10.316 mscornet.exe 23.10.2005 12:17 2.422 wpa.dbl 05.07.2005 23:28 1.212.416 NCTAudioInformation2.dll 05.07.2005 23:28 454.656 NCTAudioRecord2.dll 05.07.2005 23:28 1.986.560 NCTAudioFile2.dll 05.07.2005 23:28 458.752 NCTAudioPlayer2.dll 05.07.2005 23:28 602.112 NCTAudioTransform2.dll 05.07.2005 23:28 876.544 NCTAudioEditor2.dll "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "LDM" = "D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"] "Steam" = (empty string) "AtiTrayTools" = "D:\Programme\Omega\ATI Tray Tools\atitray.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "wininet.dll" = "mscornet.exe" [null data] "nvctrl.exe" = "nvctrl.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "Jet Detection" = "D:\Treiber\SoundBlaster\PROGRAM\ADGJDet.exe" [empty string] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [null data] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "Share-to-Web Namespace Daemon" = "C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"] "ATIPTA" = ""C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "WinampAgent" = "D:\Programme\Winamp\winampa.exe" [null data] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {3bf1f86f-b1a8-489b-8d8b-43781d51411f}\(Default) = "HomepageBHO" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hp7F19.tmp" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\OFFICE~1\Office\OLKFSTUB.DLL" [MS] "{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"] "{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQShExt.dll" ["ICQ"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] "{F16F2A47-893D-4FFC-A83A-E66C9F5AC838}" = "Audiofan Wave to MP3 Converter 1.0 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\amese.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" [file not found] "{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\SmartFTP\smarthook.dll" ["SmartFTP"] "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shell Shredding Utility" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\Real\rpshell.dll" ["RealNetworks, Inc."] "{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Ordner HP Share-to-Web" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQLiteShell.dll" [empty string] "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\iColorFolder\CMExt.dll" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQLiteShell.dll" [empty string] Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WS FTP\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Audiofan Wave to MP3 Converter\(Default) = "{F16F2A47-893D-4FFC-A83A-E66C9F5AC838}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\amese.dll" [null data] CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\iColorFolder\CMExt.dll" [file not found] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQLiteShell.dll" [empty string] Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WS FTP\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp" Active Desktop web content: HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\ "FriendlyName" = "Warning homepage" "Source" = "C:\WINDOWS\warnhp.html" "SubscribedURL" = "" Startup items in "-Felix-" & "All Users" startup folders: --------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Microsoft Office" -> shortcut to: "D:\Programme\Office 2000\Office\OSA9.EXE -b -l" [MS] "Adobe Gamma Loader.exe" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "HPAiODevice(hp officejet d series) - 1" -> shortcut to: "D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe -DeviceID 1107811900" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {6224F700-CBA3-4071-B251-47CB894244CD}\ "ButtonText" = "ICQ Pro" "MenuText" = "ICQ" "Exec" = "D:\PROGRA~1\ICQ\ICQ.exe" ["ICQ Inc."] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "D:\Programme\ICQ\ICQLite.exe" ["ICQ Ltd."] {D9288080-1BAA-4BC4-9CF8-A92D743DB949}\ "ButtonText" = "Run IMVU" "Exec" = "C:\Dokumente und Einstellungen\-Felix-\Startmenü\Programme\IMVU\Run IMVU.lnk" [null data] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] AVSync Manager, AvSynMgr, ""D:\Programme\Mc Afee\Avsynmgr.exe"" ["Network Associates, Inc."] C-DillaSrv, C-DillaSrv, "C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"] Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."] GEARSecurity, GEARSecurity, "SYSTEM32\GEARSEC.EXE" ["GEAR Software"] McShield, McShield, ""C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe"" ["Network Associates, Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS] Canon BJ Language Monitor BJC-6000\Driver = "CNMLM1N.DLL" ["CANON INC."] PRTmate\Driver = "PRTmate.dll" [null data] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 64 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 11 seconds. ---------- (total run time: 194 seconds) 10/28/05 17:43:13 [Info]: BlackLight Engine 1.0.24 initialized 10/28/05 17:43:13 [Info]: OS: 5.1 build 2600 (Service Pack 1) 10/28/05 17:43:14 [Note]: 4019 4 10/28/05 17:43:14 [Note]: 4005 0 10/28/05 17:43:20 [Note]: 4006 0 10/28/05 17:43:20 [Note]: 4011 840 10/28/05 17:43:20 [Note]: FSRAW library version 1.7.1013 10/28/05 17:44:05 [Note]: 4007 0 danke schonmal für deine hilfe! |
|
|
|
|
|
|
28.10.2005, 17:57
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@
gehe in die registry start-->ausfuehren-->regedit HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\ loesche: "FriendlyName" = "Warning homepage" "Source" = "C:\WINDOWS\warnhp.html" "SubscribedURL" = "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run loeschen: "wininet.dll" = "mscornet.exe" "nvctrl.exe" = "nvctrl.exe" Killbox http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\ncompat.tlb C:\WINDOWS\system32\msvol.tlb C:\WINDOWS\system32\hp7F19.tmp C:\WINDOWS\system32\ld78FE.tmp C:\WINDOWS\System32\hp92D5.tmp C:\WINDOWS\system32\ot.ico C:\WINDOWS\system32\ts.ico C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\warnhp.html C:\WINDOWS\system32\mscornet.exe PC neustarten CCleaner (loesche alle temporaeren Dateien) http://virus-protect.org/temp.html Falls nötig, das ausführen (Geht auch über Systemsteuerung - Anzeige) 1 - Taskleiste Rechtsklick - dann Eigenschaften. 2 - Taskleiste automatisch ausblenden: Aktivieren. 3 - Man kann nun einen kleinen Teil des alten Desktop- hintergrundes sehen, da wo die Taskleiste früher war. 4 - Rechtsklick - Eigenschaften auf den kleinen alten Desktop ausschnitt. 5 - Desktop - dann auf: Desktop anpassen 6 - Web-Karteikarte auswählen 7 - Eintrag "Warning homepage" Löschen smitRem TOOL (Entfernungstool) http://noahdfear.geekstogo.com/ öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste die Textdatei in den Thread dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.10.2005, 02:00
...neu hier
Themenstarter Beiträge: 7 |
#5
smitRem © log file
version 2.7 by noahdfear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN!  Logfile of HijackThis v1.99.1 Scan saved at 02:02:30, on 29.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Programme\Mc Afee\Avsynmgr.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\WINDOWS\System32\svchost.exe D:\Programme\Mc Afee\VsStat.exe D:\Programme\Mc Afee\Vshwin32.exe C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe D:\Programme\Mc Afee\Avconsol.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\System32\devldr32.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Programme\Logitech\MouseWare\system\em_exec.exe D:\Programme\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe D:\PROGRA~1\HP\AiO\Shared\Bin\hpoevm07.exe D:\Programme\HP\AiO\Shared\bin\hpOSTS07.exe D:\Programme\HP\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\explorer.exe D:\PROGRA~1\FIREFOX\FIREFOX.EXE C:\Dokumente und Einstellungen\-Felix-\Eigene Dateien\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packetnews.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] D:\Treiber\SoundBlaster\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LDM] D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [AtiTrayTools] D:\Programme\Omega\ATI Tray Tools\atitray.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Office 2000\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\-Felix-\Startmenü\Programme\IMVU\Run IMVU.lnk O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\Programme\Mc Afee\Avsynmgr.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McShield - Unknown owner - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe O23 - Service: TSMService - T-Systems Nova, Berkom - D:\Programme\Speed Manager\tsmsvc.exe |
