Pop Up problem! |
||
|---|---|---|
| #0
| ||
|
07.11.2005, 08:44
Member
Beiträge: 28 |
||
 
|
|
|
|
07.11.2005, 12:22
Ehrenmitglied
 Beiträge: 29434 |
#2
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+ Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flirtparadieso.de:9091/servlet/jfchat;jsessionid=15AC828517806F02D5B0AF2673BE85BE?showhtml=start&design=0 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun O4 - HKCU\..\Run: [burn bib] C:\DOKUME~1\C4F9A~1.MAR\ANWEND~1\GRIDBY~1\readme wait.exe neustarten loeschen: C:\Dokumente und Einstellungen\\C4F9A~1.MAR\Anwendungsdaten\GRIDBY..... CCleaner http://www.ccleaner.com/ccdownload.asp lösche alle temp-Dateien  dann scanne mit escan (das Tool findet die restliche Dateien der http://virus-protect.org/escan.html LOP-Verseuchung)--> loesche alles. wenn das erledigt ist: Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: dir %Windir%\tasks /a h > files.txt notepad files.txt - Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.11.2005, 14:37
Member
Themenstarter Beiträge: 28 |
#3
ok hab alles gemacht hier der text :
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2826-A49A Verzeichnis von C:\WINDOWS\tasks 03.03.2005 14:51 <DIR> . 03.03.2005 14:51 <DIR> .. 18.08.2001 13:00 65 desktop.ini 07.11.2005 12:37 6 SA.DAT 07.11.2005 14:00 272 B6EDF8709FB66C48.job 3 Datei(en) 343 Bytes Verzeichnis von C:\Dokumente und Einstellungen\C.Marx\Desktop |
|
|
|
|
|
|
07.11.2005, 14:39
Ehrenmitglied
Beiträge: 29434 |
#4
Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:
%systemdrive% cd C:\WINDOWS\Tasks attrib -r -s -h B6EDF8709FB66C48.job del B6EDF8709FB66C48.job - Speichern als: remjob.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.11.2005, 14:43
Member
Themenstarter Beiträge: 28 |
#5
Logfile of HijackThis v1.99.1
Scan saved at 14:43:19, on 07.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\System32\svchost.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Teamspeak2_RC2\TeamSpeak.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\LeechFTP\Leechftp.exe C:\Programme\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe D:\Programme\Valve\Steam\Steam.exe C:\Programme\Opera\Opera.exe D:\some stuff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flirtparadieso.de:9091/servlet/jfchat;jsessionid=15AC828517806F02D5B0AF2673BE85BE?showhtml=start&design=0 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [burn bib] C:\DOKUME~1\C4F9A~1.MAR\ANWEND~1\GRIDBY~1\readme wait.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124533046075 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6580081A-64FE-4243-BC81-B356BE1AA0B5}: NameServer = 217.237.149.225 217.237.151.97 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe |
|
|
|
|
|
|
07.11.2005, 14:55
Ehrenmitglied
Beiträge: 29434 |
#6
fixe mit dem HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flirtparadieso.de:9091/servlet/jfchat;jsessionid=15AC828517806F02D5B0AF2673BE85BE?showhtml=start&design=0 O4 - HKCU\..\Run: [burn bib] C:\DOKUME~1\C4F9A~1.MAR\ANWEND~1\GRIDBY~1\readme wait.exe PC neustarten und poste das Log vom HijackThis noch mal __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.11.2005, 15:10
Member
Themenstarter Beiträge: 28 |
#7
Logfile of HijackThis v1.99.1
Scan saved at 15:09:32, on 07.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\System32\svchost.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Teamspeak2_RC2\TeamSpeak.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe D:\Programme\Valve\Steam\Steam.exe C:\Programme\Opera\Opera.exe D:\some stuff\Gravity\RO\GreatRO 3.exe D:\some stuff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flirtparadieso.de:9091/servlet/jfchat;jsessionid=15AC828517806F02D5B0AF2673BE85BE?showhtml=start&design=0 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124533046075 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6580081A-64FE-4243-BC81-B356BE1AA0B5}: NameServer = 217.237.149.225 217.237.151.97 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe das mit flirtparadieso is kein prob ( pop ups kommen immernoch) Dieser Beitrag wurde am 07.11.2005 um 15:52 Uhr von KillerGurke editiert.
|
|
|
|
|
|
|
07.11.2005, 15:58
Ehrenmitglied
Beiträge: 29434 |
#8
der PC ist noch nicht sauber,
Sollte abschließend ein erneuter Scan mit eScan durchgeführt werden, dann ist es zwingend notwendig, daß die 'mwav.log' zuvor gelöscht wird, da diese nicht überschrieben, sondern nur erweitert wird! dann scanne noch mal und poste den scanreport TAGGED ERRORS FILES ADDED TO DELETE http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.11.2005, 18:09
Member
Themenstarter Beiträge: 28 |
#9
--------------------------------------------------
-------------------- INFECTED -------------------- -------------------------------------------------- 1: Mon Nov 07 16:16:18 2005 => System found infected with edonkey2000 Spyware/Adware ({320154bb-d666-48f6-990e-172b32954620})! Action taken: No Action Taken. 2: Mon Nov 07 16:16:20 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. 3: Mon Nov 07 16:16:35 2005 => Offending file found: C:\Dokumente und Einstellungen\C.Marx\Lokale Einstellungen\temporary internet files\content.ie5\u1qrs5qv\adsend[1].js 4: Mon Nov 07 16:16:35 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken. 5: Mon Nov 07 16:16:35 2005 => Offending file found: C:\Dokumente und Einstellungen\C.Marx\Lokale Einstellungen\temporary internet files\content.ie5\k345unwf\adswrapper[1].js 6: Mon Nov 07 16:16:35 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. 7: Mon Nov 07 16:16:35 2005 => Offending file found: C:\Dokumente und Einstellungen\C.Marx\Lokale Einstellungen\Temporary Internet Files\content.ie5\u1qrs5qv\adsend[1].js 8: Mon Nov 07 16:16:35 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken. 9: Mon Nov 07 16:16:35 2005 => Offending file found: C:\Dokumente und Einstellungen\C.Marx\Lokale Einstellungen\Temporary Internet Files\content.ie5\k345unwf\adswrapper[1].js 10: Mon Nov 07 16:16:35 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken. 11: Mon Nov 07 16:50:22 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 12: Mon Nov 07 17:31:55 2005 => Scanning File D:\stuff\starcraftbroodwarv1.12crackinfected.zip -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Mon Nov 07 16:15:55 2005 => File c:\dokume~1\c4f9a~1.mar\anwend~1\gridby~1\readme~1.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 2: Mon Nov 07 16:16:07 2005 => File C:\DOKUME~1\C4F9A~1.MAR\ANWEND~1\GRIDBY~1\README~1.EXE tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 3: Mon Nov 07 16:42:56 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\global move readme atom\Bait Default.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 4: Mon Nov 07 16:44:41 2005 => File C:\Dokumente und Einstellungen\C.Marx\Anwendungsdaten\GRID BYTE\dbbvblzi.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 5: Mon Nov 07 16:44:42 2005 => File C:\Dokumente und Einstellungen\C.Marx\Anwendungsdaten\GRID BYTE\Viewforblah.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 6: Mon Nov 07 16:44:42 2005 => File C:\Dokumente und Einstellungen\C.Marx\Anwendungsdaten\CREATIVEINTERHELP\Comp cdrom.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 7: Mon Nov 07 16:59:41 2005 => File C:\Programme\NetPumper\ZM\NP_0086_1.exe tagged as "not-a-virus:AdWare.Win32.Lop.ai". Action Taken: No Action Taken. 8: Mon Nov 07 17:23:54 2005 => File D:\some stuff\backups\backup-20051107-063436-768.dll tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken. 9: Mon Nov 07 17:48:04 2005 => File D:\System Volume Information\_restore{0D44C218-C6FA-4AD9-AE64-A9AFC8AFECC5}\RP53\A0045431.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. 10: Mon Nov 07 17:48:07 2005 => File D:\System Volume Information\_restore{0D44C218-C6FA-4AD9-AE64-A9AFC8AFECC5}\RP53\A0045432.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Mon Nov 07 16:16:13 2005 => ERROR!!! Invalid Entry \??