unaufgefordertes öffnen von seiten mit der endung yyy102.html und ect.

14.12.2005, 12:48

GlobalDeath

...neu hier

Beiträge: 5

#1 In meinem Firefox ex. öffnen sich immerseiten mit der endung yyy102.html oder paypopup.com ect. hab hier gelesen formatieren oder auch nicht daher poste ich mal hijackthis log file damit mal bitte jmd schaun kann was da faul ist weil ich kannes mir nicht erklären, wäre nett von euch cya und danke
LogFile:

Logfile of HijackThis v1.99.1
Scan saved at 12:46:57, on 14.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\AOL\1130974616\ee\aolsoftware.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\BlOoDyDeAtH\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programme\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\i2240cfqef2e0.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

19.12.2005, 14:14

Sabina

Ehrenmitglied

Beiträge: 29434

#2 GlobalDeath

das sieht nach einer verseuchung mit Look2Me aus.
Arbeite Option 2 ab, und nach den Neustart Option 4 und kopiere hier den scanreport
http://virus-protect.org/l2mfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

19.12.2005, 20:26

GlobalDeath

...neu hier

Themenstarter

Beiträge: 5

#3 L2MFIX find log 121605
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n8n60i5se8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{3F45765C-6A24-DC0C-0E30-0688D90A7F18}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{330417E8-EF62-4047-82BE-D8305CEFF572}"="AMEncShlExt extension"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
"{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}"=""
"{2E090384-7357-42C2-ABD9-443586D903F6}"=""
"{FD0A3521-4EC0-4229-8BEE-18C282F137D8}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}\InprocServer32]
@="C:\\WINDOWS\\system32\\nkwrsar.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E090384-7357-42C2-ABD9-443586D903F6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E090384-7357-42C2-ABD9-443586D903F6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E090384-7357-42C2-ABD9-443586D903F6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E090384-7357-42C2-ABD9-443586D903F6}\InprocServer32]
@="C:\\WINDOWS\\system32\\svredir.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FD0A3521-4EC0-4229-8BEE-18C282F137D8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FD0A3521-4EC0-4229-8BEE-18C282F137D8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FD0A3521-4EC0-4229-8BEE-18C282F137D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FD0A3521-4EC0-4229-8BEE-18C282F137D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\rmmotepg.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aoldial.dll Thu 13 Oct 2005 11:45:38 A.... 104.024 101,59 K
cmdlin~1.dll Mon 12 Dec 2005 17:24:46 A.... 98.304 96,00 K
enpol1~1.dll Fri 16 Dec 2005 18:32:38 ..S.R 236.723 231,17 K
fp4003~1.dll Sun 18 Dec 2005 22:18:20 ..S.R 236.822 231,27 K
gdi32.dll Thu 6 Oct 2005 4:20:34 A.... 260.608 254,50 K
mshtml.dll Tue 4 Oct 2005 11:33:40 A.... 2.700.288 2,57 M
n8n60i~1.dll Sat 17 Dec 2005 15:09:20 ..S.R 236.822 231,27 K
s32evnt1.dll Thu 1 Dec 2005 12:14:20 A.... 86.091 84,07 K
shell32.dll Fri 23 Sep 2005 4:27:42 A.... 8.389.632 8,00 M
sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118.784 116,00 K
svredir.dll Mon 19 Dec 2005 19:16:42 ..... 236.822 231,27 K
sysogg.dll Thu 3 Nov 2005 1:59:02 A.... 25 0,02 K
xpsp2res.dll Tue 27 Sep 2005 1:41:26 A.... 611.840 597,50 K

13 items found: 13 files (3 H/S), 0 directories.
Total of file sizes: 13.316.785 bytes 12,70 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Mon 19 Dec 2005 19:20:42 ..S.R 236.822 231,27 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 236.822 bytes 231,27 K
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A497-4E75

Verzeichnis von C:\WINDOWS\System32

19.12.2005 19:20 236.822 guard.tmp
18.12.2005 22:18 236.822 fp4003hme.dll
17.12.2005 15:09 236.822 n8n60i5se8.dll
16.12.2005 18:32 236.723 enpol1731.dll
16.12.2005 15:47 <DIR> dllcache
17.05.2005 17:26 <DIR> Microsoft
4 Datei(en) 947.189 Bytes
2 Verzeichnis(se), 2.385.874.944 Bytes frei

hier 2 log :

