Ich kann Spywarequake nicht entfernen

#0
15.08.2006, 18:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#121 http://virus-protect.org/invisible.html
Versteckte- und Systemdateien sichtbar machen

findest du : ??
C:\RECYCLER\S-1-5-21-776561741-861567501-1801674531-1003\Dc3.zip
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.08.2006, 18:43
Member

Beiträge: 21
#122 Hallo!
Habe leider die gleichen Probleme wie die meisten hier. Bitte hilf mir.

Verzeichnis von C:\WINDOWS\system32

15.08.2006 18:25 2.206 wpa.dbl
09.08.2006 21:03 8.325.544 MRT.exe
28.07.2006 13:28 3.075.072 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
25.07.2006 22:33 615.936 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
16.07.2006 15:49 403.968 perfh009.dat
16.07.2006 15:49 418.970 perfh007.dat
16.07.2006 15:49 63.188 perfc009.dat
16.07.2006 15:49 76.014 perfc007.dat
16.07.2006 15:49 974.848 PerfStringBackup.INI
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
09.07.2006 13:11 47.576 GDIPFONTCACHEV1.DAT
09.07.2006 13:10 187.408 FNTCACHE.DAT
08.07.2006 15:25 98.304 CmdLineExt.dll
06.07.2006 15:44 288 $winnt$.inf
06.07.2006 15:41 16.832 amcompat.tlb
06.07.2006 15:41 23.392 nscompat.tlb
06.07.2006 15:40 488 logonui.exe.manifest
06.07.2006 15:40 488 WindowsLogon.manifest
06.07.2006 15:39 749 cdplayer.exe.manifest
06.07.2006 15:39 749 wuaucpl.cpl.manifest
06.07.2006 15:39 749 ncpa.cpl.manifest
06.07.2006 15:39 749 nwc.cpl.manifest
06.07.2006 15:39 749 sapi.cpl.manifest
06.07.2006 15:38 23.504 emptyregdb.dat
05.07.2006 12:55 1.057.792 kernel32.dll
26.06.2006 19:40 8.192 rasadhlp.dll
26.06.2006 19:40 148.480 dnsapi.dll
23.06.2006 13:10 664.576 wininet.dll
23.06.2006 13:10 532.480 mstime.dll
23.06.2006 13:10 146.432 msrating.dll
23.06.2006 13:10 448.512 mshtmled.dll
23.06.2006 13:10 1.494.016 shdocvw.dll
23.06.2006 13:10 39.424 pngfilt.dll
23.06.2006 13:10 474.624 shlwapi.dll
23.06.2006 13:10 251.392 iepeers.dll
23.06.2006 13:10 55.808 extmgr.dll
23.06.2006 13:10 16.384 jsproxy.dll
23.06.2006 13:10 205.312 dxtrans.dll
23.06.2006 13:10 96.768 inseng.dll
23.06.2006 13:10 1.022.976 browseui.dll
23.06.2006 13:10 357.888 dxtmsft.dll
23.06.2006 13:10 1.056.256 danim.dll
23.06.2006 13:10 152.064 cdfview.dll
23.06.2006 10:53 27.136 xpsp3res.dll
22.06.2006 12:47 181.248 rasmans.dll
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
07.06.2006 19:54 409.600 wrap_oal.dll
07.06.2006 19:54 86.016 OpenAL32.dll
05.06.2006 16:51 552 d3d8caps.dat
01.06.2006 20:47 163.840 jgdw400.dll
01.06.2006 20:47 27.648 jgpl400.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
19.05.2006 15:09 95.744 iphlpapi.dll
18.05.2006 07:36 450.560 jscript.dll
03.05.2006 18:54 307.200 atiiiexx.dll
03.05.2006 18:51 258.048 ati2dvag.dll
03.05.2006 18:45 114.688 atipdlxx.dll
03.05.2006 18:45 77.824 Oemdspif.dll
03.05.2006 18:45 26.112 Ati2mdxx.exe
03.05.2006 18:45 41.984 ati2edxx.dll
03.05.2006 18:44 61.440 ati2evxx.dll
03.05.2006 18:43 413.696 ati2evxx.exe
03.05.2006 18:43 53.248 ATIDDC.DLL
03.05.2006 18:35 2.693.280 ati3duag.dll
03.05.2006 18:29 1.408.000 ativvaxx.dll
03.05.2006 18:21 6.684.672 atioglx1.dll
03.05.2006 18:18 5.033.984 atioglxx.dll
03.05.2006 18:15 151.552 atikvmag.dll
03.05.2006 18:15 17.408 atitvo32.dll
03.05.2006 18:12 286.720 ATIDEMGR.dll
03.05.2006 18:09 282.624 ati2cqag.dll
03.05.2006 11:57 520.192 ati2sgag.exe


Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

15.08.2006 18:35 512 ~DF754E.tmp
15.08.2006 18:26 16.384 Perflib_Perfdata_ec8.dat
15.08.2006 18:26 16.384 Perflib_Perfdata_ed0.dat
15.08.2006 18:25 16.384 Perflib_Perfdata_748.dat
14.08.2006 23:09 798.234 IMT4C.xml
14.08.2006 23:09 426 IMT4B.xml
14.08.2006 23:09 2.036 IMT4A.xml
14.08.2006 23:07 2.036 IMT3C.xml
14.08.2006 22:57 32.723 SQLanguage.ini
14.08.2006 22:56 49.696 tmp1E.tmp
11.08.2006 04:29 124 0CF6E057.TMP
10.08.2006 18:25 717 control.xml
06.08.2006 18:29 1.100 QTInstallCode.log
06.08.2006 14:33 16.384 Perflib_Perfdata_e94.dat
06.08.2006 14:00 0 fla30.tmp
06.08.2006 13:38 0 flaC.tmp
06.08.2006 13:31 0 flaB.tmp
06.08.2006 13:31 0 flaA.tmp
06.08.2006 13:31 0 fla9.tmp
06.08.2006 13:30 0 fla8.tmp
06.08.2006 13:29 0 fla7.tmp
06.08.2006 13:27 0 fla6.tmp
06.08.2006 13:26 0 fla5.tmp
06.08.2006 13:26 16.384 Perflib_Perfdata_ec0.dat
06.08.2006 13:26 16.384 Perflib_Perfdata_eb4.dat
27.07.2006 11:49 16.384 ~DF3927.tmp
27.07.2006 11:49 16.384 ~DF3430.tmp
22.07.2006 22:31 16.384 Perflib_Perfdata_f7c.dat
22.07.2006 22:31 16.384 Perflib_Perfdata_f84.dat
22.07.2006 15:21 16.384 Perflib_Perfdata_e84.dat
22.07.2006 15:21 16.384 Perflib_Perfdata_344.dat
14.07.2006 20:40 4.592 temp.ani
14.07.2006 15:48 16.384 Perflib_Perfdata_d70.dat
14.07.2006 15:48 16.384 Perflib_Perfdata_d78.dat
09.07.2006 18:55 16.384 ~DF5C09.tmp
08.07.2006 15:02 3.273 qtplugin.log
08.07.2006 15:02 450.048 98fe72.mst
08.07.2006 15:02 450.048 8a1b1a.mst
08.07.2006 09:34 16.384 Perflib_Perfdata_22c.dat
08.07.2006 09:34 16.384 Perflib_Perfdata_d10.dat
08.07.2006 09:33 16.384 Perflib_Perfdata_7b4.dat
02.07.2006 19:48 16.384 Perflib_Perfdata_ce4.dat
02.07.2006 19:48 16.384 Perflib_Perfdata_cec.dat
30.06.2006 15:00 16.384 Perflib_Perfdata_85c.dat
29.06.2006 17:01 72.192 ~e5.0001
28.06.2006 21:04 16.384 Perflib_Perfdata_b80.dat
28.06.2006 21:04 16.384 Perflib_Perfdata_b88.dat
28.06.2006 21:04 16.384 Perflib_Perfdata_200.dat
27.06.2006 19:27 409 WGANotify.settings
25.06.2006 16:24 16.384 ~DF1305.tmp
25.06.2006 14:47 16.384 ~DF1DE4.tmp
25.06.2006 14:47 16.384 ~DF1993.tmp
25.06.2006 13:54 16.384 ~DF23A2.tmp
22.06.2006 20:21 16.384 ~DFDB7F.tmp
22.06.2006 20:21 16.384 ~DFDB53.tmp
22.06.2006 20:21 16.384 ~DFDB9F.tmp
22.06.2006 20:21 16.384 ~DFDBBC.tmp
22.06.2006 20:21 16.384 ~DFA9FB.tmp
22.06.2006 20:21 16.384 ~DFA343.tmp
21.06.2006 22:20 16.384 ~DFDB9A.tmp
21.06.2006 22:20 16.384 ~DFD431.tmp
21.06.2006 21:03 16.384 Perflib_Perfdata_8e0.dat
21.06.2006 21:03 16.384 Perflib_Perfdata_9f4.dat
21.06.2006 21:03 16.384 ~DFC23E.tmp
21.06.2006 21:03 512 ~DFA00B.tmp
21.06.2006 21:03 16.384 ~DF9FFE.tmp
21.06.2006 21:02 16.384 Perflib_Perfdata_160.dat
20.06.2006 22:10 32.768 ~DFB713.tmp
20.06.2006 20:56 16.384 ~DF8D38.tmp
19.06.2006 21:04 16.384 ~DF4A4C.tmp
19.06.2006 21:04 16.384 ~DF3BD2.tmp
18.06.2006 20:50 16.384 ~DF99B.tmp
17.06.2006 10:54 16.384 ~DF3D52.tmp
17.06.2006 10:51 16.384 ~DFA8EC.tmp
15.06.2006 20:26 13.110 ICQ12.tmp
15.06.2006 20:26 4.505 ICQ11.tmp
15.06.2006 20:22 24.117 ICQ10.tmp
15.06.2006 20:22 7.338 ICQF.tmp
15.06.2006 20:22 23.506 ICQE.tmp
15.06.2006 20:22 6.971 ICQD.tmp
15.06.2006 20:22 23.816 ICQC.tmp
15.06.2006 20:22 7.127 ICQB.tmp
15.06.2006 10:53 16.384 Perflib_Perfdata_530.dat
11.06.2006 15:56 16.384 Perflib_Perfdata_c14.dat
11.06.2006 15:56 16.384 Perflib_Perfdata_5c8.dat
08.06.2006 15:57 16.552 dd_netfx20UI6293.txt
08.06.2006 15:57 5.031.778 dd_netfx20MSI6293.txt
08.06.2006 15:56 5.144 ASPNETSetup_00000.log
07.06.2006 20:01 2.286 IMT31.xml
07.06.2006 16:36 798.234 IMT12.xml
07.06.2006 16:36 426 IMT11.xml
07.06.2006 16:36 2.036 IMT10.xml
07.06.2006 16:36 798.234 IMTF.xml
07.06.2006 16:36 426 IMTE.xml
07.06.2006 16:36 2.036 IMTD.xml
07.05.2006 19:12 32.855 ICQRT.dll


