Ich kann Spywarequake nicht entfernen |
||
---|---|---|
#0
| ||
15.08.2006, 18:02
Ehrenmitglied
Beiträge: 29434 |
||
|
||
15.08.2006, 18:43
Member
Beiträge: 21 |
#122
Hallo!
Habe leider die gleichen Probleme wie die meisten hier. Bitte hilf mir. Verzeichnis von C:\WINDOWS\system32 15.08.2006 18:25 2.206 wpa.dbl 09.08.2006 21:03 8.325.544 MRT.exe 28.07.2006 13:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 25.07.2006 22:33 615.936 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 16.07.2006 15:49 403.968 perfh009.dat 16.07.2006 15:49 418.970 perfh007.dat 16.07.2006 15:49 63.188 perfc009.dat 16.07.2006 15:49 76.014 perfc007.dat 16.07.2006 15:49 974.848 PerfStringBackup.INI 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 09.07.2006 13:11 47.576 GDIPFONTCACHEV1.DAT 09.07.2006 13:10 187.408 FNTCACHE.DAT 08.07.2006 15:25 98.304 CmdLineExt.dll 06.07.2006 15:44 288 $winnt$.inf 06.07.2006 15:41 16.832 amcompat.tlb 06.07.2006 15:41 23.392 nscompat.tlb 06.07.2006 15:40 488 logonui.exe.manifest 06.07.2006 15:40 488 WindowsLogon.manifest 06.07.2006 15:39 749 cdplayer.exe.manifest 06.07.2006 15:39 749 wuaucpl.cpl.manifest 06.07.2006 15:39 749 ncpa.cpl.manifest 06.07.2006 15:39 749 nwc.cpl.manifest 06.07.2006 15:39 749 sapi.cpl.manifest 06.07.2006 15:38 23.504 emptyregdb.dat 05.07.2006 12:55 1.057.792 kernel32.dll 26.06.2006 19:40 8.192 rasadhlp.dll 26.06.2006 19:40 148.480 dnsapi.dll 23.06.2006 13:10 664.576 wininet.dll 23.06.2006 13:10 532.480 mstime.dll 23.06.2006 13:10 146.432 msrating.dll 23.06.2006 13:10 448.512 mshtmled.dll 23.06.2006 13:10 1.494.016 shdocvw.dll 23.06.2006 13:10 39.424 pngfilt.dll 23.06.2006 13:10 474.624 shlwapi.dll 23.06.2006 13:10 251.392 iepeers.dll 23.06.2006 13:10 55.808 extmgr.dll 23.06.2006 13:10 16.384 jsproxy.dll 23.06.2006 13:10 205.312 dxtrans.dll 23.06.2006 13:10 96.768 inseng.dll 23.06.2006 13:10 1.022.976 browseui.dll 23.06.2006 13:10 357.888 dxtmsft.dll 23.06.2006 13:10 1.056.256 danim.dll 23.06.2006 13:10 152.064 cdfview.dll 23.06.2006 10:53 27.136 xpsp3res.dll 22.06.2006 12:47 181.248 rasmans.dll 19.06.2006 16:20 702.768 WgaLogon.dll 19.06.2006 16:19 571.184 LegitCheckControl.dll 19.06.2006 16:19 304.944 WgaTray.exe 07.06.2006 19:54 409.600 wrap_oal.dll 07.06.2006 19:54 86.016 OpenAL32.dll 05.06.2006 16:51 552 d3d8caps.dat 01.06.2006 20:47 163.840 jgdw400.dll 01.06.2006 20:47 27.648 jgpl400.dll 19.05.2006 15:09 112.128 dhcpcsvc.dll 19.05.2006 15:09 95.744 iphlpapi.dll 18.05.2006 07:36 450.560 jscript.dll 03.05.2006 18:54 307.200 atiiiexx.dll 03.05.2006 18:51 258.048 ati2dvag.dll 03.05.2006 18:45 114.688 atipdlxx.dll 03.05.2006 18:45 77.824 Oemdspif.dll 03.05.2006 18:45 26.112 Ati2mdxx.exe 03.05.2006 18:45 41.984 ati2edxx.dll 03.05.2006 18:44 61.440 ati2evxx.dll 03.05.2006 18:43 413.696 ati2evxx.exe 03.05.2006 18:43 53.248 ATIDDC.DLL 03.05.2006 18:35 2.693.280 ati3duag.dll 03.05.2006 18:29 1.408.000 ativvaxx.dll 03.05.2006 18:21 6.684.672 atioglx1.dll 03.05.2006 18:18 5.033.984 atioglxx.dll 03.05.2006 18:15 151.552 atikvmag.dll 03.05.2006 18:15 17.408 atitvo32.dll 03.05.2006 18:12 286.720 ATIDEMGR.dll 03.05.2006 18:09 282.624 ati2cqag.dll 03.05.2006 11:57 520.192 ati2sgag.exe Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp 15.08.2006 18:35 512 ~DF754E.tmp 15.08.2006 18:26 16.384 Perflib_Perfdata_ec8.dat 15.08.2006 18:26 16.384 Perflib_Perfdata_ed0.dat 15.08.2006 18:25 16.384 Perflib_Perfdata_748.dat 14.08.2006 23:09 798.234 IMT4C.xml 14.08.2006 23:09 426 IMT4B.xml 14.08.2006 23:09 2.036 