Trojaner macht Startleiste weg |
||
---|---|---|
#0
| ||
18.01.2006, 17:14
...neu hier
Beiträge: 3 |
||
|
||
18.01.2006, 17:20
Ehrenmitglied
Beiträge: 29434 |
#2
abstract86
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ doppelklick: blbeta.exe nach dem Check klicke -- next nun findet man eine log-datei auf dem Desktop: kopiere sie in deinen Thread - __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.01.2006, 17:53
...neu hier
Themenstarter Beiträge: 3 |
#3
das is bei blbeta.exe rausgekommen:
12/29/05 17:45:58 [Info]: BlackLight Engine 1.0.30 initialized 12/29/05 17:45:58 [Info]: OS: 5.1 build 2600 (Service Pack 2) 12/29/05 17:45:59 [Note]: 7019 4 12/29/05 17:45:59 [Note]: 7005 0 12/29/05 17:46:03 [Note]: 7006 0 12/29/05 17:46:03 [Note]: 7011 1464 12/29/05 17:46:04 [Note]: FSRAW library version 1.7.1014 12/29/05 17:47:47 [Note]: 7007 0 |
|
|
||
18.01.2006, 18:10
Ehrenmitglied
Beiträge: 29434 |
#4
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.01.2006, 13:23
...neu hier
Themenstarter Beiträge: 3 |
||
|
||
15.02.2006, 18:03
...neu hier
Beiträge: 4 |
#6
Hi, also soll ich jetzt einfach den log hier reinposten oder wie?
danke im Voraus ^^ |
|
|
||
15.02.2006, 18:05
Ehrenmitglied
Beiträge: 29434 |
#7
Zitat Phoen1x16 postetekannst du machen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2006, 18:07
...neu hier
Beiträge: 4 |
#8
15.02.2006 17:59 35.870 vsconfig.xml
15.02.2006 17:58 43.573 nvapps.xml 14.02.2006 17:55 2.206 wpa.dbl 28.01.2006 11:02 39.992 perfc009.dat 28.01.2006 11:02 311.604 perfh009.dat 28.01.2006 11:02 316.594 perfh007.dat 28.01.2006 11:02 48.156 perfc007.dat 28.01.2006 11:02 723.744 PerfStringBackup.INI 28.01.2006 10:59 255 spupdwxp.log 28.01.2006 10:58 92.680 FNTCACHE.DAT 27.01.2006 15:08 98.304 CmdLineExt.dll 10.01.2006 16:47 23.392 nscompat.tlb 10.01.2006 16:47 16.832 amcompat.tlb 09.01.2006 18:29 4.212 zllictbl.dat 09.01.2006 18:16 25.065 wmpscheme.xml 09.01.2006 18:13 261 $winnt$.inf 09.01.2006 18:10 2.951 CONFIG.NT 09.01.2006 18:08 488 WindowsLogon.manifest 09.01.2006 18:08 488 logonui.exe.manifest 09.01.2006 18:08 749 nwc.cpl.manifest 09.01.2006 18:08 749 wuaucpl.cpl.manifest 09.01.2006 18:08 749 ncpa.cpl.manifest 09.01.2006 18:08 749 sapi.cpl.manifest 09.01.2006 18:08 749 cdplayer.exe.manifest 09.01.2006 18:06 21.740 emptyregdb.dat 09.01.2006 18:03 0 h323log.txt 14.12.2005 00:24 118.784 sirenacm.dll 10.12.2005 04:16 180.224 NVUNINST.EXE 10.12.2005 03:06 425.984 keystone.exe 10.12.2005 03:06 299.008 nvwrssk.dll 10.12.2005 03:06 315.392 nvwrsru.dll 10.12.2005 03:06 319.488 nvwrsptb.dll 10.12.2005 03:06 3.955.456 nv4_disp.dll 10.12.2005 03:06 110.592 nvapi.dll 10.12.2005 03:06 323.584 nvwrspt.dll 10.12.2005 03:06 442.368 nvappbar.exe 10.12.2005 03:06 35.840 nvcod.dll 10.12.2005 03:06 35.840 nvcodins.dll 10.12.2005 03:06 147.456 nvcolor.exe 10.12.2005 03:06 303.104 nvwrssl.dll 10.12.2005 03:06 294.912 nvwrssv.dll 10.12.2005 03:06 7.311.360 nvcpl.dll 10.12.2005 03:06 294.912 nvwrspl.dll 10.12.2005 03:06 16.356 nvdisp.nvu 10.12.2005 03:06 1.339.392 nvdspsch.exe 10.12.2005 03:06 573.440 