Verzeichnis von C:\WINDOWS

15.08.2006 18:25 1.683.814 WindowsUpdate.log
15.08.2006 18:25 0 0.log
15.08.2006 18:25 2.048 bootstat.dat
15.08.2006 18:24 32.434 SchedLgU.Txt
15.08.2006 16:47 517.510 ntbtlog.txt
15.08.2006 16:42 328.017 setupapi.log
15.08.2006 14:43 116 NeroDigital.ini
15.08.2006 13:02 243.648 setupact.log
13.08.2006 23:47 936.591 iis6.log
13.08.2006 23:47 285.438 comsetup.log
13.08.2006 23:47 1.374 imsins.log
13.08.2006 23:47 43.726 ocmsn.log
13.08.2006 23:47 39.824 tabletoc.log
13.08.2006 23:47 365.004 tsoc.log
13.08.2006 23:47 15.527 KB920214.log
13.08.2006 23:47 170.793 ntdtcsetup.log
13.08.2006 23:47 54.904 MedCtrOC.log
13.08.2006 23:47 136.618 netfxocm.log
13.08.2006 23:47 391.010 ocgen.log
13.08.2006 23:47 39.397 msgsocm.log
13.08.2006 23:47 769.838 FaxSetup.log
13.08.2006 23:47 250.710 msmqinst.log
13.08.2006 23:47 15.520 KB922616.log
13.08.2006 23:47 1.374 imsins.BAK
13.08.2006 23:47 15.924 KB921398.log
13.08.2006 23:47 49.215 updspapi.log
13.08.2006 23:47 19.216 KB918899.log
13.08.2006 23:47 11.904 KB920670.log
13.08.2006 23:46 12.065 KB917422.log
13.08.2006 23:46 12.357 KB920683.log
11.08.2006 21:00 132 winamp.ini
10.08.2006 18:25 114.984 wmsetup.log
08.08.2006 23:08 11.101 KB921883.log
06.08.2006 23:15 1.067 IE4 Error Log.txt
06.08.2006 18:29 54.156 QTFont.qfn
06.08.2006 18:29 1.409 QTFont.for
05.08.2006 02:01 50 wiaservc.log
05.08.2006 02:01 216 wiadebug.log
16.07.2006 16:10 12.503 KB914388.log
15.07.2006 07:28 10.780 KB917159.log
15.07.2006 07:28 10.492 KB916595.log
06.07.2006 16:05 2.735 spupdsvc.log
06.07.2006 16:03 45.938 KB911280.log
06.07.2006 16:03 47.870 KB917953.log
06.07.2006 16:03 47.204 KB913580.log
06.07.2006 16:03 54.018 KB916281.log
06.07.2006 16:03 42.841 KB918439.log
06.07.2006 16:03 44.137 KB917344.log
06.07.2006 16:03 40.692 KB914389.log
06.07.2006 16:02 28.523 KB917734.log
06.07.2006 16:02 41.238 KB908531.log
06.07.2006 16:02 46.527 KB900485.log
06.07.2006 16:02 42.663 KB911562.log
06.07.2006 16:02 38.882 KB911567.log
06.07.2006 16:02 28.310 KB911564.log
06.07.2006 16:02 42.508 KB911927.log
06.07.2006 16:02 37.777 KB912919.log
06.07.2006 16:01 37.659 KB908519.log
06.07.2006 16:01 36.307 KB904706.log
06.07.2006 16:01 32.549 KB910437.log
06.07.2006 16:01 36.539 KB896424.log
06.07.2006 16:01 38.982 KB900725.log
06.07.2006 16:01 34.438 KB905749.log
06.07.2006 16:01 37.512 KB905414.log
06.07.2006 16:01 41.926 KB901017.log