IMT4A.xml 14.08.2006 23:07 2.036 IMT3C.xml 14.08.2006 22:57 32.723 SQLanguage.ini 14.08.2006 22:56 49.696 tmp1E.tmp 11.08.2006 04:29 124 0CF6E057.TMP 10.08.2006 18:25 717 control.xml 06.08.2006 18:29 1.100 QTInstallCode.log 06.08.2006 14:33 16.384 Perflib_Perfdata_e94.dat 06.08.2006 14:00 0 fla30.tmp 06.08.2006 13:38 0 flaC.tmp 06.08.2006 13:31 0 flaB.tmp 06.08.2006 13:31 0 flaA.tmp 06.08.2006 13:31 0 fla9.tmp 06.08.2006 13:30 0 fla8.tmp 06.08.2006 13:29 0 fla7.tmp 06.08.2006 13:27 0 fla6.tmp 06.08.2006 13:26 0 fla5.tmp 06.08.2006 13:26 16.384 Perflib_Perfdata_ec0.dat 06.08.2006 13:26 16.384 Perflib_Perfdata_eb4.dat 27.07.2006 11:49 16.384 ~DF3927.tmp 27.07.2006 11:49 16.384 ~DF3430.tmp 22.07.2006 22:31 16.384 Perflib_Perfdata_f7c.dat 22.07.2006 22:31 16.384 Perflib_Perfdata_f84.dat 22.07.2006 15:21 16.384 Perflib_Perfdata_e84.dat 22.07.2006 15:21 16.384 Perflib_Perfdata_344.dat 14.07.2006 20:40 4.592 temp.ani 14.07.2006 15:48 16.384 Perflib_Perfdata_d70.dat 14.07.2006 15:48 16.384 Perflib_Perfdata_d78.dat 09.07.2006 18:55 16.384 ~DF5C09.tmp 08.07.2006 15:02 3.273 qtplugin.log 08.07.2006 15:02 450.048 98fe72.mst 08.07.2006 15:02 450.048 8a1b1a.mst 08.07.2006 09:34 16.384 Perflib_Perfdata_22c.dat 08.07.2006 09:34 16.384 Perflib_Perfdata_d10.dat 08.07.2006 09:33 16.384 Perflib_Perfdata_7b4.dat 02.07.2006 19:48 16.384 Perflib_Perfdata_ce4.dat 02.07.2006 19:48 16.384 Perflib_Perfdata_cec.dat 30.06.2006 15:00 16.384 Perflib_Perfdata_85c.dat 29.06.2006 17:01 72.192 ~e5.0001 28.06.2006 21:04 16.384 Perflib_Perfdata_b80.dat 28.06.2006 21:04 16.384 Perflib_Perfdata_b88.dat 28.06.2006 21:04 16.384 Perflib_Perfdata_200.dat 27.06.2006 19:27 409 WGANotify.settings 25.06.2006 16:24 16.384 ~DF1305.tmp 25.06.2006 14:47 16.384 ~DF1DE4.tmp 25.06.2006 14:47 16.384 ~DF1993.tmp 25.06.2006 13:54 16.384 ~DF23A2.tmp 22.06.2006 20:21 16.384 ~DFDB7F.tmp 22.06.2006 20:21 16.384 ~DFDB53.tmp 22.06.2006 20:21 16.384 ~DFDB9F.tmp 22.06.2006 20:21 16.384 ~DFDBBC.tmp 22.06.2006 20:21 16.384 ~DFA9FB.tmp 22.06.2006 20:21 16.384 ~DFA343.tmp 21.06.2006 22:20 16.384 ~DFDB9A.tmp 21.06.2006 22:20 16.384 ~DFD431.tmp 21.06.2006 21:03 16.384 Perflib_Perfdata_8e0.dat 21.06.2006 21:03 16.384 Perflib_Perfdata_9f4.dat 21.06.2006 21:03 16.384 ~DFC23E.tmp 21.06.2006 21:03 512 ~DFA00B.tmp 21.06.2006 21:03 16.384 ~DF9FFE.tmp 21.06.2006 21:02 16.384 Perflib_Perfdata_160.dat 20.06.2006 22:10 32.768 ~DFB713.tmp 20.06.2006 20:56 16.384 ~DF8D38.tmp 19.06.2006 21:04 16.384 ~DF4A4C.tmp 19.06.2006 21:04 16.384 ~DF3BD2.tmp 18.06.2006 20:50 16.384 ~DF99B.tmp 17.06.2006 10:54 16.384 ~DF3D52.tmp 17.06.2006 10:51 16.384 ~DFA8EC.tmp 15.06.2006 20:26 13.110 ICQ12.tmp 15.06.2006 20:26 4.505 ICQ11.tmp 15.06.2006 20:22 24.117 ICQ10.tmp 15.06.2006 20:22 7.338 ICQF.tmp 15.06.2006 20:22 23.506 ICQE.tmp 15.06.2006 20:22 6.971 ICQD.tmp 15.06.2006 20:22 23.816 ICQC.tmp 15.06.2006 20:22 7.127 ICQB.tmp 15.06.2006 10:53 16.384 Perflib_Perfdata_530.dat 11.06.2006 15:56 16.384 Perflib_Perfdata_c14.dat 11.06.2006 15:56 16.384 Perflib_Perfdata_5c8.dat 08.06.2006 15:57 16.552 dd_netfx20UI6293.txt 08.06.2006 15:57 5.031.778 dd_netfx20MSI6293.txt 08.06.2006 15:56 5.144 ASPNETSetup_00000.log 07.06.2006 20:01 2.286 IMT31.xml 07.06.2006 16:36 798.234 IMT12.xml 07.06.2006 16:36 426 IMT11.xml 07.06.2006 16:36 2.036 IMT10.xml 07.06.2006 16:36 798.234 IMTF.xml 07.06.2006 16:36 426 IMTE.xml 07.06.2006 16:36 2.036 IMTD.xml 07.05.2006 19:12 32.855 ICQRT.dll Verzeichnis von C:\WINDOWS 15.08.2006 18:25 1.683.814 WindowsUpdate.log 