Lästige werbe pop-ups! |
||
---|---|---|
#0
| ||
19.11.2005, 21:06
...neu hier
Beiträge: 5 |
||
|
||
19.11.2005, 21:33
Ehrenmitglied
Beiträge: 29434 |
#2
ein HijackThis ist nicht aktuell:
Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.11.2005, 22:26
...neu hier
Themenstarter Beiträge: 5 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 22:25:40, on 19.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\system32\rundll32.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\rundll32.exe H:\Programme\AVPersonal\AVGNT.EXE L:\Programme\ICQLite\ICQLite.exe L:\Programme\Winamp\winampa.exe L:\Programme\DAEMON Tools\daemon.exe H:\Programme\Spybot - Search & Destroy\TeaTimer.exe H:\Programme\MSN Messenger\MsnMsgr.Exe H:\Programme\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe H:\PROGRAMME\AVPERSONAL\AVGUARD.EXE H:\Programme\AVPersonal\AVWUPSRV.EXE H:\WINDOWS\system32\cisvc.exe L:\Programme\security suite\ewidoctrl.exe L:\Programme\security suite\ewidoguard.exe H:\WINDOWS\system32\oodag.exe H:\Programme\Internet Explorer\iexplore.exe H:\Dokumente und Einstellungen\Dj Dava\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - L:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\programme\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - L:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVGCtrl] H:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [ICQ Lite] L:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] L:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "L:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PinnacleDriverCheck] H:\WINDOWS\system32\PSDrvCheck.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "H:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "H:\Programme\Messenger\msmsgs.exe" O4 - HKCU\..\RunOnce: [ICQ Lite] L:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: EmuPatchMixDSP.lnk = H:\Programme\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe O8 - Extra context menu item: &Google-Suche - res://H:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://L:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://H:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://H:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://H:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://H:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - L:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - L:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Syncmgr - H:\WINDOWS\system32\dnr6019se.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - H:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - H:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - L:\Programme\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - L:\Programme\security suite\ewidoguard.exe O23 - Service: O&O Defrag - O&O Software GmbH - H:\WINDOWS\system32\oodag.exe |
|
|
||
19.11.2005, 22:43
Ehrenmitglied
Beiträge: 29434 |
#4
das ist eine Look2Me-Verseuchung
http://virus-protect.org/l2mfix.html poste hier Option 1 (das Log) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.11.2005, 22:50
...neu hier
Themenstarter Beiträge: 5 |
#5
L2MFIX find log 1.04a
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr] "Asynchronous"=dword:00000000 "DllName"="H:\\WINDOWS\\system32\\dnr6019se.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{A0D73A51-0943-AA59-B98E-35594D25495B}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{F5D92341-0A64-11D0-9956-0000E8096023}"="CD Copy Shell Extension" "{F5D92342-0A64-11D0-9956-0000E8096023}"="CD Wizard Shell Extension" "{F5D92344-0A64-11D0-9956-0000E8096023}"="InstantWrite Shellextension" "{C2B68238-14F5-4302-BBB3-29AF63D28C9F}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C2B68238-14F5-4302-BBB3-29AF63D28C9F}] @="" [HKEY_CLASSES_ROOT\CLSID\{C2B68238-14F5-4302-BBB3-29AF63D28C9F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C2B68238-14F5-4302-BBB3-29AF63D28C9F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C2B68238-14F5-4302-BBB3-29AF63D28C9F}\InprocServer32] @="H:\\WINDOWS\\system32\\kcd103.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: H:\WINDOWS\SYSTEM32\ ati2cqag.dll Fri 14 Oct 2005 5:40:00 A.... 233.472 228,00 K ati2dvag.dll Fri 14 Oct 2005 6:11:22 A.... 241.664 236,00 K ati2edxx.dll Fri 14 Oct 2005 6:07:08 A.... 39.936 39,00 K ati2evxx.dll Fri 14 Oct 2005 6:07:00 A.... 46.080 45,00 K ati3duag.dll Fri 14 Oct 2005 5:59:44 A.... 2.433.120 2,32 M aticds10.dll Thu 15 Sep 2005 3:05:00 A.... 368.640 360,00 K atiddc.dll Fri 14 Oct 2005 6:05:46 A.... 53.248 52,00 K atidemgr.dll Fri 14 Oct 2005 5:07:22 A.... 258.048 252,00 K atiicdxx.dll Thu 15 Sep 2005 3:05:00 A.... 380.928 372,00 K atiiiexx.dll Fri 14 Oct 2005 6:03:32 A.... 307.200 300,00 K atikvmag.dll Fri 14 Oct 2005 5:44:50 A.... 147.456 144,00 K