06.07.2006 16:01 36.657 KB899589.log
06.07.2006 16:01 49.524 KB902400.log
06.07.2006 16:00 31.094 KB894391.log
06.07.2006 16:00 32.171 KB896423.log
06.07.2006 16:00 30.149 KB899587.log
06.07.2006 16:00 29.140 KB899591.log
06.07.2006 16:00 29.432 KB893756.log
06.07.2006 16:00 25.940 KB896358.log
06.07.2006 16:00 30.083 KB890859.log
06.07.2006 16:00 21.779 KB901214.log
06.07.2006 16:00 22.252 KB896428.log
06.07.2006 16:00 26.037 KB896422.log
06.07.2006 16:00 23.692 KB890046.log
06.07.2006 16:00 31.576 KB885835.log
06.07.2006 15:59 30.175 KB887742.log
06.07.2006 15:59 29.341 KB888113.log
06.07.2006 15:59 29.494 KB891781.log
06.07.2006 15:59 23.861 KB888302.log
06.07.2006 15:59 28.765 KB885836.log
06.07.2006 15:59 13.861 KB886185.log
06.07.2006 15:59 28.751 KB873339.log
06.07.2006 15:52 2.904 COM+.log
06.07.2006 15:51 10.931 KB893803v2.log
06.07.2006 15:47 677.404 setuplog.txt
06.07.2006 15:41 316.640 WMSysPr9.prx
06.07.2006 15:41 1.272 OEWABLog.txt
06.07.2006 15:40 4.161 ODBCINST.INI
06.07.2006 15:39 749 WindowsShell.Manifest
06.07.2006 15:39 708 win.ini
06.07.2006 15:39 2.065 sessmgr.setup.log
06.07.2006 15:38 253 DtcInstall.log
06.07.2006 15:38 373 cmsetacl.log
06.07.2006 15:36 6.249 avmcoins.log
06.07.2006 15:30 3.304 regopt.log
06.07.2006 15:30 231 system.ini
27.06.2006 20:00 12.862 EPISMG00.SWB
27.06.2006 19:27 4.640 WgaNotify.log
27.06.2006 19:27 52.169 setupapi.old
10.06.2006 16:24 412 toolsx86.INI
08.06.2006 12:37 7.642 DirectX.log
07.06.2006 20:02 19.146 KB912812.log
07.06.2006 20:02 4.512 KB911565.log
07.06.2006 20:02 7.462 KB913446.log
07.06.2006 13:37 0 vpc32.INI
07.06.2006 13:32 25.406.450 setupapi.log.2.old
19.05.2006 14:52 343 cdplayer.ini
13.05.2006 15:50 342 WISO.INI
13.05.2006 15:27 97 buhl.ini
13.05.2006 12:23 63 tdf.dii
13.05.2006 12:23 3.010 tm.ini


Verzeichnis von C:\

15.08.2006 18:38 0 sys.txt
15.08.2006 18:37 10.658 system.txt
15.08.2006 18:36 5.605 systemtemp.txt
15.08.2006 18:35 97.956 system32.txt
15.08.2006 18:25 1.610.612.736 pagefile.sys
06.07.2006 15:37 211 boot.ini
08.04.2005 03:31 0 CONFIG.SYS
08.04.2005 03:31 0 IO.SYS
08.04.2005 03:31 0 MSDOS.SYS
08.04.2005 03:31 0 AUTOEXEC.BAT
03.08.2004 22:59 251.184 ntldr
03.08.2004 22:38 47.564 NTDETECT.COM
23.08.2001 14:00 4.952 bootfont.bin
24.05.2001 12:59 162.304 UNWISE.EXE
14 Datei(en) 1.611.193.170 Bytes
0 Verzeichnis(se), 151.372.857.344 Bytes frei