|
|
|
|
|
|
29.10.2005, 15:19
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@CamCo
das sieht ja schon sehr gut aus  nun wirst du mit richtigen Virenscannern arbeiten...um zu sehen, was ich nicht gefunden habe http://virus-protect.org/counterspy.html loesche nach Anweisung auf meiner Seite die Malware und poste den Scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
30.10.2005, 19:08
...neu hier
Themenstarter Beiträge: 7 |
#7
Spyware Scan Details
Start Date: 29.10.2005 18:53:32 End Date: 29.10.2005 19:20:10 Total Time: 26 mins 38 secs Detected spyware WhenU.ClockSync Adware Bundler more information... Details: ClockSync: a program that sits in the desktop tray and periodically synchronizes the local PC system clock with standard atomic clock time available online. Status: Deleted My Way Speedbar Browser Plug-in more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected files detected c:\programme\myway\mybar\history\search c:\programme\myway\mybar\settings\prevcfg.htm Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pid DI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 33D541AD-0AAA-43D8-AE9B-1A21C5F4661C HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://barcfg.myway.com/cfg/speedbar/mySpeedbarCfg2.jsp?p=DI&s=s43 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2004060816 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 1 DelFin.Media Viewer Adware more information... Details: DelFin Media Viewer, also called PromulGate, is an adware-based media player. Status: Deleted Infected files detected c:\keys.ini C:\WINDOWS\system32\wsxsvc\License.txt Paltalk Low Risk Adware more information... Details: Paltalk is an advertising-supported instant messaging client. Status: Deleted Infected files detected C:\WINDOWS\iun6002.exe BookedSpace Browser Plug-in more information... Details: BookedSpace is an Internet Explorer Browser Helper Object used to show popup advertising. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pcsvc\delfinTG.ebd C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wsxs\delfinTG.ebd C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wsxs\delfinST.ebd Neoturk RAT more information... Status: Deleted Infected files detected E:\Half Life\cstrike\sound\misc\hastalavista.wav NavExcel Search Toolbar Browser Hijacker more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\appid\nhelper.dll HKEY_CLASSES_ROOT\appid\nhelper.dll AppID {710BCB5B-8C6C-483E-A4F5-FAF083B13184} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\NHelper.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\NHelper.DLL AppID {710BCB5B-8C6C-483E-A4F5-FAF083B13184} HKEY_CURRENT_USER\Software\NavExcel Ltd TurboDownload Adware more information... Details: IEDriver also known as TurboDownloadand PopUp Killer, downloads and displays advertisements. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\MaxSpeed HKEY_LOCAL_MACHINE\SOFTWARE\MaxSpeed ConnectionType 1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac} DisplayName MaxSpeed HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac} UninstallString C:\WINDOWS\System32\ms.exe /c WildTangent Low Risk Adware more information... Details: WildTangent is an online gaming plugin bundle from Wildtangent.com similar to Macromedia’s flash. WildTangent uses a built in required feature that is used to provide adware based advertising to the user. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls wtControlPanel KeenValue PerfectNav Browser Hijacker more information... Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\updmgr HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} installDate 2004/05/28 13:46 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} VersionNumber 1.0.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} TrackGuid 8FBDC737-0010-41E3-BBCF-731884CB2FD9 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr Install_Dir C:\Programme\Common files\updmgr HKEY_LOCAL_MACHINE\SOFTWARE\updmgr EXEName updmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\updmgr VersionNumber 1.5.1 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr cid BD164DF6-65AF-467A-97C2-89B724051FB6 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr installDate 2004/05/28 13:46 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr puid 7818cd7c-e142-4e27-8dad-5064e18a27b2 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr LastUpdateAttempt 1086208506 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} installDate 2004/05/28 13:46 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} VersionNumber 1.0.