L2mfix Beta 121605
Creating Account.
Der Befehl wurde erfolgreich ausgefhrt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/2E090384-7357-42C2-ABD9-443586D903F6.reg (188 bytes security) (deflated 71%)
updating: backregs/ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13.reg (188 bytes security) (deflated 70%)
updating: backregs/FD0A3521-4EC0-4229-8BEE-18C282F137D8.reg (188 bytes security) (deflated 70%)
updating: backregs/notibac.reg (140 bytes security) (deflated 87%)

hier der log con hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 20:26:04, on 19.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Google\Google Talk\googletalk.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system\CmSNXeye.exe
C:\WINDOWS\system\CmSNXeye.exe
C:\WINDOWS\system\CmSNXeye.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\BlOoDyDeAtH\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programme\Google\Google Talk\googletalk.exe" /autostart
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n8n60i5se8.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

20.12.2005, 02:45

Sabina

Ehrenmitglied

Beiträge: 29434

#4 Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system\CmSNXeye.exe

--------------------------------------------------------------------
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n8n60i5se8.dll

PC neustarten

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot / Process all in List )--> anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\fp4003hme.dll
C:\WINDOWS\System32\n8n60i5se8.dll
C:\WINDOWS\system32\svredir.dll
C:\WINDOWS\system32\rmmotepg.dll
C:\WINDOWS\System32\enpol1731.dll

PC neustarten

Hoster.zip -> anwenden
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

VX2Finder XP/2000
http://www.downloads.subratam.org/VX2Finder.exe
kopiere hier den scanreport

spysweeper trial (kopiere den scanreport)
http://virus-protect.org/spysweeper.html
__________
MfG Sabina

rund um die PC-Sicherheit

20.12.2005, 21:09

GlobalDeath

...neu hier

Themenstarter

Beiträge: 5

#5 This is a report processed by VirusTotal on 12/20/2005 at 20:20:23 (CET) after scanning the file "cmsnxeye.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.70 12.20.2005 no virus found
Avast 4.6.695.0 12.20.2005 no virus found
AVG 718 12.20.2005 no virus found
Avira 6.33.0.70 12.20.2005 no virus found
BitDefender 7.2 12.20.2005 no virus found
CAT-QuickHeal 8.00 12.19.2005 no virus found
ClamAV devel-20051108 12.19.2005 no virus found
DrWeb 4.33 12.20.2005 no virus found
eTrust-Iris 7.1.194.0 12.19.2005 no virus found
eTrust-Vet 12.3.3.0 12.20.2005 no virus found
Fortinet 2.54.0.0 12.20.2005 no virus found
F-Prot 3.16c 12.20.2005 no virus found
Ikarus 0.2.59.0 12.20.2005 no virus found
Kaspersky 4.0.2.24 12.20.2005 no virus found
McAfee 4654 12.20.2005 no virus found
NOD32v2 1.1330 12.20.2005 no virus found
Norman 5.70.10 12.20.2005 no virus found
Panda 8.02.00 12.20.2005 no virus found
Sophos 4.01.0 12.20.2005 no virus found
Symantec 8.0 12.20.2005 no virus found
TheHacker 5.9.1.059 12.19.2005 no virus found
VBA32 3.10.5 12.20.2005 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Log for VX2.BetterInternet File Finder (ALL)

Files Found---

Additional Files---

Keys Under Notify---
crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
Syncmgr
termsrv
wlballoon

Guardian Key--- is called:

Guardian Key--- :