Logfile of HijackThis v1.99.1
Scan saved at 18:39:30, on 15.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Media-Codec\pmsngr.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\Winamp\Winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\nocd\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152193759500
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - C:\WINDOWS\system32\vwlummc.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Seitenanfang Seitenende
15.08.2006, 18:44
...neu hier

Beiträge: 10
#123 Hallo Sabina,

da ich unter "Start" keinen Eintrag "Arbeitspalz finde, habe ich im Explorer unter Extras > Ordneroptionen im Reiter Ansicht bei "Geschütze Systemdateien ausblenden" den Haken entfernt und ...
ich sehe jetzt C:\RECYCLER\S-1-5-21-776561741-861567501-1801674531-1003
darin befindet sich aber nur backup-15.08.2006-13.45.35,57
dieses habe ich jetzt gelöscht

ok?

Zwischendurch mal wieder ein herzlichen Danke schön für deine kompotente und schnelle Hilfe

aschulo
Seitenanfang Seitenende
15.08.2006, 19:16
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#124 HeirOfMu

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing)

O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - C:\WINDOWS\system32\vwlummc.dll (file missing)
PC neustarten

arbeite smitfraud.fix ab und poste die scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.08.2006, 19:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#125 aschulo

es muesste wieder alles in Ordnung sein ;) - bist entlassen. oder kommen noch PopUps ???
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.08.2006, 19:42
...neu hier

Beiträge: 10
#126 Hallo Sabina,

ganz, ganz herzlichen Dank ;)
Ich wollte dir eine kleine Spende zukommen lassen, aber aus Deutschland ist nur Visa und MasterCard möglich, die ich nicht habe. Kannst du mir einen Tip geben

Herzlichen Dank
aschulo
Seitenanfang Seitenende
15.08.2006, 19:43
Member

Beiträge: 21
#127 Hallo Sabina,

habe gemacht, was du gesagt hast. Vielen Dank.
Hier ist die Logfile:

SmitFraudFix v2.81

Scan done at 19:36:43,68, 15.08.2006
Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"hubbsi"="{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Programme\Media-Codec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Seitenanfang Seitenende
15.08.2006, 19:52
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#128 HeirOfMu

1.
deinstalliere:
C:\Programme\MyGlobalSearch
C:\Programme\RXToolBar + P2P-Software

2.
scanne mit counterspy, lasse nach dem scan alles auf "remove" stellen und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.08.2006, 20:30
Member

Beiträge: 21
#129 So, hier ist der Report von Counterspy. Ich hoffe, du weißt, dass ich absolut keine Ahnung davon habe, was in den Reports drinsteht.

Spyware Scan Details
Start Date: 15.08.2006 20:11:50
End Date: 15.08.2006 20:25:07
Total Time: 13 mins 17 secs

Detected spyware

IST.SideFind Browser Plug-in more information...
Details: SideFind is a browser helper object (BHO) that add a side bar to Internet Explorer and displays alternate search results in the side bar.
Status: Deleted

Infected files detected
c:\programme\sidefind\sfbho.dll
c:\programme\sidefind\sfexd001


Bullguard Potentially Unwanted Program more information...
Details: Bullguard is a software suite that includes antivirus, firewall, spam filter and online backup.
Status: Deleted

Infected files detected
c:\windows\temp\bullguard\bulldownload.exe


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 16
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7


C2.Lop Hijacker more information...
Details: Lop is a group of spyware and hijacker programs that set your Internet Explorer start page and search features to use the site lop.com ('Live Online Portal') or one of its clone sites.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\administrator\favoriten\going places\travel.lnk


MyGlobalSearch.Toolbar Potentially Unwanted Program more information...
Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field.
Status: Deleted

Infected files detected
C:\nocd\hijackthis\backups\backup-20060815-192232-406.dll
C:\RECYCLER\S-1-5-21-527237240-1993962763-839522115-500\Dc2.dll
C:\RECYCLER\S-1-5-21-527237240-1993962763-839522115-500\Dc3\bar\1.bin\MGSBAR.DLL