nvhwvid.dll 10.12.2005 03:06 1.466.368 nview.dll 10.12.2005 03:06 229.376 nvmccs.dll 10.12.2005 03:06 45.056 nvmccsrs.dll 10.12.2005 03:06 303.104 nvwrstr.dll 10.12.2005 03:06 286.720 nvnt4cpl.dll 10.12.2005 03:06 5.402.624 nvoglnt.dll 10.12.2005 03:06 319.488 nvrsar.dll 10.12.2005 03:06 299.008 nvwrsno.dll 10.12.2005 03:06 319.488 nvwrsnl.dll 10.12.2005 03:06 241.664 nvrscs.dll 10.12.2005 03:06 245.760 nvrsda.dll 10.12.2005 03:06 270.336 nvrsde.dll 10.12.2005 03:06 274.432 nvrsel.dll 10.12.2005 03:06 241.664 nvrseng.dll 10.12.2005 03:06 274.432 nvrses.dll 10.12.2005 03:06 163.840 nvwrszhc.dll 10.12.2005 03:06 266.240 nvrsesm.dll 10.12.2005 03:06 196.608 nvwrsko.dll 10.12.2005 03:06 212.992 nvwrsja.dll 10.12.2005 03:06 241.664 nvrsfi.dll 10.12.2005 03:06 323.584 nvwrsit.dll 10.12.2005 03:06 278.528 nvrsfr.dll 10.12.2005 03:06 319.488 nvrshe.dll 10.12.2005 03:06 253.952 nvrshu.dll 10.12.2005 03:06 274.432 nvrsit.dll 10.12.2005 03:06 258.048 nvrsja.dll 10.12.2005 03:06 167.936 nvwrszht.dll 10.12.2005 03:06 315.392 nvwrshu.dll 10.12.2005 03:06 253.952 nvrsko.dll 10.12.2005 03:06 266.240 nvrsnl.dll 10.12.2005 03:06 278.528 nvwrshe.dll 10.12.2005 03:06 1.519.616 nwiz.exe 10.12.2005 03:06 249.856 nvrsno.dll 10.12.2005 03:06 249.856 nvrspl.dll 10.12.2005 03:06 327.680 nvwrsfr.dll 10.12.2005 03:06 86.016 nvmctray.dll 10.12.2005 03:06 303.104 nvwrsfi.dll 10.12.2005 03:06 266.240 nvrspt.dll 10.12.2005 03:06 262.144 nvrsptb.dll 10.12.2005 03:06 262.144 nvrsru.dll 10.12.2005 03:06 327.680 nvwrsesm.dll 10.12.2005 03:06 249.856 nvrssk.dll 10.12.2005 03:06 249.856 nvrssl.dll 10.12.2005 03:06 245.760 nvrssv.dll 10.12.2005 03:06 249.856 nvrstr.dll 10.12.2005 03:06 217.088 nvrszhc.dll 10.12.2005 03:06 335.872 nvwrses.dll 10.12.2005 03:06 286.720 nvwrseng.dll 10.12.2005 03:06 466.944 nvshell.dll 10.12.2005 03:06 131.139 nvsvc32.exe 10.12.2005 03:06 73.728 nvtuicpl.cpl 10.12.2005 03:06 180.224 nvudisp.exe 10.12.2005 03:06 118.784 nvrszht.dll 10.12.2005 03:06 81.920 nvwddi.dll 10.12.2005 03:06 1.662.976 nvwdmcpl.dll 10.12.2005 03:06 1.019.904 nvwimg.dll 10.12.2005 03:06 282.624 nvwrsar.dll 10.12.2005 03:06 286.720 nvwrscs.dll 10.12.2005 03:06 335.872 nvwrsel.dll 10.12.2005 03:06 294.912 nvwrsda.dll 10.12.2005 03:06 311.296 nvwrsde.dll 08.12.2005 13:56 65.536 QuickTimeVR.qtx 08.12.2005 13:56 49.152 QuickTime.qts So ungefähr? |
|
|
||
15.02.2006, 18:36
Ehrenmitglied
Beiträge: 29434 |
#9
Phoen1x16
nun ja...es sind vier Logs und der Pfad obendran waere auch nett... sonst kann ich damit nichts anfangen + Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.02.2006, 15:46
...neu hier
Beiträge: 4 |
#10
So hab Hijack gestartet, und dies kam raus:
Logfile of HijackThis v1.99.1 Scan saved at 15:45:25, on 16.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Programme\Internet Explorer\iexplore.exe D:\Programme\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de O4 - HKLM\..\Run: [AVPCC] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /Service (file missing) O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /Service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Ich hoffe, ich habs richtig gemacht ^^ |