User Agent String---
{3F45765C-6A24-DC0C-0E30-0688D90A7F18}

********
20:45: | Start of Session, Dienstag, 20. Dezember 2005 |
20:45: Spy Sweeper started
20:45: Sweep initiated using definitions version 556
20:45: Found Adware: look2me
20:45: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\syncmgr\ || dllname (ID = 129987)
20:45: hrjq0515e.dll (ID = 129987)
20:45: Starting Memory Sweep
20:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:47: Memory Sweep Complete, Elapsed Time: 00:01:24
20:47: Starting Registry Sweep
20:47: Found Adware: azsearch toolbar
20:47: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886)
20:47: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (6 subtraces) (ID = 103887)
20:47: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905)
20:47: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 103909)
20:47: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910)
20:47: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (6 subtraces) (ID = 103911)
20:47: Found Adware: winad
20:47: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (1 subtraces) (ID = 763026)
20:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:47: Registry Sweep Complete, Elapsed Time:00:00:13
20:47: Starting Cookie Sweep
20:47: Found Spy Cookie: adtech cookie
20:47: bloodydeath@adtech[1].txt (ID = 2155)
20:47: Found Spy Cookie: falkag cookie
20:47: bloodydeath@as1.falkag[2].txt (ID = 2650)
20:47: Found Spy Cookie: atwola cookie
20:47: bloodydeath@atwola[1].txt (ID = 2255)
20:47: Found Spy Cookie: paypopup cookie
20:47: bloodydeath@paypopup[2].txt (ID = 3119)
20:47: Found Spy Cookie: tradedoubler cookie
20:47: bloodydeath@tradedoubler[2].txt (ID = 3575)
20:47: Found Spy Cookie: zedo cookie
20:47: bloodydeath@zedo[2].txt (ID = 3762)
20:47: Cookie Sweep Complete, Elapsed Time: 00:00:00
20:47: Starting File Sweep
20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
20:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
20:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:00: File Sweep Complete, Elapsed Time: 00:12:38
21:00: Full Sweep has completed. Elapsed time 00:14:23
21:00: Traces Found: 44
21:00: Removal process initiated
21:00: Quarantining All Traces: look2me
21:00: look2me is in use. It will be removed on reboot.
21:00: hrjq0515e.dll is in use. It will be removed on reboot.
21:00: Quarantining All Traces: azsearch toolbar
21:00: Quarantining All Traces: winad
21:00: Quarantining All Traces: adtech cookie
21:00: Quarantining All Traces: atwola cookie
21:00: Quarantining All Traces: falkag cookie
21:00: Quarantining All Traces: paypopup cookie
21:00: Quarantining All Traces: tradedoubler cookie
21:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:00: Quarantining All Traces: zedo cookie
21:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:02: Preparing to restart your computer. Please wait...
21:02: Removal process completed. Elapsed time 00:01:58
21:06: Your spyware definitions have been updated.
21:06: Updating spyware definitions
21:07: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
********
20:44: | Start of Session, Dienstag, 20. Dezember 2005 |
20:44: Spy Sweeper started

21.12.2005, 00:53

Sabina

Ehrenmitglied

Beiträge: 29434

#6 GlobalDeath

wende Cleanup nach Anleitung auf der Seite an
http://virus-protect.org/cleanup.html

kopiere hier die 4 Textdateien (3 Monate vom Datum her genuegen)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

21.12.2005, 19:24

mc_HH

...neu hier

Beiträge: 2

#7 huhu,

ich habe genau das selbe problem wie GlobalDeath, habe gelesen was hier gepostet wurde doch verstehen tue ich das ganze nicht so könntet ihr mir da ein wenig unter die arme greifen ? wäre nett....