Infected registry entries detected
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CurVer MyGlobalSearchBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin MyGlobalSearch Toolbar Plugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 MyGlobalSearch Toolbar Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar UseFWB 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid MZ
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar PluginPath C:\Programme\MyGlobalSearch\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id A02D481D-E078-4AE3-B6BB-1F1BA4E1C9C3
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2005050709
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar favfwbs ^07B18EA9-A523-4961-B6BB-170DE4475CCA^9321DFC9-A260-4312-9585-3FD8BC98C
15B^8EAB99C9-F9EC-4b64-A4BA
-D9BCAE8779C2^4D1C4E89-A32A-416b-BCDB-33B3EF3617D3^
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa
HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
HKEY_CURRENT_USER\Software\Kazaa\Settings +
HKEY_CURRENT_USER\Software\Kazaa\Settings Date
HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer +
HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1
HKEY_CURRENT_USER\Software\Kazaa Tmp 0


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0


IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0


WinFixer Rogue Security Program more information...
Details: WinFixer is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinFixer 2005 EulUWFX5U_0001_LP 1
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinFixer 2005
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinFixer 2005 EulUWFX5U_0001_LP 1


IST.PowerScan Adware (General) more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Power Scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Power Scan SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Power Scan Changed 0


SurfAccuracy Adware (General) more information...
Details: SurfAccuracy is an adware application that displays advertisements on the desktop and records keystrokes that are entered into certain search engines.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc Changed 0


180solutions.SearchAssistant Adware (General) more information...
Details: 180search Assistant is an adware application that monitors users' search queries and web surfing in order to display targeted advertising.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais Changed 0


WinAntiSpyware Rogue Security Program more information...
Details: WinAntiSpyware is a rogue antis-pyware product which pesters users with scareware tactics to purchase the product.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinFixer 2005 EulUWFX5U_0001_LP 1


Zlob.Media-Codec Trojan Downloader more information...
Details: Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Zlob.Media-Codec actually downloads and installs additional malware on the user's ma
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 DisplayName Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 UninstallString "C:\Programme\Media-Codec\iesuninst.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On DisplayName Internet Security Add-On
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On UninstallString "C:\Programme\Media-Codec\isauninst.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 DisplayName Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 UninstallString "C:\Programme\Media-Codec\pmuninst.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}\iexplore Type 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}\iexplore Count 48
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}\iexplore Time


ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\administrator\cookies\administrator@atdmt[1].txt


DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\administrator\cookies\administrator@doubleclick[1].txt


Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\administrator\cookies\administrator@hitbox[2].txt


Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\administrator\cookies\administrator@mediaplex[2].txt


Radar Spy 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\administrator\cookies\administrator@tradedoubler[1].txt
Seitenanfang Seitenende
15.08.2006, 21:54
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#130 HeirOfMu

da war ja ganz schoen viel Muell drauf....

Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet.

dann sollte alles wieder o.k. sein..oder kommen noch Popups ?
Poste bitte das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.08.2006, 22:40
Member

Beiträge: 21
#131 Es kommen keine Popups mehr, vielen Dank für deine Hilfe.
Hier ist die neue HijackThis-Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 22:38:58, on 15.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\Winamp\Winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\nocd\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152193759500
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Nochmals vielen Dank!
Seitenanfang Seitenende
16.08.2006, 02:03
...neu hier

Beiträge: 7
#132 Hallo, was kann ich machen?

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\system32

16.08.2006 00:29 176.128 viruxz.dll
14.08.2006 14:09 2.206 wpa.dbl
24.06.2006 09:00 45.056 nvsvcd.exe
09.06.2006 03:19 5.967.776 MRT.exe
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
31.05.2006 21:23 376.016 perfh009.dat
31.05.2006 21:23 51.814 perfc009.dat
31.05.2006 21:23 386.338 perfh007.dat
31.05.2006 21:23 62.578 perfc007.dat
31.05.2006 21:23 886.928 PerfStringBackup.INI
31.05.2006 21:19 224.816 FNTCACHE.DAT
31.05.2006 08:34 16.832 amcompat.tlb
31.05.2006 08:34 23.392 nscompat.tlb
31.05.2006 08:04 253 spupdwxp.log
30.05.2006 12:18 30 brss01a.ini
30.05.2006 12:18 184 brsvc01a.bsi
30.05.2006 12:17 50 BRIDF04A.dat
30.05.2006 09:52 1.443 HLDRV.LOG
30.05.2006 09:52 304.640 hlvdd.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
29.05.2006 16:45 1.202 $winnt$.inf
19.05.2006 17:09 3.073.536 mshtml.dll