\D:\stuff\Gravity\RO\npkcrypt.sys in SYSTEM\CurrentControlSet\Services\npkcrypt... 2: Mon Nov 07 16:16:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\C&C\generals.exe". Action Taken: No Action Taken. 3: Mon Nov 07 16:16:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken. 4: Mon Nov 07 16:16:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Chess.ocx". Action Taken: No Action Taken. 5: Mon Nov 07 16:16:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\zero hour\generals.exe". Action Taken: No Action Taken. 6: Mon Nov 07 16:16:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\BF1942.exe" refers to invalid object "C:\Programme\EA GAMES\Battlefield 1942\BF1942.exe". Action Taken: No Action Taken. 7: Mon Nov 07 16:16:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "D:\Programme\bf\YourApp.exe". Action Taken: No Action Taken. 8: Mon Nov 07 16:16:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PostgreSQL 8.0-beta2-dev3\Documentation\". Action Taken: No Action Taken. 9: Mon Nov 07 16:16:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PostgreSQL 8.0-beta2-dev3\". Action Taken: No Action Taken. 10: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\swat4\Content\". Action Taken: No Action Taken. 11: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\swat4\Content\System\". Action Taken: No Action Taken. 12: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\C&C\UserData\Maps\". Action Taken: No Action Taken. 13: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\C&C\UserData\". Action Taken: No Action Taken. 14: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\C&C\Data\". Action Taken: No Action Taken. 15: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\C&C\support\". Action Taken: No Action Taken. 16: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\C&C\Data\Scripts\". Action Taken: No Action Taken. 17: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\C&C\Data\Cursors\". Action Taken: No Action Taken. 18: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\C&C\Data\WaterPlane\". Action Taken: No Action Taken. 19: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\C&C\MSS\". Action Taken: No Action Taken. 20: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\Data\INI\". Action Taken: No Action Taken. 21: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\Data\". Action Taken: No Action Taken. 22: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\Data\Scripts\". Action Taken: No Action Taken. 23: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\support\". Action Taken: No Action Taken. 24: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\Data\Cursors\". Action Taken: No Action Taken. 25: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\Data\Movies\". Action Taken: No Action Taken. 26: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\Data\WaterPlane\". Action Taken: No Action Taken. 27: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\MSS\". Action Taken: No Action Taken. 28: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\Data\English\Movies\". Action Taken: No Action Taken. 29: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Programme\zero hour\Data\English\". Action Taken: No Action Taken. 30: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".8". Action Taken: No Action Taken. 31: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken. 32: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/upload_files/". Action Taken: No Action Taken. 33: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/upload_files/admin/". Action Taken: No Action Taken. 34: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/upload_files/content/". Action Taken: No Action Taken. 35: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/upload_files/images/". Action Taken: No Action Taken. 