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} TrackGuid 8FBDC737-0010-41E3-BBCF-731884CB2FD9 My Search Bar Potentially Unwanted Software more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} Grokster P2P more information... Details: Free version installs adware and spyware including GAIN, CyDoor, My Search, WebRebates, and Relivant Knowledge. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\Magnet HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire\Type urn:sha1 0 HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire LimeWire Peer to Peer HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire Description LimeWire is the best P2P client. HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire DefaultIcon "D:\Programme\LimeWire\LimeWire.ico",-128 HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire ShellExecute "D:\Programme\LimeWire\LimeWire.exe" "%URL" HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire kt 0 HKEY_CLASSES_ROOT\magnet HKEY_CLASSES_ROOT\magnet\DefaultIcon "D:\Programme\LimeWire\LimeWire.ico",-128 HKEY_CLASSES_ROOT\magnet\shell\open\command "D:\Programme\LimeWire\LimeWire.exe" "%L" HKEY_CLASSES_ROOT\magnet URL Protocol HKEY_CLASSES_ROOT\magnet URL:MagNet Protocol Radar Spy 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\-felix-\cookies\-felix-@tradedoubler[1].txt |
|
|
|
|
|
|
30.10.2005, 21:41
Ehrenmitglied
Beiträge: 29434 |
#8
http://virus-protect.org/reinigungstoolsregistry.html
TuneUp 2006 (30 Tage free) Shareware wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner dann muesste alles wieder in Ordnung sein poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
31.10.2005, 12:22
...neu hier
Themenstarter Beiträge: 7 |
#9
Logfile of HijackThis v1.99.1
Scan saved at 12:23:40, on 31.10.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\Programme\CounterSpy\Thread.exe D:\Programme\Mc Afee\Avsynmgr.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\devldr32.exe D:\Programme\CounterSpy\SunProtectionServer.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Programme\Mc Afee\VsStat.exe D:\Programme\Winamp\winampa.exe D:\Programme\CounterSpy\sunserver.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Programme\Mc Afee\Vshwin32.exe D:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe D:\Programme\Mc Afee\Avconsol.exe D:\PROGRA~1\HP\AiO\Shared\Bin\hpoevm07.exe D:\Programme\HP\AiO\Shared\bin\hpOSTS07.exe D:\Programme\HP\AiO\Shared\bin\hpOFXM07.exe D:\Programme\ICQ\ICQLite.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\msiexec.exe D:\Programme\CounterSpy\Thread.exe D:\Programme\CounterSpy\SunProtectionServer.exe C:\Dokumente und Einstellungen\-Felix-\Eigene Dateien\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [Jet Detection] D:\Treiber\SoundBlaster\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SunServer] D:\Programme\CounterSpy\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LDM] D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Office 2000\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\-Felix-\Startmenü\Programme\IMVU\Run IMVU.lnk O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\Programme\Mc Afee\Avsynmgr.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McShield - Unknown owner - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe O23 - Service: TSMService - T-Systems Nova, Berkom - D:\Programme\Speed Manager\tsmsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp\WinStylerThemeSvc.exe |
|
|
|
|
|
|
31.10.2005, 12:31
Ehrenmitglied
Beiträge: 29434 |
#10
deinstalliere den Counterspy wieder
Fixe mit dem HijackThis: R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/ neustarten scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein dann poste das Hijackthis-Log noch mal __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.11.2005, 15:00
Member
Beiträge: 13 |
#11