atioglx1.dll Fri 14 Oct 2005 6:49:30 A.... 6.680.576 6,37 M atioglxx.dll Sat 15 Oct 2005 21:02:56 A.... 4.952.064 4,72 M atipdlxx.dll Fri 14 Oct 2005 6:07:28 A.... 106.496 104,00 K atipdsxx.dll Thu 15 Sep 2005 3:05:00 A.... 266.240 260,00 K atippaxx.dll Thu 15 Sep 2005 3:05:00 A.... 94.208 92,00 K atipuixx.dll Thu 15 Sep 2005 3:05:00 A.... 2.039.808 1,95 M atitvo32.dll Fri 14 Oct 2005 5:44:18 A.... 17.408 17,00 K ativvaxx.dll Fri 14 Oct 2005 5:55:10 A.... 601.760 587,66 K cdosys.dll Sat 10 Sep 2005 2:54:28 A.... 2.067.968 1,97 M ipsecsvc.dll Thu 15 Sep 2005 5:05:54 A.... 185.344 181,00 K kcd103.dll Sat 19 Nov 2005 22:21:50 ..S.R 236.348 230,81 K linkinfo.dll Thu 1 Sep 2005 2:44:42 A.... 19.968 19,50 K netman.dll Mon 22 Aug 2005 19:31:48 A.... 197.632 193,00 K oemdspif.dll Fri 14 Oct 2005 6:07:18 A.... 73.728 72,00 K openal32.dll Fri 18 Nov 2005 19:33:40 A.... 81.920 80,00 K px.dll Wed 14 Sep 2005 20:17:44 ..... 462.848 452,00 K pxdrv.dll Wed 14 Sep 2005 20:17:44 ..... 319.488 312,00 K pxmas.dll Wed 14 Sep 2005 20:17:44 ..... 143.360 140,00 K pxwave.dll Wed 14 Sep 2005 20:17:44 ..... 286.720 280,00 K shell32.dll Fri 23 Sep 2005 4:06:22 A.... 8.491.520 8,10 M shlwapi.dll Sat 3 Sep 2005 0:53:22 A.... 474.112 463,00 K sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118.784 116,00 K umpnpmgr.dll Tue 23 Aug 2005 4:39:58 A.... 124.416 121,50 K vxblock.dll Wed 14 Sep 2005 20:17:44 ..... 28.672 28,00 K winsrv.dll Thu 1 Sep 2005 2:44:44 A.... 292.352 285,50 K wrap_oal.dll Fri 18 Nov 2005 19:33:42 A.... 225.280 220,00 K xpsp3res.dll Mon 26 Sep 2005 17:47:44 ..... 24.064 23,50 K 38 items found: 38 files (1 H/S), 0 directories. Total of file sizes: 33.122.876 bytes 31,59 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk H: hat keine Bezeichnung. Volumeseriennummer: D488-973C Verzeichnis von H:\WINDOWS\System32 19.11.2005 22:21 236.348 kcd103.dll 19.11.2005 22:21 237.211 fp6803jue.dll 19.11.2005 22:05 236.348 dnr6019se.dll 19.11.2005 20:42 <DIR> dllcache 17.11.2005 21:58 <DIR> Microsoft 3 Datei(en) 709.907 Bytes 2 Verzeichnis(se), 14.971.797.504 Bytes frei |
|
|
||
19.11.2005, 23:23
Ehrenmitglied
Beiträge: 29434 |
#6
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: H:\WINDOWS\system32\dnr6019se.dll H:\WINDOWS\system32\guard.temp H:\WINDOWS\system32\kcd103.dll H:\WINDOWS\system32\fp6803jue.dll und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" PC neustarten L2mfix arbeite Option 2 ab --> neustarten--> Option 4 VX2Finder 98/ME http://www.downloads.subratam.org/VX2Finder9x.exe Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. spysweeper trial http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2005, 00:12
...neu hier
Themenstarter Beiträge: 5 |
#7
Soo, scheint wieder zu gehen! Vielen Dank ... sollte nochmal was kommen, schreibe ichs! War total am verzweifeln, zum glück es gibt leute die sich sogut mit pc´s auskennen! Dankeschööön
|
|
|
||
Der Log :
Logfile of HijackThis v1.97.7
Scan saved at 20:59:08, on 19.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Programme\AVPersonal\AVGNT.EXE
L:\Programme\ICQLite\ICQLite.exe
L:\Programme\Winamp\winampa.exe
L:\Programme\DAEMON Tools\daemon.exe
H:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
H:\Programme\Spybot - Search & Destroy\TeaTimer.exe
H:\Programme\MSN Messenger\MsnMsgr.Exe
H:\Programme\AVPersonal\AVWUPSRV.EXE
H:\WINDOWS\system32\cisvc.exe
H:\Programme\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
L:\Programme\security suite\ewidoctrl.exe
L:\Programme\security suite\ewidoguard.exe
H:\WINDOWS\system32\oodag.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\cidaemon.exe
H:\Programme\Internet Explorer\iexplore.exe
H:\Dokumente und Einstellungen\Dj Dava\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - L:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - L:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVGCtrl] H:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ICQ Lite] L:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] L:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "L:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] H:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "H:\Programme\Messenger\msmsgs.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] L:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: EmuPatchMixDSP.lnk = H:\Programme\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
O8 - Extra context menu item: &Google-Suche - res://H:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://L:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://H:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://H:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://H:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://H:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab