PopUps auf dem Desktop sowie im Internet Explorer |
||
---|---|---|
#0
| ||
17.02.2006, 18:41
...neu hier
Beiträge: 3 |
||
|
||
18.02.2006, 15:18
Ehrenmitglied
Beiträge: 29434 |
#2
killa88
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2006, 17:45
...neu hier
Themenstarter Beiträge: 3 |
#3
Hallo Sabina,
vielen Dank für deine Anweisungen. Ich habe CleanUp durchlaufen lassen,welches stolze 1.1 GB entfernen konnte. Die 4 Textdateien habe ich ebenfalls erstellt und werde sie unter diesen Text einstellen. Nochmals vielen Dank, Killa88 sys.txt: Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: 508C-8DAF Verzeichnis von D:\ 11.11.2011 13:37 38.662 blh-fear.mds --> das Datum !!!!!!!!!!! 18.02.2006 17:40 0 sys.txt 18.02.2006 17:40 8.288 system.txt 18.02.2006 17:40 339 systemtemp.txt 18.02.2006 17:40 108.926 system32.txt 18.02.2006 17:22 1.207.959.552 pagefile.sys 17.02.2006 18:21 468.536 CWShredder_2.15.exe 17.02.2006 18:21 73 GWC-Readme.txt 17.02.2006 18:21 365 config.dat 16.02.2006 02:15 107.520 Thumbs.db 15.02.2006 23:55 1.103.539 wouldntitbegood-cascada.mp3 15.02.2006 20:58 1.000.000 Lavasoft.Ad-Aware.SE.Professional.1.0.6.part1.rar 15.02.2006 20:58 1.000.000 Lavasoft.Ad-Aware.SE.Professional.1.0.6.part2.rar 15.02.2006 20:58 1.000.000 Lavasoft.Ad-Aware.SE.Professional.1.0.6.part3.rar 15.02.2006 20:58 1.000.000 Lavasoft.Ad-Aware.SE.Professional.1.0.6.part4.rar 15.02.2006 20:58 1.000.000 Lavasoft.Ad-Aware.SE.Professional.1.0.6.part6.rar 15.02.2006 20:58 1.000.000 Lavasoft.Ad-Aware.SE.Professional.1.0.6.part5.rar 15.02.2006 20:57 726.188 Lavasoft.Ad-Aware.SE.Professional.1.0.6.part7.rar 11.02.2006 15:19 7.837.935 14_cascada_-_everytime_we_touch_(yanous_candlelight_mix)-lgu.mp3 11.02.2006 15:19 8.356.144 13_cascada_-_love_again-lgu.mp3 11.02.2006 15:17 11.838 cascada_-_everytime_we_touch-2006-lgu.nfo 11.02.2006 15:17 8.303.899 12_cascada_-_wouldnt_it_be_good-lgu.mp3 11.02.2006 15:16 10.080.226 10_cascada_-_truly_madly_deeply-lgu.mp3 11.02.2006 15:16 8.918.299 11_cascada_-_one_more_night-lgu.mp3 11.02.2006 15:14 8.152.389 09_cascada_-_a_never_ending_dream-lgu.mp3 11.02.2006 15:13 7.207.801 08_cascada_-_kids_in_america-lgu.mp3 11.02.2006 15:13 8.339.426 07_cascada_-_cant_stop_the_rain-lgu.mp3 11.02.2006 15:11 8.786.642 05_cascada_-_another_you-lgu.mp3 11.02.2006 15:11 8.137.760 06_cascada_-_ready_for_love-lgu.mp3 11.02.2006 15:11 8.763.654 04_cascada_-_miracle-lgu.mp3 11.02.2006 15:09 7.866.087 01_cascada_-_everytime_we_touch-lgu.mp3 11.02.2006 15:08 7.689.499 03_cascada_-_bad_boy-lgu.mp3 11.02.2006 15:08 7.839.964 02_cascada_-_how_do_you_do-lgu.mp3 11.02.2006 15:06 674 00_cascada_-_everytime_we_touch-2006-lgu.sfv 11.02.2006 15:06 534 00_cascada_-_everytime_we_touch-2006-lgu.m3u 10.02.2006 15:02 5.747.666 Massive_Toene_-_Mein_Job.mp3 04.02.2006 14:33 9.057 dance7byLuC.sft 30.01.2006 16:40 1.606.957 MOV00004.wmv 24.01.2006 14:44 739.840 leecher.exe 13.01.2006 10:36 526.464 060113.stoiber.mp3 29.12.2005 01:15 8.150.957 MOV00001.wmv 29.12.2005 01:08 8.707.757 MOV00002.wmv 29.12.2005 01:07 67.244.940 MOV00002.mpg 28.12.2005 02:19 1.835.118 MOV00003.3gp 28.12.2005 01:45 2.507.060 MOV00002.3gp 28.12.2005 01:02 2.435.050 MOV00001.3gp 27.12.2005 17:31 1.120.413 ATITool_0.25b10.exe 25.12.2005 02:33 0 sony ericsson sonyericsson usb datenkabeldlver- infrarot und modemtre [31948].rar system.txt: Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: 508C-8DAF Verzeichnis von D:\WINDOWS 18.02.2006 17:40 7.680 