Hi, ich habe genau das selbe Problem. Hab schon in vielen anderen Foren nachgelesen, dass ihr jeweils den HijackThis-Log ausgewertet habt. Ich konnte einiges damit anfangen und hab bereits einige dieser Daten gelöscht. Aber bei vielen anderen Dateien in meinem Log weiß ich nicht, ob ich die auch löschen muss. Außerdem kann ich die folgende Datei nicht löschen:
O2 - BHO: (no name) - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp71A5.tmp Wäre nett, wenn sich jemand damit befassen könnte... ich hab da nämlich 0 Ahnung von. Hier mein HijackThis-Log: Logfile of HijackThis v1.99.1 Scan saved at 14:58:55, on 04.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\WINDOWS\asuskbservice.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ICQLite\ICQLite.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE C:\WINDOWS\system32\RUNDLL32.EXE D:\Programme\Java\jre1.5.0_04\bin\jusched.exe D:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe E:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe D:\Programme\HP\Digital Imaging\bin\hpqgalry.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Andreas Fischer\Desktop\HijackThis.exe O2 - BHO: (no name) - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp71A5.tmp O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "D:\Programme\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\system32\dflnl.exe O4 - HKLM\..\Run: [THGuard] "D:\Programme\TrojanHunter 3.9\THGuard.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
|
|
04.11.2005, 15:09
Ehrenmitglied
Beiträge: 29434 |
#12
Pesco
CCleaner http://www.ccleaner.com/ccdownload.asp lösche alle temp-Dateien  kopiere bitte die 4 Logs hier (3 Monate vom Datum her genuegen http://virus-protect.org/datfindbat.html + das Log vom Silentrunner http://virus-protect.org/silentrunner.html + Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ doppelklick: blbeta.exe nach dem Check klicke -- next nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.11.2005, 18:13
Member
Beiträge: 13 |
#13
Datfind
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 483C-3C44 Verzeichnis von C:\WINDOWS\system32 04.11.2005 18:07 5.420 ncompat.tlb 04.11.2005 17:40 5.120 msvol.tlb 04.11.2005 17:40 16.384 hp49E0.tmp 04.11.2005 17:40 12.584 nvctrl.exe 04.11.2005 17:38 890 vsconfig.xml 04.11.2005 17:38 15.360 ld7493.tmp 02.11.2005 17:03 16.384 hp787B.tmp 02.11.2005 15:26 16.384 hp7F80.tmp 01.11.2005 19:44 16.384 hp7E86.tmp 01.11.2005 19:41 16.384 hp92.tmp 01.11.2005 17:08 16.384 hp7AAE.tmp 01.11.2005 16:37 380.486 perfh009.dat 01.11.2005 16:37 391.330 perfh007.dat 01.11.2005 16:37 52.900 perfc009.dat 01.11.2005 16:37 63.778 perfc007.dat 01.11.2005 16:37 897.954 PerfStringBackup.INI 01.11.2005 16:36 231.184 FNTCACHE.DAT 01.11.2005 14:55 4.286 ts.ico 01.11.2005 14:55 4.286 ot.ico 01.11.2005 14:54 8.844 mssearchnet.exe 01.11.2005 14:44 13.002 wpa.dbl 01.11.2005 14:37 253 spupdwxp.log 28.10.2005 21:40 10.480 mscornet.exe 17.10.2005 19:58 65.536 QuickTimeVR.qtx 17.10.2005 19:57 49.152 QuickTime.qts 15.10.2005 10:48 10.800 SpoonUninstall-Janitor Dan the Spaceman.dat 15.10.2005 10:48 164.352 SpoonUninstall.exe 15.10.2005 10:48 82.994 SpoonUninstall-Janitor Dan the Spaceman.bmp 05.10.2005 08:36 2.301.792 MRT.exe 04.10.2005 17:26 3.013.120 mshtml.dll 23.09.2005 04:06 8.491.520 shell32.dll 20.09.2005 11:17 12.980 wpa.bak 20.09.2005 11:15 3.799 jupdate-1.5.0_04-b05.log 19.09.2005 18:02 4.212 zllictbl.dat 19.09.2005 17:34 0 h323log.txt 19.09.2005 17:33 16.832 amcompat.tlb 19.09.2005 17:33 23.392 nscompat.tlb 19.09.2005 17:31 56 D565C814A7.sys 19.09.2005 16:47 25.065 wmpscheme.xml 19.09.2005 16:43 261 $winnt$.inf 19.09.2005 16:41 2.951 CONFIG.NT 19.09.2005 16:40 488 WindowsLogon.manifest 19.09.2005 16:40 488 logonui.exe.manifest 19.09.2005 16:40 749 sapi.cpl.manifest 19.09.2005 16:40 749 cdplayer.exe.manifest 19.09.2005 16:40 749 wuaucpl.cpl.manifest 19.09.2005 16:40 749 ncpa.cpl.manifest 19.09.2005 16:40 749 nwc.cpl.manifest 19.09.2005 16:39 21.740 emptyregdb.dat 10.09.2005 02:54 2.067.968 cdosys.dll 03.09.2005 00:53 664.064 wininet.dll 03.09.2005 00:53 1.484.288 shdocvw.dll 03.09.2005 00:53 474.112 shlwapi.dll 03.09.2005 00:53 205.312 dxtrans.dll 03.09.2005 00:53 39.424 pngfilt.dll 03.09.2005 00:53 146.432 msrating.dll 03.09.2005 00:53 