Warning: your computer might be infected with spyware... |
||
---|---|---|
#0
| ||
04.11.2005, 15:50
...neu hier
Beiträge: 3 |
||
|
||
04.11.2005, 18:51
Moderator
Beiträge: 7805 |
#2
Bei dir herscht etwas Chaos. Sprich es gibt viel was halbherzig gereinigt wurde. Ich kann mir schon vorstellen, das dein Rechner zur Zeit deshalb etwas durcheinander ist.
Vieleicht reicht das entfernen folgender Dinge ja, aber ich wuerde doch eher zu neu aufsetzen raten. Kopiere Hijackthis bitte in einen extra Ordner und fie das(anhaken und fix checked druecken) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll (file missing) O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://www2.service.t-online.de/dyn/c/23/34/15/2334156.html O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Programme\Norton Internet Security\ISSVC.exe (file missing) O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Unknown owner - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe schaue, ob du unter Software noch Symantec oder Norton Eintraege finden kannst, die du noh deinstalliert bekommst. Nachtrag: Bist du wirklich auf "Google Desktop Search" angewiesen? Also hier at das auf einen Rechner nicht viel gebracht, ausser, das die Performance total in dn Keller gegangen ist. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
04.11.2005, 20:02
...neu hier
Themenstarter Beiträge: 3 |
#3
So, hab ich gemacht.
Kein weiterer Eintrag für Norton in Software zu finden. Sicher, kann ich auf "Google Desktop Search" verzichten, wenn der PC nur wieder sicher läuft. Hier das neue Log. Logfile of HijackThis v1.99.1 Scan saved at 19:40:14, on 04.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Mozilla Firefox\firefox.exe C:\totalcmd\TOTALCMD.EXE C:\DOKUME~1\Siegmar\LOKALE~1\Temp\$wc\HIJACK~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O17 - HKLM\System\CCS\Services\Tcpip\..\{AE60CE46-C8A7-4F46-9B82-19496EE1E875}: NameServer = 217.237.150.33 217.237.151.161 O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Programme\Norton Internet Security\ISSVC.exe (file missing) O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Hab aber auch noch weitere Probleme. Dafür ein Virusscan von Escan. Ich glaube, das ist sehr beeindruckend. Mich hats ganz schön erschreckt. Neu aufsetzen wäre für mich die schlechtere Lösung. Hab nach 2 Umzügen die CD oder DVD (weiß noch nicht mal mehr das), die es zum Computer gab, aus den Augen verloren. -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: -------------------- INFECTED -------------------- 2: 1: Fri Nov 04 16:47:06 2005 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. 3: 2: Fri Nov 04 16:47:06 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. 4: 3: Fri Nov 04 16:47:06 2005 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken. 5: 4: Fri Nov 04 16:47:07 2005 => Offending file found: C:\WINDOWS\TEMP\nis\support\helpmsi\external\disable.dll 6: 5: Fri Nov 04 16:47:07 2005 => System found infected with clientman Spyware/Adware (disable.dll)! Action taken: No Action Taken. 7: 6: Fri Nov 04 16:47:10 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temp\nav\support\help\external\common\symshare\help\disable.dll 8: 7: Fri Nov 04 16:47:10 2005 => System found infected with clientman Spyware/Adware (disable.dll)! Action taken: No Action Taken. 9: 8: Fri Nov 04 16:47:10 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temp\nis\support\helpmsi\external\disable.dll 10: 9: Fri Nov 04 16:47:10 2005 => System found infected with clientman Spyware/Adware (disable.dll)! Action taken: No Action Taken. 11: 10: Fri Nov 04 16:47:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temporary internet files\content.ie5\0x234123\common[1].js 12: 11: Fri Nov 04 16:47:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 13: 12: Fri Nov 04 16:47:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temporary internet files\content.ie5\89a78deb\common[1].js 14: 13: Fri Nov 04 16:47:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 15: 14: Fri Nov 04 16:47:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temporary internet files\content.ie5\gdifkhin\common[1].js 16: 15: Fri Nov 04 16:47:14 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 17: 16: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\temporary internet files\content.ie5\olmrspuv\common[1].js 18: 17: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 19: 18: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\Temporary Internet Files\content.ie5\0x234123\common[1].js 20: 19: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 21: 20: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\Temporary Internet Files\content.ie5\89a78deb\common[1].js 22: 21: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 23: 22: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\Temporary Internet Files\content.ie5\gdifkhin\common[1].js 24: 23: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 25: 24: Fri Nov 04 16:47:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Siegmar\Lokale Einstellungen\Temporary Internet Files\content.ie5\olmrspuv\common[1].js 26: 25: Fri Nov 04 16:47:15 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. 27: 26: Fri Nov 04 16:47:16 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client\settings.dat 28: 27: Fri Nov 04 16:47:16 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. 