15.08.2006 18:25 0 0.log 15.08.2006 18:25 2.048 bootstat.dat 15.08.2006 18:24 32.434 SchedLgU.Txt 15.08.2006 16:47 517.510 ntbtlog.txt 15.08.2006 16:42 328.017 setupapi.log 15.08.2006 14:43 116 NeroDigital.ini 15.08.2006 13:02 243.648 setupact.log 13.08.2006 23:47 936.591 iis6.log 13.08.2006 23:47 285.438 comsetup.log 13.08.2006 23:47 1.374 imsins.log 13.08.2006 23:47 43.726 ocmsn.log 13.08.2006 23:47 39.824 tabletoc.log 13.08.2006 23:47 365.004 tsoc.log 13.08.2006 23:47 15.527 KB920214.log 13.08.2006 23:47 170.793 ntdtcsetup.log 13.08.2006 23:47 54.904 MedCtrOC.log 13.08.2006 23:47 136.618 netfxocm.log 13.08.2006 23:47 391.010 ocgen.log 13.08.2006 23:47 39.397 msgsocm.log 13.08.2006 23:47 769.838 FaxSetup.log 13.08.2006 23:47 250.710 msmqinst.log 13.08.2006 23:47 15.520 KB922616.log 13.08.2006 23:47 1.374 imsins.BAK 13.08.2006 23:47 15.924 KB921398.log 13.08.2006 23:47 49.215 updspapi.log 13.08.2006 23:47 19.216 KB918899.log 13.08.2006 23:47 11.904 KB920670.log 13.08.2006 23:46 12.065 KB917422.log 13.08.2006 23:46 12.357 KB920683.log 11.08.2006 21:00 132 winamp.ini 10.08.2006 18:25 114.984 wmsetup.log 08.08.2006 23:08 11.101 KB921883.log 06.08.2006 23:15 1.067 IE4 Error Log.txt 06.08.2006 18:29 54.156 QTFont.qfn 06.08.2006 18:29 1.409 QTFont.for 05.08.2006 02:01 50 wiaservc.log 05.08.2006 02:01 216 wiadebug.log 16.07.2006 16:10 12.503 KB914388.log 15.07.2006 07:28 10.780 KB917159.log 15.07.2006 07:28 10.492 KB916595.log 06.07.2006 16:05 2.735 spupdsvc.log 06.07.2006 16:03 45.938 KB911280.log 06.07.2006 16:03 47.870 KB917953.log 06.07.2006 16:03 47.204 KB913580.log 06.07.2006 16:03 54.018 KB916281.log 06.07.2006 16:03 42.841 KB918439.log 06.07.2006 16:03 44.137 KB917344.log 06.07.2006 16:03 40.692 KB914389.log 06.07.2006 16:02 28.523 KB917734.log 06.07.2006 16:02 41.238 KB908531.log 06.07.2006 16:02 46.527 KB900485.log 06.07.2006 16:02 42.663 KB911562.log 06.07.2006 16:02 38.882 KB911567.log 06.07.2006 16:02 28.310 KB911564.log 06.07.2006 16:02 42.508 KB911927.log 06.07.2006 16:02 37.777 KB912919.log 06.07.2006 16:01 37.659 KB908519.log 06.07.2006 16:01 36.307 KB904706.log 06.07.2006 16:01 32.549 KB910437.log 06.07.2006 16:01 36.539 KB896424.log 06.07.2006 16:01 38.982 KB900725.log 06.07.2006 16:01 34.438 KB905749.log 06.07.2006 16:01 37.512 KB905414.log 06.07.2006 16:01 41.926 KB901017.log 06.07.2006 16:01 36.657 KB899589.log 06.07.2006 16:01 49.524 KB902400.log 06.07.2006 16:00 31.094 KB894391.log 06.07.2006 16:00 32.171 KB896423.log 06.07.2006 16:00 30.149 KB899587.log 06.07.2006 16:00 29.140 KB899591.log 06.07.2006 16:00 29.432 KB893756.log 06.07.2006 16:00 25.940 KB896358.log 06.07.2006 16:00 30.083 KB890859.log 06.07.2006 16:00 21.779 KB901214.log 06.07.2006 16:00 22.252 KB896428.log 06.07.2006 16:00 26.037 KB896422.log 06.07.2006 16:00 23.692 KB890046.log 06.07.2006 16:00 31.576 KB885835.log 06.07.2006 15:59 30.175 KB887742.log 06.07.2006 15:59 29.341 KB888113.log 06.07.2006 15:59 29.494 KB891781.log 06.07.2006 15:59 23.861 KB888302.log 06.07.2006 15:59 28.765 KB885836.log 06.07.2006 15:59 13.861 KB886185.log 06.07.2006 15:59 28.751 KB873339.log 06.07.2006 15:52 2.904 COM+.log 06.07.2006 15:51 10.931 KB893803v2.log 06.07.2006 15:47 677.404 setuplog.txt 06.07.2006 15:41 316.640 WMSysPr9.prx 06.07.2006 15:41 1.272 OEWABLog.txt 06.07.2006 15:40 4.161 ODBCINST.INI 06.07.2006 15:39 749 WindowsShell.Manifest 06.07.2006 15:39 708 win.ini 06.07.2006 15:39 2.065 sessmgr.setup.log 06.07.2006 15:38 253 DtcInstall.log 06.07.2006 15:38 373 cmsetacl.log 06.07.2006 15:36 6.249 avmcoins.log 06.07.2006 15:30 3.304 regopt.log 06.07.2006 15:30 231 system.ini 27.06.2006 20:00 12.862 EPISMG00.SWB 27.06.2006 19:27 4.640 WgaNotify.log 27.06.2006 19:27 52.169 setupapi.old 10.06.2006 16:24 412 toolsx86.INI 08.06.2006 12:37 7.642 DirectX.log 07.06.2006 20:02 19.146 KB912812.log 07.06.2006 20:02 4.512 KB911565.log 07.06.2006 20:02 7.462 KB913446.log 07.06.2006 13:37 0 vpc32.INI 07.06.2006 13:32 25.406.450 setupapi.log.2.old 19.05.2006 14:52 343 cdplayer.ini 13.05.2006 15:50 342 WISO.INI 13.05.2006 15:27 97 buhl.ini 13.05.2006 12:23 63 tdf.dii 13.05.2006 12:23 3.010 tm.ini Verzeichnis von C:\ 15.08.2006 18:38 0 sys.txt 15.08.2006 18:37 10.658 system.txt 15.08.2006 18:36 5.605 systemtemp.txt 15.08.2006 18:35 97.956 system32.txt 15.08.2006 18:25 1.610.612.736 pagefile.sys 06.07.2006 15:37 211 boot.ini 08.04.2005 03:31 0 CONFIG.SYS 08.04.2005 03:31 0 IO.SYS 08.04.2005 03:31 0 MSDOS.SYS 08.04.2005 03:31 0 AUTOEXEC.BAT 03.08.2004 22:59 251.184 ntldr 03.08.2004 22:38 47.564 NTDETECT.COM 23.08.2001 14:00 4.952 bootfont.bin 24.05.2001 12:59 162.304 UNWISE.EXE 14 Datei(en) 1.611.193.170 Bytes 0 Verzeichnis(se), 151.372.857.344 Bytes frei Logfile of HijackThis v1.99.1 Scan saved at 18:39:30, on 15.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Media-Codec\pmsngr.exe C:\WINDOWS\system32\nvraidservice.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\nocd\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152193759500 O18 - Filter: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - C:\WINDOWS\system32\vwlummc.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe |
|
|
||
15.08.2006, 18:44
...neu hier
Beiträge: 10 |
#123
Hallo Sabina,
da ich unter "Start" keinen Eintrag "Arbeitspalz finde, habe ich im Explorer unter Extras > Ordneroptionen im Reiter Ansicht bei "Geschütze Systemdateien ausblenden" den Haken entfernt und ... ich sehe jetzt C:\RECYCLER\S-1-5-21-776561741-861567501-1801674531-1003 darin befindet sich aber nur backup-15.08.2006-13.45.35,57 dieses habe ich jetzt gelöscht ok? Zwischendurch mal wieder ein herzlichen Danke schön für deine kompotente und schnelle Hilfe aschulo |
|
|
||
15.08.2006, 19:16
Ehrenmitglied
Beiträge: 29434 |
#124
HeirOfMu
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLLPC neustarten arbeite smitfraud.fix ab und poste die scanreporte http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.08.2006, 19:17
Ehrenmitglied
Beiträge: 29434 |
#125
aschulo
es muesste wieder alles in Ordnung sein - bist entlassen. oder kommen noch PopUps ??? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.08.2006, 19:42
...neu hier
Beiträge: 10 |
#126
Hallo Sabina,
ganz, ganz herzlichen Dank Ich wollte dir eine kleine Spende zukommen lassen, aber aus Deutschland ist nur Visa und MasterCard möglich, die ich nicht habe. Kannst du mir einen Tip geben Herzlichen Dank aschulo |
|
|
||
15.08.2006, 19:43
Member
Beiträge: 21 |
#127
Hallo Sabina,
habe gemacht, was du gesagt hast. Vielen Dank. Hier ist die Logfile: SmitFraudFix v2.81 Scan done at 19:36:43,68, 15.08.2006 Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "hubbsi"="{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Programme\Media-Codec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
||
15.08.2006, 19:52
Ehrenmitglied
Beiträge: 29434 |
#128
HeirOfMu
1. deinstalliere: C:\Programme\MyGlobalSearch C:\Programme\RXToolBar + P2P-Software 2. scanne mit counterspy, lasse nach dem scan alles auf "remove" stellen und poste den report http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.08.2006, 20:30
Member
Beiträge: 21 |
#129
So, hier ist der Report von Counterspy. Ich hoffe, du weißt, dass ich absolut keine Ahnung davon habe, was in den Reports drinsteht.
Spyware Scan Details Start Date: 15.08.2006 20:11:50 End Date: 15.08.2006 20:25:07 Total Time: 13 mins 17 secs Detected spyware IST.SideFind Browser Plug-in more information... Details: SideFind is a browser helper object (BHO) that add a side bar to Internet Explorer and displays alternate search results in the side bar. Status: Deleted Infected files detected c:\programme\sidefind\sfbho.dll c:\programme\sidefind\sfexd001 Bullguard Potentially Unwanted Program more information... Details: Bullguard is a software suite that includes antivirus, firewall, spam filter and online backup. Status: Deleted Infected files detected c:\windows\temp\bullguard\bulldownload.exe Need2FindBar Potentially Unwanted Program more information... Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 2 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 16 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7 C2.Lop Hijacker more information... Details: Lop is a group of spyware and hijacker programs that set your Internet Explorer start page and search features to use the site lop.com ('Live Online Portal') or one of its clone sites. Status: Deleted Infected files detected c:\dokumente und einstellungen\administrator\favoriten\going places\travel.lnk MyGlobalSearch.Toolbar Potentially Unwanted Program more information... Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field. Status: Deleted Infected files detected C:\nocd\hijackthis\backups\backup-20060815-192232-406.dll C:\RECYCLER\S-1-5-21-527237240-1993962763-839522115-500\Dc2.dll C:\RECYCLER\S-1-5-21-527237240-1993962763-839522115-500\Dc3\bar\1.bin\MGSBAR.DLL Infected registry entries detected HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945} HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CurVer MyGlobalSearchBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin MyGlobalSearch Toolbar Plugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945} HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 MyGlobalSearch Toolbar Plugin HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar UseFWB 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid MZ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar PluginPath C:\Programme\MyGlobalSearch\bar\1.bin\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id A02D481D-E078-4AE3-B6BB-1F1BA4E1C9C3 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2005050709 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar favfwbs ^07B18EA9-A523-4961-B6BB-170DE4475CCA^9321DFC9-A260-4312-9585-3FD8BC98C 15B^8EAB99C9-F9EC-4b64-A4BA -D9BCAE8779C2^4D1C4E89-A32A-416b-BCDB-33B3EF3617D3^ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\ KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\Software\Kazaa\Settings + HKEY_CURRENT_USER\Software\Kazaa\Settings Date HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer + HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1 HKEY_CURRENT_USER\Software\Kazaa Tmp 0 Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 IST.ISTbar Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0 WinFixer Rogue Security Program more information... Details: WinFixer is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinFixer 2005 EulUWFX5U_0001_LP 1 HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinFixer 2005 HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinFixer 2005 EulUWFX5U_0001_LP 1 IST.PowerScan Adware (General) more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Power Scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Power Scan SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Power Scan Changed 0 SurfAccuracy Adware (General) more information... Details: SurfAccuracy is an adware application that displays advertisements on the desktop and records keystrokes that are entered into certain search engines. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc Changed 0 180solutions.SearchAssistant Adware (General) more information... Details: 180search Assistant is an adware application that monitors users' search queries and web surfing in order to display targeted advertising. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais Changed 0 WinAntiSpyware Rogue Security Program more information... Details: WinAntiSpyware is a rogue antis-pyware product which pesters users with scareware tactics to purchase the product. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinFixer 2005 EulUWFX5U_0001_LP 1 Zlob.Media-Codec Trojan Downloader more information... Details: Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Zlob.Media-Codec actually downloads and installs additional malware on the user's ma Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 DisplayName Internet Explorer Security Plugin 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 UninstallString "C:\Programme\Media-Codec\iesuninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On DisplayName Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On UninstallString "C:\Programme\Media-Codec\isauninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 DisplayName Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 UninstallString "C:\Programme\Media-Codec\pmuninst.exe" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}\iexplore Count 48 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}\iexplore Time ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\administrator\cookies\administrator@atdmt[1].txt DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\administrator\cookies\administrator@doubleclick[1].txt Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\administrator\cookies\administrator@hitbox[2].txt Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\administrator\cookies\administrator@mediaplex[2].txt Radar Spy 1.0 Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\administrator\cookies\administrator@tradedoubler[1].txt |
|
|
||
15.08.2006, 21:54
Ehrenmitglied
Beiträge: 29434 |
#130
HeirOfMu
da war ja ganz schoen viel Muell drauf.... Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet. dann sollte alles wieder o.k. sein..oder kommen noch Popups ? Poste bitte das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.08.2006, 22:40
Member
Beiträge: 21 |
#131
Es kommen keine Popups mehr, vielen Dank für deine Hilfe.
Hier ist die neue HijackThis-Logfile: Logfile of HijackThis v1.99.1 Scan saved at 22:38:58, on 15.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\nvraidservice.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\nocd\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152193759500 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe Nochmals vielen Dank! |
|
|
||
16.08.2006, 02:03
...neu hier
Beiträge: 7 |
#132
Hallo, was kann ich machen?
Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Verzeichnis von C:\WINDOWS\system32 16.08.2006 00:29 176.128 viruxz.dll 14.08.2006 14:09 2.206 wpa.dbl 24.06.2006 09:00 45.056 nvsvcd.exe 09.06.2006 03:19 5.967.776 MRT.exe 01.06.2006 20:47 27.648 jgpl400.dll 01.06.2006 20:47 163.840 jgdw400.dll 31.05.2006 21:23 376.016 perfh009.dat 31.05.2006 21:23 51.814 perfc009.dat 31.05.2006 21:23 386.338 perfh007.dat 31.05.2006 21:23 62.578 perfc007.dat 31.05.2006 21:23 886.928 PerfStringBackup.INI 31.05.2006 21:19 224.816 FNTCACHE.DAT 31.05.2006 08:34 16.832 amcompat.tlb 31.05.2006 08:34 23.392 nscompat.tlb 31.05.2006 08:04 253 spupdwxp.log 30.05.2006 12:18 30 brss01a.ini 30.05.2006 12:18 184 brsvc01a.bsi 30.05.2006 12:17 50 BRIDF04A.dat 30.05.2006 09:52 1.443 HLDRV.LOG 30.05.2006 09:52 304.640 hlvdd.dll 29.05.2006 17:30 1.494.016 shdocvw.dll 29.05.2006 16:45 1.202 $winnt$.inf 19.05.2006 17:09 3.073.536 mshtml.dll Verzeichnis von C:\ 16.08.2006 01:59 0 systemtemp.txt 16.08.2006 01:59 100.871 system32.txt 16.08.2006 01:52 536.399.872 hiberfil.sys 16.08.2006 01:52 805.306.368 pagefile.sys 16.08.2006 01:43 1.070 sys.txt 16.08.2006 01:43 13.126 system.txt 13.08.2006 00:58 2.795 avi_log.txt 04.08.2006 18:18 4.766 LGSInst.Log 14.07.2006 06:58 211 boot.ini 31.05.2006 07:51 47.564 NTDETECT.COM 31.05.2006 07:51 251.184 ntldr 08.02.2006 03:02 73.728 KillBox.exe 23.01.2006 15:36 429 datFind.bat 16.02.2005 11:06 218.112 HijackThis.exe 20.09.2003 19:12 499 IPH.PH 20.09.2003 16:50 0 IO.SYS 20.09.2003 16:50 0 CONFIG.SYS 20.09.2003 16:50 0 AUTOEXEC.BAT 20.09.2003 16:50 0 MSDOS.SYS 29.08.2002 14:00 4.952 bootfont.bin 20 Datei(en) 1.342.425.547 Bytes 0 Verzeichnis(se), 13.283.696.640 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Verzeichnis von C:\WINDOWS 16.08.2006 01:53 0 0.log 16.08.2006 01:53 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 16.08.2006 01:53 1.258.569 WindowsUpdate.log 16.08.2006 01:53 159 wiadebug.log 16.08.2006 01:53 50 wiaservc.log 16.08.2006 01:53 674.299 setupapi.log 16.08.2006 01:52 2.048 bootstat.dat 16.08.2006 01:52 32.622 SchedLgU.Txt 16.08.2006 01:32 426.030 ntbtlog.txt 15.08.2006 03:12 116 NeroDigital.ini 07.08.2006 16:10 351.836 wmsetup.log 04.08.2006 17:54 224.893 setupact.log 14.07.2006 06:58 807 win.ini 14.07.2006 06:58 227 system.ini 10.07.2006 06:40 141.340 DirectX.log 07.07.2006 00:21 0 cdplayer.ini 27.06.2006 17:05 468 brwmark.ini 26.06.2006 02:19 672 GEARInstall.log 25.06.2006 01:55 324.180 tsoc.log 25.06.2006 01:55 167.094 ntdtcsetup.log 25.06.2006 01:55 107.469 iis6.log 25.06.2006 01:55 255.540 comsetup.log 25.06.2006 01:55 1.374 imsins.log 25.06.2006 01:55 38.243 ocmsn.log 25.06.2006 01:55 13.912 KB918439.log 25.06.2006 01:55 507.867 ocgen.log 25.06.2006 01:55 42.979 msgsocm.log 25.06.2006 01:55 757.766 FaxSetup.log 25.06.2006 01:55 14.271 KB917344.log 25.06.2006 01:55 14.049 KB917953.log 25.06.2006 01:54 18.087 KB916281.log 25.06.2006 01:54 16.768 updspapi.log 25.06.2006 01:54 12.216 KB914389.log 24.06.2006 09:22 6 ncrgtrpath.conf 21.06.2006 03:08 737.280 iun6002.exe 31.05.2006 21:19 44.679 spupdsvc.log 31.05.2006 21:11 32.444 KB899587.log 31.05.2006 21:11 31.567 KB896422.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Logfile of HijackThis v1.99.1 Scan saved at 02:02:27, on 16.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\IntCodec\pmsngr.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\IntCodec\pmmon.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\mHotkey.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\WINDOWS\CNYHKey.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\HijackThis.exe C:\Programme\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Programme\IntCodec\isaddon.dll (file missing) O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Programme\IntCodec\iesplugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe « |
|
|
||
16.08.2006, 11:08
...neu hier
Beiträge: 5 |
#133
Hallo zusammen
Habe da leider auch ein kleiens Problem mit diesem Sch*** ^^ Logfile of HijackThis v1.99.1 Scan saved at 11:14:34, on 16.08.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe D:\Programme\spd.exe D:\Programme\ewido\security suite\ewidoctrl.exe D:\Programme\MyServer\myServer.exe C:\WINDOWS\System32\nvsvc32.exe D:\Programme\Sentry\SentryService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe D:\Programme\WebDrive\wdService.exe C:\WINDOWS\Explorer.EXE C:\Programme\Media-Codec\pmsngr.exe C:\WINDOWS\System32\sstray.exe D:\Programme\cFosSpeed.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\RunDll32.exe C:\programme\zango\zango.exe C:\Programme\Media-Codec\pmmon.