530.432 mstime.dll 03.09.2005 00:53 55.808 extmgr.dll 03.09.2005 00:53 605.696 urlmon.dll 03.09.2005 00:53 251.392 iepeers.dll 03.09.2005 00:53 448.512 mshtmled.dll 03.09.2005 00:53 96.768 inseng.dll 03.09.2005 00:53 1.019.904 browseui.dll 03.09.2005 00:53 152.064 cdfview.dll 03.09.2005 00:53 1.055.744 danim.dll 01.09.2005 02:44 292.352 winsrv.dll 01.09.2005 02:44 19.968 linkinfo.dll 30.08.2005 04:55 1.292.800 quartz.dll 23.08.2005 04:39 124.416 umpnpmgr.dll 22.08.2005 19:31 197.632 netman.dll --------------------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 483C-3C44 Verzeichnis von C:\DOKUME~1\ANDREA~1\LOKALE~1\Temp 04.11.2005 17:39 16.384 ~DF861.tmp 04.11.2005 17:39 16.384 ~DFD533.tmp 04.11.2005 17:39 512 ~DFAF1D.tmp 04.11.2005 17:39 16.384 ~DFAF07.tmp 04.11.2005 15:15 353.292 hpodvd09.log 5 Datei(en) 402.956 Bytes 0 Verzeichnis(se), 11.362.922.496 Bytes frei ---------------------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 483C-3C44 Verzeichnis von C:\WINDOWS 04.11.2005 17:38 0 0.log 04.11.2005 17:38 840.170 WindowsUpdate.log 04.11.2005 17:38 159 wiadebug.log 04.11.2005 17:38 50 wiaservc.log 04.11.2005 17:38 2.048 bootstat.dat 04.11.2005 15:15 32.556 SchedLgU.Txt 04.11.2005 14:26 177.229 setupact.log 03.11.2005 19:13 59.392 streamhlp.dll 01.11.2005 19:26 766 win.ini 01.11.2005 16:34 1.374 imsins.log 01.11.2005 16:34 115.317 comsetup.log 01.11.2005 16:34 125.310 tsoc.log 01.11.2005 16:34 48.437 iis6.log 01.11.2005 16:34 16.074 ocmsn.log 01.11.2005 16:34 69.385 ntdtcsetup.log 01.11.2005 16:34 31.725 KB899587.log 01.11.2005 16:34 157.712 ocgen.log 01.11.2005 16:34 16.190 msgsocm.log 01.11.2005 16:34 313.154 FaxSetup.log 01.11.2005 16:34 20.939 setupapi.log 01.11.2005 16:34 13.230 updspapi.log 01.11.2005 16:34 1.374 imsins.BAK 01.11.2005 16:34 30.847 KB896422.log 01.11.2005 16:34 30.584 KB885835.log 01.11.2005 16:34 29.588 KB885836.log 01.11.2005 16:34 30.408 KB885250.log 01.11.2005 16:34 30.534 KB901017.log 01.11.2005 16:34 30.852 KB899591.log 01.11.2005 16:34 30.659 KB893756.log 01.11.2005 16:34 27.967 KB896423.log 01.11.2005 16:34 29.164 KB873339.log 01.11.2005 16:34 29.232 KB888113.log 01.11.2005 16:33 29.555 KB887742.log 01.11.2005 16:33 28.960 KB887472.log 01.11.2005 16:33 29.318 KB896358.log 01.11.2005 16:33 28.290 KB891781.log 01.11.2005 16:33 1.024.746 setupapi.log.0.old 01.11.2005 16:33 33.631 KB902400.log 01.11.2005 16:33 25.514 KB890046.log 01.11.2005 16:33 22.238 KB896688.log 01.11.2005 15:22 5.941 KB893803v2.log 01.11.2005 15:21 6.873 KB898461.log 01.11.2005 14:55 1.668 warnhp.html 01.11.2005 14:45 1.165 OEWABLog.txt 01.11.2005 14:39 29.290 spupdsvc.log 01.11.2005 14:39 360 DtcInstall.log 01.11.2005 14:39 44.735 wmsetup.log 01.11.2005 14:39 316.640 WMSysPr9.prx 01.11.2005 14:34 140 winamp.ini 01.11.2005 14:07 426.271 svcpack.log 01.11.2005 14:03 200 cmsetacl.log 01.11.2005 14:03 739.516 setuplog.txt 01.11.2005 14:03 1.330 sessmgr.setup.log 28.10.2005 21:14 54.156 QTFont.qfn 27.10.2005 20:03 28.712 xpsp1hfm.log 27.10.2005 20:03 34.304 KB828741.log 27.10.2005 20:02 28.668 KB835732.log 27.10.2005 20:02 20.862 Q329834.log 27.10.2005 20:02 31.754 KB823559.log 27.10.2005 20:01 20.519 Q329048.log 27.10.2005 20:01 19.319 KB834707-IE6-20040929.115007.log 27.10.2005 20:01 23.602 Q810577.log 27.10.2005 20:00 20.439 Q810833.log 27.10.2005 19:59 17.332 Q811630.log 27.10.2005 19:59 16.289 Q329441.log 27.10.2005 19:58 16.030 Q817606.log 27.10.2005 19:57 12.915 Q329170.log 27.10.2005 19:56 1.587 Q329115.log 27.10.2005 19:56 1.227 Q329390.log 27.10.2005 19:56 961 Q323255.log 27.10.2005 19:45 7.195 KB842773.log 27.10.2005 16:38 1.409 QTFont.for 27.10.2005 16:37 649 GEARInstall.log 05.10.2005 17:15 403 nsw.log 26.09.2005 15:13 104.275 hpoins04.dat ?????????? 