29: 28: Fri Nov 04 16:47:16 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client(3)\settings.dat 30: 29: Fri Nov 04 16:47:16 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. 31: 30: Fri Nov 04 16:47:16 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client(4)\settings.dat 32: 31: Fri Nov 04 16:47:16 2005 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken. 33: 30: Fri Nov 04 16:47:16 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\symantec\common client(4)\settings.dat 34: 32: Fri Nov 04 16:48:41 2005 => File C:\WINDOWS\system32\mscornet.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken. 35: 33: Fri Nov 04 16:48:46 2005 => File C:\WINDOWS\system32\mssearchnet.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken. 36: 34: Fri Nov 04 16:48:53 2005 => File C:\WINDOWS\system32\nvctrl.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 37: 35: Fri Nov 04 16:56:42 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 38: 36: Fri Nov 04 17:14:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP103\A0060767.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 39: 37: Fri Nov 04 17:14:12 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP103\A0062767.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 40: 38: Fri Nov 04 17:14:13 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0062783.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 41: 39: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063226.exe infected by "not-virus:Hoax.Win32.Renos.b" Virus! Action Taken: No Action Taken. 42: 40: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063237.exe infected by "not-virus:Hoax.Win32.Renos.b" Virus! Action Taken: No Action Taken. 43: 41: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063241.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 44: 42: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063242.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken. 45: 43: Fri Nov 04 17:14:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063243.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. 46: 44: Fri Nov 04 17:14:52 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063411.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken. 47: 45: Fri Nov 04 17:14:52 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063412.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 48: 46: Fri Nov 04 17:14:52 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063413.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken. 49: 47: Fri Nov 04 17:15:17 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063789.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 50: 48: Fri Nov 04 17:15:20 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063899.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 51: 49: Fri Nov 04 17:15:20 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063907.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 52: 50: Fri Nov 04 17:15:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063913.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 53: 51: Fri Nov 04 17:15:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063925.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 54: 52: Fri Nov 04 17:15:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0064925.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 55: 53: Fri Nov 04 17:15:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0064939.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 56: 54: Fri Nov 04 17:15:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0065934.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken. 57: 55: Fri Nov 04 17:15:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0065939.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 58: 56: Fri Nov 04 17:15:23 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0065956.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 59: 57: Fri Nov 04 17:15:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066345.exe infected by "not-virus:Hoax.Win32.Renos.b" Virus! Action Taken: No Action Taken. 60: 58: Fri Nov 04 17:15:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066348.exe infected by "not-virus:Hoax.Win32.Renos.b" Virus! Action Taken: No Action Taken. 61: 59: Fri Nov 04 17:15:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066352.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 62: 60: Fri Nov 04 17:15:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066353.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken. 63: 61: Fri Nov 04 17:16:01 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066764.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 64: 62: Fri Nov 04 17:16:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066788.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken. 65: 63: Fri Nov 04 17:16:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066789.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 66: 64: Fri Nov 04 17:16:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066790.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken. 67: 65: Fri Nov 04 17:16:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066801.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken. 68: 66: Fri Nov 04 17:16:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066802.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 69: 67: Fri Nov 04 17:16:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066803.