Verzeichnis von C:\

16.08.2006 01:59 0 systemtemp.txt
16.08.2006 01:59 100.871 system32.txt
16.08.2006 01:52 536.399.872 hiberfil.sys
16.08.2006 01:52 805.306.368 pagefile.sys
16.08.2006 01:43 1.070 sys.txt
16.08.2006 01:43 13.126 system.txt
13.08.2006 00:58 2.795 avi_log.txt
04.08.2006 18:18 4.766 LGSInst.Log
14.07.2006 06:58 211 boot.ini
31.05.2006 07:51 47.564 NTDETECT.COM
31.05.2006 07:51 251.184 ntldr
08.02.2006 03:02 73.728 KillBox.exe
23.01.2006 15:36 429 datFind.bat
16.02.2005 11:06 218.112 HijackThis.exe
20.09.2003 19:12 499 IPH.PH
20.09.2003 16:50 0 IO.SYS
20.09.2003 16:50 0 CONFIG.SYS
20.09.2003 16:50 0 AUTOEXEC.BAT
20.09.2003 16:50 0 MSDOS.SYS
29.08.2002 14:00 4.952 bootfont.bin
20 Datei(en) 1.342.425.547 Bytes
0 Verzeichnis(se), 13.283.696.640 Bytes frei

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS

16.08.2006 01:53 0 0.log
16.08.2006 01:53 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
16.08.2006 01:53 1.258.569 WindowsUpdate.log
16.08.2006 01:53 159 wiadebug.log
16.08.2006 01:53 50 wiaservc.log
16.08.2006 01:53 674.299 setupapi.log
16.08.2006 01:52 2.048 bootstat.dat
16.08.2006 01:52 32.622 SchedLgU.Txt
16.08.2006 01:32 426.030 ntbtlog.txt
15.08.2006 03:12 116 NeroDigital.ini
07.08.2006 16:10 351.836 wmsetup.log
04.08.2006 17:54 224.893 setupact.log
14.07.2006 06:58 807 win.ini
14.07.2006 06:58 227 system.ini
10.07.2006 06:40 141.340 DirectX.log
07.07.2006 00:21 0 cdplayer.ini
27.06.2006 17:05 468 brwmark.ini
26.06.2006 02:19 672 GEARInstall.log
25.06.2006 01:55 324.180 tsoc.log
25.06.2006 01:55 167.094 ntdtcsetup.log
25.06.2006 01:55 107.469 iis6.log
25.06.2006 01:55 255.540 comsetup.log
25.06.2006 01:55 1.374 imsins.log
25.06.2006 01:55 38.243 ocmsn.log
25.06.2006 01:55 13.912 KB918439.log
25.06.2006 01:55 507.867 ocgen.log
25.06.2006 01:55 42.979 msgsocm.log
25.06.2006 01:55 757.766 FaxSetup.log
25.06.2006 01:55 14.271 KB917344.log
25.06.2006 01:55 14.049 KB917953.log
25.06.2006 01:54 18.087 KB916281.log
25.06.2006 01:54 16.768 updspapi.log
25.06.2006 01:54 12.216 KB914389.log
24.06.2006 09:22 6 ncrgtrpath.conf
21.06.2006 03:08 737.280 iun6002.exe
31.05.2006 21:19 44.679 spupdsvc.log
31.05.2006 21:11 32.444 KB899587.log
31.05.2006 21:11 31.567 KB896422.log

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Logfile of HijackThis v1.99.1
Scan saved at 02:02:27, on 16.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\IntCodec\pmsngr.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\IntCodec\pmmon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
C:\Programme\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Programme\IntCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Programme\IntCodec\iesplugin.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


«
Seitenanfang Seitenende
16.08.2006, 11:08
...neu hier
Avatar Saarlandpowe

Beiträge: 5
#133 Hallo zusammen ;)