26.09.2005 15:12 59.976 dasetup.log 26.09.2005 15:12 4.161 ODBCINST.INI 26.09.2005 15:11 1.442 COM+.log 26.09.2005 15:09 480 ODBC.INI 26.09.2005 14:52 15.378 Windows Update.log 19.09.2005 19:04 59 vbaddin.ini 19.09.2005 17:44 161.745 DirectX.log 19.09.2005 17:33 234 wmsetup10.log 19.09.2005 17:32 0 Sti_Trace.log 19.09.2005 17:30 1.348 regopt.log 19.09.2005 17:30 231 system.ini 19.09.2005 17:30 0 setuperr.log 19.09.2005 17:13 299.552 WMSysPrx.prx 19.09.2005 16:44 8.192 REGLOCS.OLD 19.09.2005 16:41 0 control.ini 19.09.2005 16:40 749 WindowsShell.Manifest 19.09.2005 16:39 36 vb.ini 24.06.2005 13:22 428.032 WRServices.dll 27.05.2005 00:22 10.752 hh.exe 04.08.2004 08:58 288.768 winhlp32.exe 04.08.2004 08:58 32.866 slrundll.exe 04.08.2004 08:58 153.600 regedit.exe 04.08.2004 08:58 70.144 notepad.exe 04.08.2004 08:57 1.035.264 explorer.exe 04.08.2004 08:57 50.688 twain_32.dll -------------------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 483C-3C44 Verzeichnis von C:\ 04.11.2005 18:10 0 sys.txt 04.11.2005 18:10 8.272 system.txt 04.11.2005 18:10 491 systemtemp.txt 04.11.2005 18:09 103.664 system32.txt 04.11.2005 17:38 805.306.368 pagefile.sys 04.11.2005 14:25 1.348 smitfiles.txt 01.11.2005 14:03 211 boot.ini 01.11.2005 13:50 47.564 NTDETECT.COM 01.11.2005 13:50 251.184 ntldr 26.09.2005 15:14 1.159 _Sid.txt 19.09.2005 16:41 0 IO.SYS 19.09.2005 16:41 0 CONFIG.SYS 19.09.2005 16:41 0 AUTOEXEC.BAT 19.09.2005 16:41 0 MSDOS.SYS 18.08.2001 13:00 4.952 bootfont.bin 15 Datei(en) 805.725.213 Bytes 0 Verzeichnis(se), 11.362.889.728 Bytes frei ---------------------------------------------------------------------- Silentrunner "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "wininet.dll" = "mscornet.exe" [null data] "nvctrl.exe" = "nvctrl.exe" [null data] "kernel32.dll" = "C:\WINDOWS\system32\mssearchnet.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "anvshell" = "anvshell.exe" ["AsusTeK Computer Inc."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"] "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."] "AVGCtrl" = "C:\Programme\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"] "Zone Labs Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs Inc."] "LWBMOUSE" = "C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [empty string] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "SunJavaUpdateSched" = "D:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."] "HP Software Update" = ""D:\Programme\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"] "HP Component Manager" = ""C:\Programme\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "iTunesHelper" = ""E:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "dflnl.exe" = "C:\WINDOWS\system32\dflnl.exe" [file not found] "THGuard" = ""D:\Programme\TrojanHunter 3.9\THGuard.exe"" ["Mischel Internet Security"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd}\(Default) = "HomepageBHO" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hp49E0.tmp" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "E:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.9\contmenu.dll" [null data] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.9\contmenu.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.9\contmenu.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.9\contmenu.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Andreas Fischer" & "All Users" startup folders: ----------------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "HP Digital Imaging Monitor" -> shortcut to: "D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "HP Image Zone Schnellstart" -> shortcut to: "D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data] "Microsoft Office" -> shortcut to: "D:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] ASUSKeyboardService, ASUSKeyboardService, "C:\WINDOWS\asuskbservice.exe" ["ASUSTeK COMPUTER INC."] iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt10\Driver = "hpzsnt10.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 37 seconds, including 15 seconds for message boxes) --------------------------------------------------------------------- Blacklight 11/04/05 18:05:08 [Info]: BlackLight Engine 1.0.25 initialized 11/04/05 18:05:08 [Info]: OS: 5.1 build 2600 (Service Pack 2) 11/04/05 18:05:09 [Note]: 4019 4 11/04/05 18:05:09 [Note]: 4005 0 11/04/05 18:05:19 [Note]: 4006 0 11/04/05 18:05:19 [Note]: 4011 1640 11/04/05 18:05:20 [Note]: FSRAW library version 1.7.1013 11/04/05 18:06:27 [Note]: 4007 0 ---------------------------------------------------------------------- Das müsste alles gewesen sein. Danke übrigens, dass du mir hilfst
|
|
|
|
|
|
|
04.11.2005, 18:21
Ehrenmitglied
Beiträge: 29434 |
#14
Ich arbeite das heute abend ab...jetzt geht es nicht...