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken. 70: 68: Fri Nov 04 17:16:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066829.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken. 71: 69: Fri Nov 04 17:16:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066830.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 72: 70: Fri Nov 04 17:16:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066831.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken. 73: 71: Fri Nov 04 17:16:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0069085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 74: 72: Fri Nov 04 17:16:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0070085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 75: 73: Fri Nov 04 17:16:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0071085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 76: 74: Fri Nov 04 17:16:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0072085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 77: 75: Fri Nov 04 17:16:26 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0073085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 78: 76: Fri Nov 04 17:16:26 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0074085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 79: 77: Fri Nov 04 17:16:27 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0075085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 80: 78: Fri Nov 04 17:16:27 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0076085.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 81: 79: Fri Nov 04 17:16:28 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP109\A0076101.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 82: 80: Fri Nov 04 17:18:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP112\A0080037.tlb infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 83: 81: Fri Nov 04 17:18:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP112\A0080038.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. 84: 82: Fri Nov 04 17:37:25 2005 => File C:\WINDOWS\system32\mscornet.exe infected by "Trojan-Dropper.Win32.Agent.zv" Virus! Action Taken: No Action Taken. 85: 83: Fri Nov 04 17:37:29 2005 => File C:\WINDOWS\system32\mssearchnet.exe infected by "Trojan-Downloader.Win32.Zlob.ap" Virus! Action Taken: No Action Taken. 86: 84: Fri Nov 04 17:37:34 2005 => File C:\WINDOWS\system32\nvctrl.exe infected by "Trojan.Win32.StartPage.afj" Virus! Action Taken: No Action Taken. -------------------------------------------------- -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\WINDOWS\system32\mscornet.exe => Trojan-Dropper.Win32.Agent.zv 2: C:\WINDOWS\system32\mssearchnet.exe => Trojan-Downloader.Win32.Zlob.ap 3: C:\WINDOWS\system32\nvctrl.exe => Trojan.Win32.StartPage.afj 4: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP103\A0060767.tlb => Trojan.Win32.StartPage.afj 5: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP103\A0062767.tlb => Trojan.Win32.StartPage.afj 6: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0062783.tlb => Trojan.Win32.StartPage.afj 7: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063226.exe => not-virus:Hoax.Win32.Renos.b 8: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063237.exe => not-virus:Hoax.Win32.Renos.b 9: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063241.exe => Trojan.Win32.Small.ev 10: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063242.exe => Trojan-Downloader.Win32.Small.vu 11: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063243.dll => Trojan.Win32.Promoter.c 12: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063411.exe => Trojan-Downloader.Win32.Zlob.ap 13: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063412.exe => Trojan.Win32.StartPage.afj 14: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP104\A0063413.exe => Trojan-Dropper.Win32.Agent.zv 15: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063789.tlb => Trojan.Win32.StartPage.afj 16: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063899.tlb => Trojan.Win32.StartPage.afj 17: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063907.exe => Trojan.Win32.StartPage.afj 18: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063913.tlb => Trojan.Win32.StartPage.afj 19: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0063925.tlb => Trojan.Win32.StartPage.afj 20: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0064925.tlb => Trojan.Win32.StartPage.afj 21: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0064939.tlb => Trojan.Win32.StartPage.afj 22: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0065934.exe => Trojan-Downloader.Win32.Small.vu 23: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP105\A0065939.tlb => Trojan.Win32.StartPage.afj 24: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0065956.tlb => Trojan.Win32.StartPage.afj 25: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066345.exe => not-virus:Hoax.Win32.Renos.b 26: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066348.exe => not-virus:Hoax.Win32.Renos.b 27: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066352.exe => Trojan.Win32.Small.ev 28: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066353.dll => Trojan.Win32.Promoter.c 29: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066764.exe => Trojan.Win32.StartPage.afj 30: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066788.exe => Trojan-Downloader.Win32.Zlob.ap 31: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066789.exe => Trojan.Win32.StartPage.afj 32: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066790.exe => Trojan-Dropper.Win32.Agent.zv 33: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066801.exe => Trojan-Downloader.Win32.Zlob.ap 34: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066802.exe => Trojan.Win32.StartPage.afj 35: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP106\A0066803.exe => Trojan-Dropper.Win32.Agent.zv 36: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066829.exe => Trojan-Downloader.Win32.Zlob.ap 37: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066830.exe => Trojan.Win32.StartPage.afj 38: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0066831.exe => Trojan-Dropper.Win32.Agent.zv 39: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0069085.tlb => Trojan.Win32.StartPage.afj 40: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0070085.tlb => Trojan.Win32.StartPage.afj 41: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0071085.tlb => Trojan.Win32.StartPage.afj 42: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0072085.tlb => Trojan.Win32.StartPage.afj 43: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0073085.tlb => Trojan.Win32.StartPage.afj 44: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0074085.tlb => Trojan.Win32.StartPage.afj 45: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0075085.tlb => Trojan.Win32.StartPage.afj 46: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP108\A0076085.tlb => Trojan.Win32.StartPage.afj 47: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP109\A0076101.tlb => Trojan.Win32.StartPage.afj 48: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP112\A0080037.tlb => Trojan.Win32.StartPage.afj 49: C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP112\A0080038.exe => Trojan.Win32.StartPage.afj -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Fri Nov 04 17:42:35 2005 => Total Objects Scanned: 119447 Fri Nov 04 17:42:35 2005 => Total Virus(es) Found: 69 Fri Nov 04 17:42:35 2005 => Total Errors: 768 Fri Nov 04 17:42:35 2005 => Virus Database Date: 2005/11/04 Fri Nov 04 17:42:35 2005 => Virus Database Count: 158165 Fri Nov 04 17:49:34 2005 => Total Objects Scanned: 119447 Fri Nov 04 17:49:34 2005 => Total Virus(es) Found: 69 Fri Nov 04 17:49:34 2005 => Total Errors: 768 Vielen Dank erstmal für die ersten Schritte. Gruss, Siegmar |
|
|
||
04.11.2005, 20:33
Moderator
Beiträge: 7805 |
#4
Na sieh an. ich hoffe escancheck hat die Dateien nun geloescht. Nicht vergessen das zu fixen( am besten im abgesicherten Modus):
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Programme\Norton Internet Security\ISSVC.exe (file missing) O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing) Wie gesagt, richtig Rund werden wir es wohl nicht zum Laufen bekommen. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
04.11.2005, 21:12
...neu hier
Themenstarter Beiträge: 3 |
#5
Hallo Ralf,
Gelöscht hab ich die Trojaner. Kann immer noch nicht SP2 mit IE runterladen. Hab grade auch noch festgestellt, dass sich, wie beim IE (wenn ich die Microsoftseite aufrufe) auch die Systemwiederherstellung nur als Rahmen aufbaut ohne die Funktionen anzuzeigen. Wenn ich mich jetzt doch zum neu aufsetzen entschließe, wo kann ich da Infos bekommen, wie man das macht? Irgendeine Anleitung, die Idoit ist. Für die Hilfe jedenfalls vielen Dank. Guss, Siegmar |
|
|
||
04.11.2005, 21:37
Ehrenmitglied
Beiträge: 6028 |
#6
Mach ein Onlinescan bei Panda und poste das log
http://www.pandasoftware.com/products/activescan.htm Danach ein scan mit Ewido Security Suite und poste das log http://virus-protect.org/ewido.html Es gibt noch ein Tool aber man sollte es nicht zusammen mit Microsoft AntiSpyware benutzen! CounterSpy http://virus-protect.org/counterspy.html __________ MfG Argus |
|
|
||
04.11.2005, 21:40
Moderator
Beiträge: 7805 |
#7
Ja, es gibt reichlich tipps, wie man neu aufsetzen kann. z.B.
http://board.protecus.de/t13020.htm http://cidres-security.de/neuaufsetzen.html und andere Achja, das sp2 kannst du nicht herunterladen, da du es shon instaliert hast! __________ MfG Ralf SEO-Spam Hunter |
|
|
||
Habe die Meldung aus dem Titel auf meinem Bildschirm gehabt und in Panik viele Sachen gemacht, die den PC volkommen lahmlegten.
Ein Freund hat ihn wenigstens wieder zum Laufen gebracht.
Ich kann aber nicht das SP2 über den IE runterladen. Der IE hat zwar die
Verbindung zu Microsoft, aber zeigt dann nichts mehr an.
Die Suche-Funktion aus rechte-Maustaste-Start erstellt zwar den Rahmen, aber die Funktionen erscheinen nicht.
Ausserdem habe ich die Datei mssearchnet.exe unter dem Pfad c:/windows/system32.
Soviel erstmal zu meinen Problemen.
Logfile of HijackThis v1.99.1
Scan saved at 15:37:54, on 04.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOKUME~1\Siegmar\LOKALE~1\Temp\Temporäres Verzeichnis 4 für hijackthis_199.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://www2.service.t-online.de/dyn/c/23/34/15/2334156.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE60CE46-C8A7-4F46-9B82-19496EE1E875}: NameServer = 217.237.150.33 217.237.151.161
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Unknown owner - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Programme\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Für Hilfe vielen Dank im Voraus.
Grüsse