mfg

mc_HH

21.12.2005, 20:19

GlobalDeath

...neu hier

Themenstarter

Beiträge: 5

#8 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A497-4E75

Verzeichnis von C:\WINDOWS\system32

21.12.2005 20:15 29.965 nvapps.xml
21.12.2005 20:15 236.024 guard.tmp
21.12.2005 20:06 236.024 qc-mt331.dll
20.12.2005 22:07 234.021 e820lifm182a.dll
20.12.2005 21:03 236.024 hp0023dmg.dll
19.12.2005 20:21 236.822 nqth.dll
19.12.2005 20:19 59 direct.txt
19.12.2005 20:18 236.887 hr6005jme.dll
18.12.2005 22:16 2.206 wpa.dbl
14.12.2005 19:17 492.544 WRLogonNtf.dll
14.12.2005 19:17 8.192 ssiefr.EXE
14.12.2005 19:17 17.920 wrlzma.dll
14.12.2005 12:11 311.604 perfh009.dat
14.12.2005 12:11 39.992 perfc009.dat
14.12.2005 12:11 48.156 perfc007.dat
14.12.2005 12:11 316.594 perfh007.dat
14.12.2005 12:11 721.390 PerfStringBackup.INI
12.12.2005 17:24 98.304 CmdLineExt.dll
11.12.2005 19:24 2.550 Uninstall.ico
11.12.2005 19:24 1.406 Help.ico
11.12.2005 19:24 1.718 Open.ico
11.12.2005 19:24 1.406 AddQuit.ico
11.12.2005 19:24 5.350 IE.ico
11.12.2005 19:24 9.470 Desktop.ico
11.12.2005 19:24 1.718 Quick.ico
09.12.2005 01:21 2.723.680 MRT.exe
01.12.2005 12:14 86.091 S32EVNT1.DLL
28.11.2005 00:03 231.184 FNTCACHE.DAT
27.11.2005 11:39 17.409 azebar.xml
24.11.2005 01:18 2.780 qtplugin.log
22.11.2005 17:39 2.700.288 MSHTML.DLL
03.11.2005 01:59 25 sysogg.dll
02.11.2005 00:44 127.574 tsuninst.exe
27.10.2005 20:07 229.888 srrstr.dll
21.10.2005 16:49 461.312 URLMON.DLL
21.10.2005 16:49 496.640 MSTIME.DLL
21.10.2005 16:49 582.144 WININET.DLL
21.10.2005 15:36 1.339.392 SHDOCVW.DLL
21.10.2005 12:49 192.512 DXTRANS.DLL
20.10.2005 23:33 1.003.008 esent.dll
20.10.2005 19:08 988.160 DANIM.DLL
19.10.2005 18:50 16.384 restart.exe

2:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A497-4E75

Verzeichnis von C:\DOKUME~1\BLOODY~1\LOKALE~1\Temp

21.12.2005 20:16 284 MSIadaaf.LOG
1 Datei(en) 284 Bytes
0 Verzeichnis(se), 2.286.247.936 Bytes frei
3:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A497-4E75