36: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".de/upload_files/login/". Action Taken: No Action Taken. 37: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: No Action Taken. 38: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ppj". Action Taken: No Action Taken. 39: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r41". Action Taken: No Action Taken. 40: Mon Nov 07 16:16:40 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. 41: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4E9C3F2D-C654-453E-B1AD-9F231905A50D}". Action Taken: No Action Taken. 42: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300816}". Action Taken: No Action Taken. 43: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9C2EDC9C-EF3B-443A-BB2C-3488DAC7247E}". Action Taken: No Action Taken. 44: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A27F2A64-3D23-4449-B395-75335CED458E}". Action Taken: No Action Taken. 45: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}". Action Taken: No Action Taken. 46: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B13A7C41581B411290FBC0395694E2A9}". Action Taken: No Action Taken. 47: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B2581F43-F400-4335-8AA6-9F163564ABCE}". Action Taken: No Action Taken. 48: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F804C9A8-B5F7-4855-9B8E-F4C036AF77F5}". Action Taken: No Action Taken. 49: Mon Nov 07 16:16:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FB015BB0-5518-4767-9DE4-F9A5C7C62E46}". Action Taken: No Action Taken. 50: Mon Nov 07 16:16:41 2005 => Entry "HKCR\CLSID\{1440AD10-6AA8-11D1-B6F9-00A024DDAFD1}" refers to invalid object "D:\Programme\cc\blowfish.dll". Action Taken: No Action Taken. 51: Mon Nov 07 16:16:42 2005 => Entry "HKCR\CLSID\{310E42A0-F913-11D4-887C-006008DC5C26}" refers to invalid object "C:\WINDOWS\system32\Divxdec.ax". Action Taken: No Action Taken. 52: Mon Nov 07 16:16:43 2005 => Entry "HKCR\CLSID\{724bb6a4-e526-450f-affa-ab9b45129111}" refers to invalid object "C:\WINDOWS\System32\wmv9dmod.dll". Action Taken: No Action Taken. 53: Mon Nov 07 16:16:44 2005 => Entry "HKCR\CLSID\{83E66439-05D5-488C-A236-AA20E543D384}" refers to invalid object "C:\WINDOWS\system32\Divxdec.ax". Action Taken: No Action Taken. 54: Mon Nov 07 16:16:44 2005 => Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\CmdLineExt02.dll". Action Taken: No Action Taken. 55: Mon Nov 07 16:16:45 2005 => Entry "HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}" refers to invalid object "C:\WINDOWS\system32\divxsm.exe". Action Taken: No Action Taken. 56: Mon Nov 07 16:16:45 2005 => Entry "HKCR\CLSID\{B45A4A81-86DA-11D1-B706-00A024DDAFD1}" refers to invalid object "D:\Programme\cc\game.exe". Action Taken: No Action Taken. 57: Mon Nov 07 16:16:47 2005 => Entry "HKCR\CLSID\{F802F260-519B-11D1-BB5D-0060974C6013}" refers to invalid object "C:\Programme\ICQ\ICQShExt.dll". Action Taken: No Action Taken. 58: Mon Nov 07 16:16:47 2005 => Entry "HKCR\TypeLib\{477B702C-7686-4490-BDD1-0E578E43674F}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 59: Mon Nov 07 16:16:47 2005 => Entry "HKCR\TypeLib\{54F76FB9-B3AA-461F-9585-A67F46F17FA3}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 60: Mon Nov 07 16:16:47 2005 => Entry "HKCR\TypeLib\{55CE3CC6-A164-4A27-BC44-55B3F76A9C33}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 61: Mon Nov 07 16:16:48 2005 => Entry "HKCR\TypeLib\{6DA60A4E-30BB-42BD-8B7A-80444A671358}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 62: Mon Nov 07 16:16:48 2005 => Entry "HKCR\TypeLib\{83E37DEF-F393-4B24-B8DB-933EECC03FB6}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 63: Mon Nov 07 16:16:48 2005 => Entry "HKCR\TypeLib\{9869EFA6-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\CmdLineExt02.dll". Action Taken: No Action Taken. 