Thumbs.db 18.02.2006 17:40 202 NeroDigital.ini 18.02.2006 17:28 512 randseed.rnd 18.02.2006 17:22 0 0.log 18.02.2006 17:22 159 wiadebug.log 18.02.2006 17:22 50 wiaservc.log 18.02.2006 17:22 2.048 bootstat.dat 17.02.2006 22:56 1.010.588 setupapi.log 17.02.2006 18:30 101 CMMIXER.INI 17.02.2006 18:26 32.616 SchedLgU.Txt 17.02.2006 18:25 951.903 WindowsUpdate.log 17.02.2006 18:15 107.132 UninstallThunderbird.exe 17.02.2006 18:15 4.631 mozver.dat 17.02.2006 18:15 486 win.ini 16.02.2006 16:15 227 system.ini 15.02.2006 21:20 313.459 setupact.log 15.02.2006 17:43 32.128 toolbar.exe 15.02.2006 17:43 977.471 setuplog.txt 15.02.2006 17:42 29.696 tool2.exe 15.02.2006 17:42 76.800 kl1.exe 15.02.2006 17:42 0 uniq 14.02.2006 19:19 54.156 QTFont.qfn 14.02.2006 15:23 30.978 wmsetup.log 08.02.2006 23:40 89.213 DirectX.log 07.02.2006 23:14 79 TELCALL.INI 31.01.2006 02:14 209 LEXSTAT.INI 22.01.2006 15:27 87 setup.log 20.01.2006 13:08 37.208 MedCtrOC.log 20.01.2006 13:08 21.586 ehOCGen.log 20.01.2006 13:08 18.257 ocmsn.log 20.01.2006 13:08 4.566 imsins.log 20.01.2006 13:08 478.545 iis6.log 20.01.2006 13:08 151.715 tsoc.log 20.01.2006 13:08 110.559 comsetup.log 20.01.2006 13:08 69.672 ntdtcsetup.log 20.01.2006 13:08 14.314 tabletoc.log 20.01.2006 13:08 47.226 plusoc.log 20.01.2006 13:08 186.670 ocgen.log 20.01.2006 13:08 16.139 msgsocm.log 20.01.2006 13:08 291.149 FaxSetup.log 20.01.2006 13:08 67.345 netfxocm.log 20.01.2006 13:08 119.616 msmqinst.log 20.01.2006 13:08 4.566 imsins.BAK 15.01.2006 20:10 316.640 WMSysPr9.prx 11.01.2006 20:12 1.409 QTFont.for 07.01.2006 15:55 15.741 KB896424.log 07.01.2006 15:55 11.144 KB910437.log 07.01.2006 15:55 18.953 updspapi.log 07.01.2006 15:55 17.804 KB905915.log 07.01.2006 15:54 11.585 KB912919.log 02.01.2006 15:39 722 Ulead32.ini 29.12.2005 14:47 0 WATCH.INI 29.12.2005 00:56 324 3gptoavi3.INI 28.12.2005 01:05 1.246 GEARInstall.log 27.12.2005 19:31 74.497 Omega Drivers v2.6.87.log 27.12.2005 19:28 451.072 Radeon Omega Drivers v2.6.87 Uninstall.exe 27.12.2005 16:56 2.912 COM+.log 25.12.2005 20:08 249.856 Setup1.exe 25.12.2005 20:08 73.216 ST6UNST.EXE 25.12.2005 13:30 105.524 ntbtlog.txt 24.12.2005 23:02 142 ODBC.INI 23.12.2005 19:44 24 wsd.ini 23.12.2005 19:40 192 winamp.ini 13.12.2005 19:12 81 TB96.INI 13.12.2005 19:12 114 maxlink.ini systemtemp.txt: Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: 508C-8DAF Verzeichnis von D:\DOKUME~1\Tim\LOKALE~1\Temp 18.02.2006 17:27 16.384 ~DF21A1.tmp 18.02.2006 17:27 16.384 ~DFFDBF.tmp 2 Datei(en) 32.768 Bytes 0 Verzeichnis(se), 3.094.749.184 Bytes frei system32.txt: Volume in Laufwerk D: hat keine Bezeichnung. Volumeseriennummer: 508C-8DAF Verzeichnis von D:\WINDOWS\system32 18.02.2006 02:45 237.308 g8lm0i31e8.dll 18.02.2006 02:26 234.173 enn8l15u1.dll 18.02.2006 02:00 234.201 l60ulgd9160.dll 17.02.2006 20:41 233.805 irjml5111.dll 17.02.2006 20:24 233.725 q4nu0e59eh.dll 17.02.2006 18:27 233.635 q4ps0e77eh.dll 17.02.2006 18:25 236.356 ukrrtosa.dll 16.02.2006 23:32 235.550 ir0ml5d11.dll 16.02.2006 16:21 235.302 jtn8075ue.dll 16.02.2006 02:30 235.069 mvp4l97q1.dll 15.02.2006 21:08 234.272 m4460ehseh460.dll 15.02.2006 17:58 234.834 n26q0cj5efo.dll 15.02.2006 17:43 2.206 wpa.dbl 14.02.2006 19:44 3.132 qtplugin.log 03.02.2006 00:08 7.006 jupdate-1.5.0_06-b05.log 20.01.2006 13:08 380.350 perfh009.dat 20.01.2006 13:08 52.764 perfc009.dat 20.01.2006 13:08 390.944 perfh007.dat 20.01.2006 13:08 63.534 perfc007.dat 20.01.2006 13:08 895.494 