Verzeichnis von C:\WINDOWS

21.12.2005 20:16 467.551 setupapi.log
21.12.2005 20:06 1.682.294 WindowsUpdate.log
21.12.2005 20:05 0 0.log
21.12.2005 20:04 159 wiadebug.log
21.12.2005 20:04 50 wiaservc.log
20.12.2005 22:07 32.540 SchedLgU.Txt
20.12.2005 20:43 975 win.ini
19.12.2005 20:33 63.734 iis6.log
19.12.2005 20:33 150.929 comsetup.log
19.12.2005 20:33 91.803 ntdtcsetup.log
19.12.2005 20:33 9.366 KB910437.log
19.12.2005 20:33 168.974 tsoc.log
19.12.2005 20:33 1.393 imsins.log
19.12.2005 20:33 15.846 ocmsn.log
19.12.2005 20:33 240.407 ocgen.log
19.12.2005 20:33 21.012 msgsocm.log
19.12.2005 20:33 417.550 FaxSetup.log
19.12.2005 20:33 23.858 updspapi.log
19.12.2005 20:33 1.393 imsins.BAK
19.12.2005 20:33 6.398 KB905915-IE6SP1-20051122.175908.log
19.12.2005 20:32 7.759 KB835409.log
19.12.2005 20:31 96.855 wmsetup.log
19.12.2005 20:21 283.372 ntbtlog.txt
16.12.2005 23:38 167 cod2demo.ini
15.12.2005 15:33 12.584 mozver.dat
14.12.2005 19:17 478.720 WRUninstall.dll
14.12.2005 12:12 107.132 UninstallFirefox.exe
13.12.2005 13:23 195.928 Directx.log
12.12.2005 17:24 316.640 WMSysPr9.prx
11.12.2005 19:24 32 pavsig.txt
11.12.2005 18:18 227 system.ini
27.11.2005 18:59 201.293 setupact.log
25.11.2005 19:35 60.416 ALCFDRTM.VER
23.11.2005 01:06 541 bobdown.ini
22.11.2005 00:25 75 gfscore.ini
16.11.2005 17:22 110 gui.INI
12.11.2005 17:52 248 accessdll.log
12.11.2005 16:27 399 nsw.log
12.11.2005 14:37 323 doom3.ini
10.11.2005 19:03 12.386 KB896424.log
30.10.2005 19:17 192 winamp.ini
15.10.2005 02:54 16.846 KB901017.log
15.10.2005 02:54 10.366 KB896688-IE6SP1-20051004.130236.log
15.10.2005 02:53 12.528 KB905495.log
15.10.2005 02:53 12.488 KB904706.log
15.10.2005 02:51 15.697 KB905414.log
15.10.2005 02:51 15.724 KB900725.log
15.10.2005 02:50 12.481 KB905749.log
13.10.2005 18:21 23.448 KB902400.log
11.10.2005 18:17 1.146.285 setupapi.log.0.old
09.10.2005 18:06 293.131 ESL Funmapladder Mappack - have more fun Uninstaller.exe
04.10.2005 20:46 73.605 War3Unin.dat
01.10.2005 18:39 26 NeoSetup.INI
22.09.2005 17:16 851 eReg.dat
15.09.2005 21:29 0 setuperr.log
11.09.2005 14:48 1.024 PPENGINE.INI
08.09.2005 21:46 26 popcinfo.dat
08.09.2005 21:11 169 RtlRack.ini
27.08.2005 22:25 220 SIERRA.INI
11.08.2005 20:02 2.829 War3Unin.pif
11.08.2005 20:02 139.264 War3Unin.exe
10.08.2005 15:06 17.125 SYMEVENT.LOG
10.08.2005 14:58 18.266 KB899587.log
10.08.2005 14:58 17.836 KB899591.log
10.08.2005 14:58 18.016 KB893756.log
10.08.2005 14:58 17.283 KB896423.log
10.08.2005 14:57 16.395 KB899588.log
10.08.2005 14:57 7.657 KB896727-IE6SP1-20050719.165959.log
14.07.2005 00:24 12.852 KB901214.log
09.07.2005 12:28 4.096 d3dx.dat

4:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A497-4E75

Verzeichnis von C:\

21.12.2005 20:19 0 sys.txt
21.12.2005 20:19 11.052 system.txt
21.12.2005 20:18 296 systemtemp.txt
21.12.2005 20:16 100.422 system32.txt
21.12.2005 20:04 608 sti.log
21.12.2005 20:04 805.306.368 pagefile.sys
19.12.2005 20:23 59 direct.txt
11.12.2005 18:18 194 boot.ini
27.11.2005 11:40 3.031 secure32.html
15.11.2005 21:06 16 SYSBOOT.DAT
08.10.2005 19:51 224 hllog.txt
17.05.2005 17:29 1.354 CtDrvStp.log
17.05.2005 17:29 97 CtDrvIns.log
17.05.2005 17:06 0 MSDOS.SYS
17.05.2005 17:06 0 CONFIG.SYS
17.05.2005 17:06 0 IO.SYS
17.05.2005 17:06 0 AUTOEXEC.BAT
02.04.2003 13:00 4.952 bootfont.bin
02.04.2003 13:00 47.580 NTDETECT.COM
02.04.2003 13:00 235.296 ntldr
20 Datei(en) 805.711.549 Bytes
0 Verzeichnis(se), 2.286.227.456 Bytes frei

21.12.2005, 21:36

Sabina

Ehrenmitglied

Beiträge: 29434

#9 KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot / Process all in List )--> anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\nvapps.xml
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\qc-mt331.dll
C:\WINDOWS\system32\direct.txt
C:\WINDOWS\system32\e820lifm182a.dll
C:\WINDOWS\system32\hp0023dmg.dll
C:\WINDOWS\system32\nqth.dll
C:\WINDOWS\system32\azebar.xml
C:\WINDOWS\system32\tsuninst.exe
C:\secure32.html

PC neustarten

scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1