|
|
||
16.02.2006, 23:50
Ehrenmitglied
Beiträge: 29434 |
#11
Phoen1x16
warum soll ich dein HijackThis durcharbeiten ? Gibt es Hinweise auf Viren? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.02.2006, 13:39
...neu hier
Beiträge: 4 |
#12
Sorry, dass ich vielleicht Deinen Anweisungen falsch gefolgt bin aber ich glaube, dass bei mir alles wieder normal läuft. Kann es vielleicht sein, dass "Object Dock" das Problem dafür war? Denn als ich das deinstalliert habe, so war alles wieder bei Altem . Danke trotzdem für die Fachkompetente Hilfe ^^. Alles in allem: Mein Problem hat sich "von alleine" gelöst, indem ich unter Anderem auch Object Dock gelöscht habe ^^.
|
|
|
||
01.01.2007, 18:49
...neu hier
Beiträge: 6 |
#13
@ sabina:
@ all: erstmal wünsche ich allen ein frohes neues jahr. und zu meinem einstand ein "hallo" an alle. wegen dem selben problem, hole ich diesen thread noch mal aus dem keller. also meine startleiste ist weg, alles schon probiert, spybot findet nichts, avg findet nichts, cleanUp! ausgeführt, kaspersky online läuft noch. hier die .txt files: Logfile of HijackThis v1.99.1 Scan saved at 18:20:17, on 01.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe D:\Microsoft ActiveSync\wcescomm.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe D:\MICROS~3\rapimgr.exe D:\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\DOKUME~1\Dennis\LOKALE~1\Temp\Rar$EX00.390\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe blbeta: 12/27/06 12:02:48 [Info]: BlackLight Engine 1.0.47 initialized 12/27/06 12:02:48 [Info]: OS: 5.1 build 2600 (Service Pack 2) 12/27/06 12:02:48 [Note]: 7019 4 12/27/06 12:02:48 [Note]: 7005 0 12/27/06 12:02:49 [Note]: 7006 0 12/27/06 12:02:49 [Note]: 7011 676 12/27/06 12:02:49 [Note]: 7026 0 12/27/06 12:02:49 [Note]: 7026 0 12/27/06 12:02:57 [Note]: FSRAW library version 1.7.1020 12/27/06 12:06:23 [Note]: 2000 1012 12/27/06 12:06:23 [Note]: 2000 1012 12/27/06 12:06:23 [Note]: 2000 1012 12/27/06 12:06:23 [Note]: 7007 0 Datentr„ger in Laufwerk C: ist Windows Volumeseriennummer: ECE9-5574 Verzeichnis von C:\WINDOWS\system32 01.01.2007 18:19 43.573 nvapps.xml 29.12.2006 19:50 2.278 wpa.dbl 13.12.2006 18:15 131.072 SpoonUninstall.exe 08.12.2006 00:13 10.716.584 MRT.exe 07.12.2006 07:40 2.362.184 wmvcore.dll 28.11.2006 15:49 314.644 perfh009.dat 28.11.2006 15:49 732.342 PerfStringBackup.INI 28.11.2006 15:49 320.424 perfh007.dat 28.11.2006 15:49 49.372 perfc007.dat 28.11.2006 15:49 40.972 perfc009.dat 15.11.2006 13:51 8.891 jupdate-1.5.0_09-b03.log 08.11.2006 06:06 679.424 inetcomm.dll 04.11.2006 14:14 1.245.696 msxml4.dll 25.10.2006 19:15 65.536 QuickTimeVR.qtx 25.10.2006 19:15 49.152 QuickTime.qts 23.10.2006 16:17 1.494.528 shdocvw.dll 23.10.2006 16:17 664.576 wininet.dll 23.10.2006 16:17 474.624 shlwapi.dll 23.10.2006 16:17 615.936 urlmon.dll 23.10.2006 16:17 448.512 mshtmled.dll 23.10.2006 16:17 3.076.096 mshtml.dll 23.10.2006 16:17 39.424 pngfilt.dll 23.10.2006 16:17 532.480 mstime.dll 23.10.2006 16:17 146.432 msrating.dll 23.10.2006 