PerfStringBackup.INI 15.01.2006 20:09 1.375 SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat 15.01.2006 20:09 130.048 SpoonUninstall.exe 15.01.2006 20:09 33.846 SpoonUninstall-dBpowerAMP WMA V9.1 Codec.bmp 08.01.2006 04:42 145.216 FNTCACHE.DAT 29.12.2005 03:54 280.064 gdi32.dll 27.12.2005 14:03 2.339 SpoonUninstall-dBpowerAMP Mp4 Codec.dat 27.12.2005 14:03 33.846 SpoonUninstall-dBpowerAMP Mp4 Codec.bmp 27.12.2005 14:02 36.100 SpoonUninstall-dBpowerAMP Music Converter.dat 27.12.2005 14:02 33.846 SpoonUninstall-dBpowerAMP Music Converter.bmp 14.12.2005 00:24 118.784 sirenacm.dll 08.12.2005 16:25 2.723.680 MRT.exe 01.12.2005 04:31 1.492.480 shdocvw.dll |
|
|
||
18.02.2006, 18:03
Ehrenmitglied
Beiträge: 29434 |
#4
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: D:\WINDOWS\system32\g8lm0i31e8.dll D:\WINDOWS\system32\enn8l15u1.dll D:\WINDOWS\system32\l60ulgd9160.dll D:\WINDOWS\system32\guard.tmp D:\WINDOWS\system32\irjml5111.dll D:\WINDOWS\system32\q4nu0e59eh.dll D:\WINDOWS\system32\q4ps0e77eh.dll D:\WINDOWS\system32\ukrrtosa.dll D:\WINDOWS\system32\ir0ml5d11.dll D:\WINDOWS\system32\jtn8075ue.dll D:\WINDOWS\system32\mvp4l97q1.dll D:\WINDOWS\system32\m4460ehseh460.dll D:\WINDOWS\system32\n26q0cj5efo.dll D:\WINDOWS\3gptoavi3.INI D:\WINDOWS\toolbar.exe D:\WINDOWS\setuplog.txt D:\WINDOWS\tool2.exe D:\WINDOWS\kl1.exe D:\blh-fear.mds D:\WINDOWS\uniq nach dem Neustart suche: C:\!KillBox und loesche alle dort befindlichen Dateien manuell L2mfix --> arbeite Option 2 ab--> nach Neustart + scan , poste den scanreport http://virus-protect.org/l2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2006, 18:47
...neu hier
Themenstarter Beiträge: 3 |
#5
Nochmals danke....alles gemacht:
L2mfix 010406 Creating Account. Der Befehl wurde erfolgreich ausgefhrt. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: D:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 520 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 596 'winlogon.exe' Killing PID 596 'winlogon.exe' Killing PID 596 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1584 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratoren ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony] "Asynchronous"=dword:00000000 "DllName"="D:\\WINDOWS\\system32\\l4j80e1ueh.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{09D66F47-C716-45F7-A42E-39A5A431CCED}] @="" [HKEY_CLASSES_ROOT\CLSID\{09D66F47-C716-45F7-A42E-39A5A431CCED}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{09D66F47-C716-45F7-A42E-39A5A431CCED}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{09D66F47-C716-45F7-A42E-39A5A431CCED}\InprocServer32] @="D:\\WINDOWS\\system32\\ukrrtosa.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{09D66F47-C716-45F7-A42E-39A5A431CCED}"=- [-HKEY_CLASSES_ROOT\CLSID\{09D66F47-C716-45F7-A42E-39A5A431CCED}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/09D66F47-C716-45F7-A42E-39A5A431CCED.reg (212 bytes security) (deflated 70%) adding: backregs/notibac.reg (188 bytes security) (deflated 87%) adding: backregs/shell.reg (188 bytes security) (deflated 73%) Des weiteren habe ich noch einen HiJackThis-Scan durchgeführt mit folgendem Ergebnis: Logfile of HijackThis v1.99.1 Scan saved at 18:51:14, on 18.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\LEXBCES.