64: Mon Nov 07 16:16:48 2005 => Entry "HKCR\TypeLib\{9BA2E066-8EBE-45E3-99D4-290C28517F4D}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 65: Mon Nov 07 16:16:48 2005 => Entry "HKCR\TypeLib\{B45A4A80-86DA-11D1-B706-00A024DDAFD1}" refers to invalid object "D:\Programme\cc\RA2.TLB". Action Taken: No Action Taken. 66: Mon Nov 07 16:16:48 2005 => Entry "HKCR\TypeLib\{B46438E4-3A3A-403A-9D07-43A9F8E12889}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 67: Mon Nov 07 16:16:48 2005 => Entry "HKCR\TypeLib\{DA240C57-ADA4-4DEF-A1C9-9354BE8C8527}" refers to invalid object "C:\DOKUME~1\C4F9A~1.MAR\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 68: Mon Nov 07 16:16:48 2005 => Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "C:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken. 69: Mon Nov 07 16:16:48 2005 => Entry "HKCR\.cpg" refers to invalid object "StarEdit.Campaign". Action Taken: No Action Taken. 70: Mon Nov 07 16:16:48 2005 => Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken. 71: Mon Nov 07 16:16:48 2005 => Entry "HKCR\.scx" refers to invalid object "StarEdit.BWScenario". Action Taken: No Action Taken. 72: Mon Nov 07 16:16:49 2005 => Entry "HKCR\ChatFile\shell\open\command" refers to invalid object ""D:\mIRC\mirc.exe" -noconnect". Action Taken: No Action Taken. 73: Mon Nov 07 16:16:50 2005 => Entry "HKCR\irc\shell\open\command" refers to invalid object ""D:\mIRC\mirc.exe" -noconnect". Action Taken: No Action Taken. 74: Mon Nov 07 16:16:51 2005 => Entry "HKCR\Valve.Source\shell\open\command" refers to invalid object ""d:\steam-down\steamapps\rofl550\half-life 2\hl2.exe" "%1"". Action Taken: No Action Taken. 75: Mon Nov 07 16:42:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip is Not Scanned 76: Mon Nov 07 16:42:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip is Not Scanned 77: Mon Nov 07 16:42:52 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip is Not Scanned 78: Mon Nov 07 16:56:33 2005 => Result: ERROR!!! File C:\Programme\Cheating-Death\cdeath.exe is Not Scanned 79: Mon Nov 07 16:56:34 2005 => Result: ERROR!!! File C:\Programme\Cheating-Death\4.29.5\cd.dll is Not Scanned 80: Mon Nov 07 16:56:34 2005 => Result: ERROR!!! File C:\Programme\Cheating-Death\4.31.0\cd.dll is Not Scanned 81: Mon Nov 07 16:56:34 2005 => Result: ERROR!!! File C:\Programme\Cheating-Death\4.32.0\cd.dll is Not Scanned 82: Mon Nov 07 17:02:57 2005 => Result: ERROR!!! File D:\alte platte\  ool\cd-client-4_23_3-en.exe is Not Scanned83: Mon Nov 07 17:02:57 2005 => Result: ERROR!!! File D:\alte platte\ ool\cd-client-4_27_3-en.exe is Not Scanned84: Mon Nov 07 17:25:53 2005 => ERROR!!! FindFirstFile For D:\some stuff\Gravity\RO\data\sprite\??\*.* Failed!!! Reason is Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. (0x7b) 85: Mon Nov 07 17:25:53 2005 => ERROR!!! FindFirstFile For D:\some stuff\Gravity\RO\data\sprite\???\*.* Failed!!! Reason is Die Syntax für den Dateinamen, Verzeichnisnamen oder die Datenträgerbezeichnung ist falsch. (0x7b) 86: Mon Nov 07 17:28:44 2005 => Result: ERROR!!! File D:\some stuff\zeusch\Hentai stuff\pp.rar is Not Scanned 87: Mon Nov 07 17:30:05 2005 => Result: ERROR!!! File D:\some stuff\zeusch\opah\[ACID-HEAD] One piece\data\?????.exe: Scanning Failure!!! 88: Mon Nov 07 17:30:05 2005 => ERROR!!! ScanFile fails for D:\some stuff\zeusch\opah\[ACID-HEAD] One piece\data\?????.exe -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: D:\System Volume Information\_restore{0D44C218-C6FA-4AD9-AE64-A9AFC8AFECC5}\RP53\A0045431.exe => tagged:Client-IRC.Win32.mIRC.616. 2: D:\System Volume Information\_restore{0D44C218-C6FA-4AD9-AE64-A9AFC8AFECC5}\RP53\A0045432.exe => tagged:Client-IRC.Win32.mIRC.616. -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Mon Nov 07 17:49:08 2005 => Total Objects Scanned: 133162 Mon Nov 07 17:49:08 2005 => Total Virus(es) Found: 21 Mon Nov 07 17:49:09 2005 => Total Errors: 87 Mon Nov 07 17:49:09 2005 => Virus Database Date: 2005/11/07 Mon Nov 07 17:49:09 2005 => Virus Database Count: 158628 *hust* bissl viel trotz virenscanner up to date etc >_> |