16:17 152.064 cdfview.dll 23.10.2006 16:17 205.312 dxtrans.dll 23.10.2006 16:17 1.056.256 danim.dll 23.10.2006 16:17 96.768 inseng.dll 23.10.2006 16:17 1.022.976 browseui.dll 23.10.2006 16:17 251.392 iepeers.dll 23.10.2006 16:17 357.888 dxtmsft.dll 23.10.2006 16:17 16.384 jsproxy.dll 23.10.2006 16:17 55.808 extmgr.dll 23.10.2006 12:42 123.392 xpsp3res.dll 20.10.2006 02:38 715.776 sxs.dll 13.10.2006 17:43 247.104 FNTCACHE.DAT 13.10.2006 13:35 146.432 nwprovau.dll 13.10.2006 13:35 65.536 nwwks.dll 13.10.2006 13:35 64.000 nwapi32.dll 13.10.2006 08:31 110.592 avgfwafu.dll 12.10.2006 03:10 127.078 javaws.exe 12.10.2006 03:10 49.265 jpicpl32.cpl 12.10.2006 01:35 53.346 javaw.exe 12.10.2006 01:35 49.248 java.exe 13.09.2006 06:02 1.084.416 msxml3.dll Datentr„ger in Laufwerk C: ist Windows Volumeseriennummer: ECE9-5574 Verzeichnis von C:\DOKUME~1\Dennis\LOKALE~1\Temp 01.01.2007 18:32 32.772 AVPFE.tmp 01.01.2007 18:32 0 AVP100.tmp 01.01.2007 18:32 0 AVPFF.tmp 01.01.2007 18:24 173 jusched.log 01.01.2007 18:19 277 WCESLog.log 01.01.2007 18:19 375 WCESCOMM.LOG 6 Datei(en) 33.597 Bytes 0 Verzeichnis(se), 12.585.676.800 Bytes frei Datentr„ger in Laufwerk C: ist Windows Volumeseriennummer: ECE9-5574 Verzeichnis von C:\WINDOWS 01.01.2007 18:24 738.252 setupapi.log 01.01.2007 18:19 0 0.log 01.01.2007 18:18 1.120.858 WindowsUpdate.log 01.01.2007 18:18 159 wiadebug.log 01.01.2007 18:18 50 wiaservc.log 01.01.2007 18:18 2.048 bootstat.dat 01.01.2007 17:35 512.604 ntbtlog.txt 01.01.2007 17:33 32.618 SchedLgU.Txt 29.12.2006 19:51 780.506 setuplog.txt 22.12.2006 11:19 29.122 wmsetup.log 17.12.2006 15:25 709.291 iis6.log 17.12.2006 15:25 1.393 imsins.log 17.12.2006 15:25 217.482 comsetup.log 17.12.2006 15:25 32.041 tabletoc.log 17.12.2006 15:25 291.236 tsoc.log 17.12.2006 15:25 130.435 ntdtcsetup.log 17.12.2006 15:25 34.528 ocmsn.log 17.12.2006 15:25 18.222 KB925454.log 17.12.2006 15:25 306.276 ocgen.log 17.12.2006 15:25 43.856 MedCtrOC.log 17.12.2006 15:25 110.516 netfxocm.log 17.12.2006 15:25 31.206 msgsocm.log 17.12.2006 15:25 624.206 FaxSetup.log 17.12.2006 15:25 197.142 msmqinst.log 17.12.2006 15:25 41.378 updspapi.log 17.12.2006 15:25 1.393 imsins.BAK 17.12.2006 15:25 10.010 KB925398.log 17.12.2006 15:25 11.841 KB923980.log 17.12.2006 15:25 11.269 KB923689.log 17.12.2006 15:24 11.507 KB926255.log 17.12.2006 15:24 11.329 KB923694.log 16.12.2006 21:04 182.835 setupact.log 13.12.2006 07:37 23.201 KB924191.log 13.12.2006 07:37 22.806 KB922819.log 13.12.2006 07:37 21.016 KB923414.log 13.12.2006 07:37 20.882 KB920685.log 13.12.2006 07:37 23.276 KB924270.log 13.12.2006 07:37 20.193 KB924496.log 13.12.2006 07:36 21.838 KB920872.log 13.12.2006 07:36 19.685 KB919007.log 13.12.2006 07:36 16.926 KB923191.log 13.12.2006 07:36 14.048 KB922582.log 13.12.2006 07:35 16.515 KB925486.log 13.12.2006 07:35 17.207 KB920213.log 13.12.2006 07:35 19.343 KB922760.log 12.12.2006 18:24 116 NeroDigital.ini 12.12.2006 18:11 484 GEARInstall.log 10.12.2006 15:29 2.622 ie7_main.log 16.11.2006 19:21 52.333 DirectX.log 16.11.2006 19:13 8.246 hhdrvi.log 13.10.2006 11:28 21 