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\LEXPPS.EXE D:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\eHome\ehRecvr.exe D:\WINDOWS\eHome\ehSched.exe D:\Programme\Network Associates\Common Framework\FrameworkService.exe D:\Programme\Network Associates\VirusScan\Mcshield.exe D:\Programme\Network Associates\VirusScan\VsTskMgr.exe D:\WINDOWS\system32\ACStealthifySvc.exe D:\WINDOWS\system32\svchost.exe D:\Programme\Java\jre1.5.0_06\bin\jusched.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\System32\svchost.exe D:\Programme\SlimBrowser\sbrowser.exe D:\Programme\ICQLite\ICQLite.exe D:\Downloads\HijackThis.exe O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: BTTray.lnk.disabled O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled O4 - Global Startup: STK007 PNP Monitor.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Alles mit FlashGet laden - D:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - D:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Senden an &Bluetooth - D:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O12 - Plugin for .mp3: D:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O23 - Service: Adobe LM Service - Adobe Systems - D:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - D:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: ArchiCrypt Stealthify Service (StealthifySvc) - Unknown owner - D:\WINDOWS\system32\ACStealthifySvc.exe Dieser Beitrag wurde am 18.02.2006 um 18:53 Uhr von killa88 editiert.
|
|
|
||
18.02.2006, 21:18
Ehrenmitglied
Beiträge: 29434 |
#6
Hoster.zip
http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. Trialversion Spysweeper http://virus-protect.org/spysweeper.html poste den scanbericht -------------------------------------- ArchiCrypt Stealthify Service --> was ist das ? Hast du das bewusst geladen ? O23 - Service: ArchiCrypt Stealthify Service (StealthifySvc) - Unknown owner - D:\WINDOWS\system32\ACStealthifySvc.exe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
seit ungefähr 3 Tagen erscheinen auf meinem Desktop unangenehme PopUps und mein Internet Explorer öffnet sich ständig mit irgendwelchen Werbe-Fenstern. Habe Mc Affee Antivirus, Ad-aware, Spybot mehrmals durchlaufen lassen,aber kein Erfolg.
Ich hoffe, dass ihr mir helfen könnt.
Hier meine Log-File:
Logfile of HijackThis v1.99.1
Scan saved at 18:40:05, on 17.02.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Programme\Network Associates\Common Framework\FrameworkService.exe
D:\WINDOWS\system32\rundll32.exe
D:\Programme\Network Associates\VirusScan\Mcshield.exe
D:\Programme\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ACStealthifySvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\ICQLite\ICQLite.exe
D:\Programme\SlimBrowser\sbrowser.exe
D:\WINDOWS\mixer.exe
D:\Downloads\HijackThis.exe
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: BTTray.lnk.disabled
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: STK007 PNP Monitor.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Alles mit FlashGet laden - D:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - D:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Senden an &Bluetooth - D:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .mp3: D:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O20 - Winlogon Notify: App Management - D:\WINDOWS\system32\l4j80e1ueh.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - D:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ArchiCrypt Stealthify Service (StealthifySvc) - Unknown owner - D:\WINDOWS\system32\ACStealthifySvc.exe
Vielen Dank im Vorraus!
Liebe Grüße,
killa88