aber inzwischen kannst du schon mit kaspersky scannen und den Scanreport posten http://virus-protect.org/onlinescan.html das muss gleoscht werden: Verzeichnis von C:\WINDOWS\system32\ KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\ncompat.tlb C:\WINDOWS\system32\msvol.tlb C:\WINDOWS\system32\hp49E0.tmp C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\vsconfig.xml C:\WINDOWS\system32\d7493.tmp C:\WINDOWS\system32\hp787B.tmp C:\WINDOWS\system32\hp7F80.tmp C:\WINDOWS\system32\hp7E86.tmp C:\WINDOWS\system32\hp92.tmp C:\WINDOWS\system32\hp7AAE.tmp C:\WINDOWS\system32\ts.ico C:\WINDOWS\system32\ot.ico C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\system32\wpa.dbl C:\WINDOWS\system32\pupdwxp.log C:\WINDOWS\system32\mscornet.exe C:\WINDOWS\warnhp.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.11.2005, 18:29
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
- » Warning! Your computer might be infected with spyware or adware !!!
- » Warning! Your Computer might be infected with spyware or adware...
- » "Warning! Your Computer might be infected with spyware or adware!
- » Warning: Your Computer might be infected with spyware.."
- » Warning: your computer might be infected with spyware...
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
also ich weiss dass dieser "fehler" schon des öfteren aufgetreten ist, aber ich wusste ned sicher ob ich es nach dem gleichen schema beheben kann wie in den anderen threads beschrieben wurde...
1. falls ja: ...bitte einfach sagen dann les ich es da nach und ihr könnt euch die viele arbeit sparen.
2. falls nein: ...wäre ich sehr dankbar über jede art von hilfe!
hab schon mit virenscanner (mc affee) gesucht und anbei noch n hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 22:55:35, on 27.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Mc Afee\Avsynmgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
D:\Programme\Mc Afee\VsStat.exe
D:\Programme\Mc Afee\Vshwin32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
D:\Programme\Mc Afee\Avconsol.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe
D:\PROGRA~1\HP\AiO\Shared\Bin\hpoevm07.exe
D:\Programme\HP\AiO\Shared\bin\hpOSTS07.exe
D:\Programme\HP\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\Gemeinsame Dateien\Network Associates\On Demand Scanner\Scan32\SCAN32.EXE
D:\Programme\ICQ\ICQLite.exe
D:\Programme\Winamp\Winamp.exe
D:\PROGRA~1\FIREFOX\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\-Felix-\LOKALE~1\Temp\Rar$EX00.625\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packetnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\System32\hp92D5.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Treiber\SoundBlaster\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ObjectDock] -
O4 - HKCU\..\Run: [WinRoll] -
O4 - HKCU\..\Run: [Yz Shadow] -
O4 - HKCU\..\Run: [AtiTrayTools] D:\Programme\Omega\ATI Tray Tools\atitray.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQ\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Office 2000\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\-Felix-\Startmenü\Programme\IMVU\Run IMVU.lnk
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O18 - Protocol: bw+0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\Programme\Mc Afee\Avsynmgr.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - Unknown owner - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - D:\Programme\Speed Manager\tsmsvc.exe
Virenscanner gesucht und folgendes gelöscht:
27.10.2005 19:55 Scan Settings FELIX\-Felix- Scan targets
27.10.2005 19:55 Scan Settings FELIX\-Felix- C:\
27.10.2005 19:57 Trojan FELIX\-Felix- C:\WINDOWS\system32\1024\ld256B.tmp QDial-34 (Removable)
27.10.2005 19:57 Deleted FELIX\-Felix- C:\WINDOWS\system32\1024\ld256B.tmp
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\getaccess.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\getaccess.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\insecureclassloader.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\insecureclassloader.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\dummy.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\dummy.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\installer.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\installer.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\blackbox.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\blackbox.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\vb.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\vb.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\dummy.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\dummy.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\beyond.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\beyond.class
27.10.2005 20:09 Scan Summary FELIX\-Felix- Scan Summary
27.10.2005 20:09 Scan Summary FELIX\-Felix- Memory scan : No Viruses Found
27.10.2005 20:09 Scan Summary FELIX\-Felix- Boot sectors scanned : 1
27.10.2005 20:09 Scan Summary FELIX\-Felix- Boot sectors infected : 0
27.10.2005 20:09 Scan Summary FELIX\-Felix- Boot sectors cleaned : 0
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files scanned : 52338
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files infected : 9
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files cleaned : 0
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files deleted : 9
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files moved : 0
bin wie gesagt sehr dankbar für schnelle hilfe...
mfg
felix