TemplateWizard.INI 06.10.2006 12:00 170 wininit.ini 28.09.2006 12:14 0 nsreg.dat 28.09.2006 12:13 5.543 mozver.dat 25.09.2006 17:09 652 win.ini Datentr„ger in Laufwerk C: ist Windows Volumeseriennummer: ECE9-5574 Verzeichnis von C:\ 01.01.2007 18:33 0 sys.txt 01.01.2007 18:33 873 down.txt 01.01.2007 18:32 111 tmp.txt 01.01.2007 18:32 11.291 system.txt 01.01.2007 18:32 528 systemtemp.txt 01.01.2007 18:31 118.005 system32.txt 01.01.2007 18:17 1.157.627.904 pagefile.sys 29.12.2006 19:21 662 ChangeVLKeySP1.vbs.txt 13.10.2006 11:25 13.030 PDOXUSRS.NET 27.08.2006 21:08 13.312 dvb.GRF 29.08.2005 09:41 210 boot.ini 28.08.2005 12:06 0 MSDOS.SYS 28.08.2005 12:06 0 AUTOEXEC.BAT 28.08.2005 12:06 0 CONFIG.SYS 28.08.2005 12:06 0 IO.SYS 03.08.2004 21:59 251.184 ntldr 03.08.2004 21:38 47.564 NTDETECT.COM 23.08.2001 13:00 4.952 bootfont.bin 18 Datei(en) 1.158.089.626 Bytes 0 Verzeichnis(se), 12.603.412.480 Bytes frei ich hoffe ihr könnt mir helfen. gruß DennisK |
|
|
||
01.01.2007, 19:02
Ehrenmitglied
Beiträge: 29434 |
#14
DennisK
poste dieses log http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.01.2007, 20:14
...neu hier
Beiträge: 6 |
#15
@ sabina: danke für das turboschnelle antworten. thx DennisK
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"" [file not found] "H/PC Connection Agent" = ""D:\Microsoft ActiveSync\wcescomm.exe"" [MS] "swg" = "C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SunJavaUpdateSched" = ""C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "Acrobat Assistant 7.0" = ""D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."] "(Default)" = "(empty string)" [file not found] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "KONICA MINOLTA magicolor 2400W STD" = "C:\WINDOWS\system32\MSTMON_S.EXE STARTUP" ["KONICA MINOLTA BUSINESS TECHNOLOGIES, INC."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Microsoft Office\OFFICE11\msohev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "D:\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls" -> {HKLM...CLSID} = "Registered ActiveX Controls" \InProcServer32\(Default) = "D:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS] "{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components" -> {HKLM...CLSID} = "Developer Studio Components" \InProcServer32\(Default) = "D:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Mobiles Gerät" \InProcServer32\(Default) = "D:\MICROS~3\Wcesview.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {HKLM...CLSID} = "RtClkCtxMenu Class" \InProcServer32\(Default) = "d:\Ipswitch\WS_FTP Professional\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {HKLM...CLSID} = "RtClkCtxMenu Class" \InProcServer32\(Default) = "d:\Ipswitch\WS_FTP Professional\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Dennis" & "All Users" startup folders: -------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Acrobat - Schnellstart" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe" [null data] Enabled Scheduled Tasks: ------------------------ "WebReg 20050909171735" -> launches: "d:\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe /TaskName 20050909171735 /N "HP psc 1200 Series" /M Q1662A /S MY33LB22NV5H /AP 303 /F /T " [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\avgfwafu.dll ["GRISOFT, s.r.o."], 01 - 05 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "D:\MICROS~3\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Mobilen Favoriten erstellen..