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Hbtools\HBTV\HBTV.exe C:\Programme\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe C:\Programme\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe D:\Programme\iTunes\iTunesHelper.exe D:\Programme\QuickTime\qttask.exe C:\Programme\iPod\bin\iPodService.exe F:\Programme\ICQLite\ICQLite.exe C:\Programme\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe D:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe D:\Programme\Silicon Image\SiISATARaid\SATARaid.exe D:\Programme\Xfire\Xfire.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Saarlandpower\Eigene Dateien\VundoFix.exe C:\Dokumente und Einstellungen\Saarlandpower\Eigene Dateien\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\Programme\WinSweep\no-ads.pac R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: (no name) - {20FC20CC-D2FB-C496-A860-FFE34631D6E2} - C:\DOKUME~1\SAARLA~1\ANWEND~1\about draw link\BoobCdrom.exe O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77C5A74472B3AC2 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\programme\hbtools\hbtv\hbtvhelper.dll O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D77F5E7B4F2F3EC5 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.0.0\HbtHostIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.0.0\HbtHostIE.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [cFosSpeed] D:\Programme\cFosSpeed.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zxpxeyay] C:\WINDOWS\System32\ridactiz.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [NEW LOCKS WAY BOWS] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\build beep new locks\bore bags.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKCU\..\Run: [jugs more] C:\DOKUME~1\SAARLA~1\ANWEND~1\PARTREALROAM\mapi itch.exe O4 - HKCU\..\Run: [1&1 EasyLogin] "D:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Xfire.lnk = D:\Programme\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: SATARaid.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download with NetPumper - D:\Programme\NetPumper\AddUrl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.coolwebsearch.com O15 - Trusted Zone: *.searchmeup.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - (no file) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.0.0792.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.0.0792.00.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\q2336406.dll (file missing) O20 - Winlogon Notify: style2 - C:\WINDOWS\q166187.dll (file missing) O20 - Winlogon Notify: style32 - C:\WINDOWS\q65744468.dll (file missing) O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - C:\WINDOWS\System32\vwlummc.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Programme\spd.exe" -service (file missing) O23 - Service: ewido security suite control - ewido networks - D:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MyServer - Unknown owner - D:\Programme\MyServer\myServer.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sentry 2020 (SentryService) - Unknown owner - D:\Programme\Sentry\SentryService.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOKUME~1\SAARLA~1\LOKALE~1\TEMP\_VWUPSRV.EXE (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - D:\Programme\WebDrive\wdService.exe « |
|
|
||
16.08.2006, 11:54
Ehrenmitglied
Beiträge: 29434 |
#134
Antispyware
Information:-Verseuchung auf deinem Rechner http://virus-protect.org/artikel/spyware/intcodec_remove.html http://virus-protect.org/artikel/dienste/nvsvcd.html 1. gehe in die Registry Klicken in der Taskleiste auf Start|Ausführen. Geben "Regedit" ein und drücke Enter. Es öffnet sich der Registrierungseditor. oben links: Bearbeiten - suchen - viruxz.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} <---loeschen --------------------------------------------------------------- 2. spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen 3. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten 4. smitfraud.fix genau nach Anleitung abarbeiten http://virus-protect.org/artikel/tools/smitfrautfix.html 5. falls es noch vorhanden ist, mit hijackthis fixen: Zitat O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Programme\IntCodec\isaddon.dll (file missing)---------------------------------- 6. scanne mit Kaspersky und poste den scanreport http://virus-protect.org/artikel/dienste/nvsvcd.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.08.2006, 12:17
Ehrenmitglied
Beiträge: 29434 |
#135
Saarlandpowe
das sieht boese aus, du hast viele Programme geladen, welche deinen Rechner zerstoeren, ich brauche mehrere logs, das hier ist das erste: + cleanup anwenden + Rechner neustarten http://virus-protect.org/cleanup.html + Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Versteckte- und Systemdateien sichtbar machen
findest du : ??
C:\RECYCLER\S-1-5-21-776561741-861567501-1801674531-1003\Dc3.zip
__________
MfG Sabina
rund um die PC-Sicherheit