|
|
|
|
|
|
07.11.2005, 18:16
Ehrenmitglied
Beiträge: 29434 |
#10
loesche:
C:\Dokumente und Einstellungen\C.Marx\Anwendungsdaten\GRID BYTE C:\Dokumente und Einstellungen\C.Marx\Anwendungsdaten\CREATIVEINTERHELP C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\global move readme atom NetPumper deinstallieren loeschen C:\Programme\NetPumper\ZM\NP_0086_1.exe CCleaner http://www.ccleaner.com/ccdownload.asp lösche alle temp-Dateien wenn das erledigt ist: findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.11.2005, 18:26
Member
Themenstarter Beiträge: 28 |
#11
ehm hab da nen prob.... C:\Dokumente und Einstellungen\C.Marx\Anwendungsdaten\GRID BYTE und C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\global move readme atom lassen sich nich löschen schreibschutz hab ich rausgemacht aber geht trotzdem nich was nun?
|
|
|
|
|
|
|
07.11.2005, 20:02
Ehrenmitglied
Beiträge: 29434 |
#12
loesche es im abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt)...melde dich als Administrator an
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.11.2005, 05:32
Member
Themenstarter Beiträge: 28 |
#13
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2826-A49A Verzeichnis von C:\WINDOWS\tasks 03.03.2005 14:51 <DIR> . 03.03.2005 14:51 <DIR> .. 18.08.2001 13:00 65 desktop.ini 08.11.2005 05:29 6 SA.DAT 2 Datei(en) 71 Bytes Verzeichnis von C:\Dokumente und Einstellungen\C.Marx\Desktop |
|
|
|
|
|
|
08.11.2005, 10:58
Ehrenmitglied
Beiträge: 29434 |
#14
nun poste das neue log vom HijackTHis...wenn die Startseite in Ordnung ist....ist der PC sauber
 Und verzichte in Zukunft auf Netpumper und anderen Muell..... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.11.2005, 11:27
Member
Themenstarter Beiträge: 28 |
#15
Logfile of HijackThis v1.99.1
Scan saved at 11:25:09, on 08.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\System32\svchost.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Opera\Opera.exe C:\WINDOWS\system32\wscntfy.exe D:\some stuff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flirtparadieso.de:9091/servlet/jfchat;jsessionid=15AC828517806F02D5B0AF2673BE85BE?showhtml=start&design=0 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124533046075 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6580081A-64FE-4243-BC81-B356BE1AA0B5}: NameServer = 217.237.149.225 217.237.151.97 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe hab noch keine pop ups bekommen ich denke nu is alles tot  aber ich mach nu ma zur sicherheit einen weiteren eScanCheck damit ich wieder ruhig ratzen kann ^^ ansonsten denk ich is ja nu alles abgeschlossen meld mich wieder falls eScanCheck noch etwas findet aber ich sag nu schonma thx for da help 
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Logfile of HijackThis v1.99.1
Scan saved at 08:38:35, on 07.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\LeechFTP\Leechftp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Winamp\Winamp.exe
C:\Programme\Opera\Opera.exe
D:\some stuff\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flirtparadieso.de:9091/servlet/jfchat;jsessionid=15AC828517806F02D5B0AF2673BE85BE?showhtml=start&design=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2003\nopopup.exe /autorun
O4 - HKCU\..\Run: [burn bib] C:\DOKUME~1\C4F9A~1.MAR\ANWEND~1\GRIDBY~1\readme wait.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124533046075
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6580081A-64FE-4243-BC81-B356BE1AA0B5}: NameServer = 217.237.149.225 217.237.151.97
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
hoffe es kann mir wer helfen^^