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "D:\MICROS~3\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Firewall, AVGFwSrv, "C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys" ["GRISOFT, s.r.o."] AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Canon BJ Language Monitor iP5200R\Driver = "CNMLM7A.DLL" ["CANON INC."] Canon BJNP Port\Driver = "CNMNPPM.DLL" ["CANON INC."] EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"] FaxWare Monitor\Driver = "faxwarmo.dll" ["Tobit Software"] hpzsnt07\Driver = "hpzsnt07.dll" ["HP"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] MLMON__S\Driver = "MLMON__S.DLL" ["KONICA MINOLTA BUSINESS TECHNOLOGIES, INC."] Tobit Color Monitor\Driver = "IMGMSGMO.dll" [null data] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 47 seconds, including 11 seconds for message boxes) |
|
|
||
bei mir hat sich ein trojaner eingenistet, der meine Startleiste kappt. also erst öffnet sich diese kurz und dann wird sie sofort ausgeblendet und mein rechner braucht auch zum runterfahren ewigkeiten.
hier die hijack file:
Logfile of HijackThis v1.99.1
Scan saved at 16:44:14, on 29.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\iRiver\HSeries\iHPDetect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\ObjectDock\ObjectDock.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\YzShadow\YzShadow.exe
H:\Programme\Adobe\Adobe Acrobat\Distillr\acrotray.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ANNEGR~1\LOKALE~1\Temp\Rar$EX00.033\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.1:3128
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Adobe\Adobe Acrobat\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Programme\Adobe\Adobe Acrobat\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Programme\Adobe\Adobe Acrobat\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iHP-100] C:\Programme\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\ServicePackFiles\i386\msconfig.exe /auto
O4 - HKCU\..\Run: [ObjectDock] C:\Programme\ObjectDock\ObjectDock.exe
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Programme\Adobe\Adobe Acrobat\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37226A6A-F369-49B6-A2EB-C2A5E05558BB}: NameServer = 192.168.20.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{37226A6A-F369-49B6-A2EB-C2A5E05558BB}: NameServer = 192.168.20.201
O17 - HKLM\System\CS2\Services\Tcpip\..\{37226A6A-F369-49B6-A2EB-C2A5E05558BB}: NameServer = 192.168.20.201
O17 - HKLM\System\CS3\Services\Tcpip\..\{37226A6A-F369-49B6-A2EB-C2A5E05558BB}: NameServer = 192.168.20.201
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
was kann ich tun?
vielen vielen dank für eine hilfe, ich weiß echt nicht was ich tun soll.