Habe da leider auch ein kleiens Problem mit diesem Sch*** ^^

Logfile of HijackThis v1.99.1
Scan saved at 11:14:34, on 16.08.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
D:\Programme\spd.exe
D:\Programme\ewido\security suite\ewidoctrl.exe
D:\Programme\MyServer\myServer.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Programme\Sentry\SentryService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
D:\Programme\WebDrive\wdService.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Media-Codec\pmsngr.exe
C:\WINDOWS\System32\sstray.exe
D:\Programme\cFosSpeed.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\programme\zango\zango.exe
C:\Programme\Media-Codec\pmmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Hbtools\HBTV\HBTV.exe
C:\Programme\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe
C:\Programme\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\Programme\QuickTime\qttask.exe
C:\Programme\iPod\bin\iPodService.exe
F:\Programme\ICQLite\ICQLite.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
D:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
D:\Programme\Silicon Image\SiISATARaid\SATARaid.exe
D:\Programme\Xfire\Xfire.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Saarlandpower\Eigene Dateien\VundoFix.exe
C:\Dokumente und Einstellungen\Saarlandpower\Eigene Dateien\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\Programme\WinSweep\no-ads.pac
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {20FC20CC-D2FB-C496-A860-FFE34631D6E2} - C:\DOKUME~1\SAARLA~1\ANWEND~1\about draw link\BoobCdrom.exe
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77C5A74472B3AC2 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\programme\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D77F5E7B4F2F3EC5 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.0.0\HbtHostIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programme\HbTools\Bin\4.8.0.0\HbtHostIE.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [cFosSpeed] D:\Programme\cFosSpeed.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zxpxeyay] C:\WINDOWS\System32\ridactiz.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programme\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Programme\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [NEW LOCKS WAY BOWS] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\build beep new locks\bore bags.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [jugs more] C:\DOKUME~1\SAARLA~1\ANWEND~1\PARTREALROAM\mapi itch.exe
O4 - HKCU\..\Run: [1&1 EasyLogin] "D:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = D:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with NetPumper - D:\Programme\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Programme\ShopperReports\Bin\2.0.0\ShprRprt.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.0.0792.00.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\q2336406.dll (file missing)
O20 - Winlogon Notify: style2 - C:\WINDOWS\q166187.dll (file missing)
O20 - Winlogon Notify: style32 - C:\WINDOWS\q65744468.dll (file missing)
O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - C:\WINDOWS\System32\vwlummc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Programme\spd.exe" -service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MyServer - Unknown owner - D:\Programme\MyServer\myServer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sentry 2020 (SentryService) - Unknown owner - D:\Programme\Sentry\SentryService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOKUME~1\SAARLA~1\LOKALE~1\TEMP\_VWUPSRV.EXE (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - D:\Programme\WebDrive\wdService.exe

«
Seitenanfang Seitenende
16.08.2006, 11:54
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#134 Antispyware

Information:-Verseuchung auf deinem Rechner
http://virus-protect.org/artikel/spyware/intcodec_remove.html
http://virus-protect.org/artikel/dienste/nvsvcd.html

1.
gehe in die Registry
Klicken in der Taskleiste auf Start|Ausführen. Geben "Regedit" ein und drücke Enter. Es öffnet sich der Registrierungseditor.
oben links: Bearbeiten - suchen - viruxz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} <---loeschen

---------------------------------------------------------------

2.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen

3.
Avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein:

Zitat

registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Log
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log

Files to delete:

C:\WINDOWS\system32\nvsvcd.exe
C:\WINDOWS\system\smss.exe
C:\Programme\IntCodec\isaddon.dll
C:\Programme\IntCodec\isamini.exe
C:\Programme\IntCodec\isamonitor.exe
C:\Programme\IntCodec\iesplugin.dll
C:\Programme\IntCodec\iesuninst.exe
C:\Programme\IntCodec\isauninst.exe
C:\Programme\IntCodec\pmmon.exe
C:\Programme\IntCodec\pmsngr.exe
C:\Programme\IntCodec\pmuninst.exe
C:\Programme\IntCodec\ts.ico
C:\Programme\IntCodec\ot.ico
C:\WINDOWS\system32\viruxz.dll
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

4.
smitfraud.fix genau nach Anleitung abarbeiten
http://virus-protect.org/artikel/tools/smitfrautfix.html

5.
falls es noch vorhanden ist, mit hijackthis fixen:

Zitat

O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Programme\IntCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Programme\IntCodec\iesplugin.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
----------------------------------

6.
scanne mit Kaspersky und poste den scanreport
http://virus-protect.org/artikel/dienste/nvsvcd.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.08.2006, 12:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#135 Saarlandpowe

das sieht boese aus, du hast viele Programme geladen, welche deinen Rechner zerstoeren, ich brauche mehrere logs, das hier ist das erste:

+
cleanup anwenden + Rechner neustarten
http://virus-protect.org/cleanup.html

+
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Windows\tasks" >>files.txt
dir "C:\Programme\Media-Codec" >>files.txt
dir "C:\Programme\ShopperReports\Bin\2.0.0" >>files.txt
dir "C:\Programme\ShopperReports\Bin" >>files.txt
dir "C:\Programme\ShopperReports" >>files.txt
dir "C:\Programme\Hbtools\HBTV" >>files.txt
dir "C:\Programme\HbTools\Bin\4.8.0.0" >>files.txt
dir "C:\Programme\HbTools\Bin" >>files.txt
dir "C:\Programme\HbTools" >>files.txt
dir "C:\Programme\Macrogaming\SweetIMBarForIE" >>files.txt
dir "C:\Programme\Macrogaming" >>files.txt
dir "C:\Programme\zango" >>files.txt
dir "D:\Programme\Sentry" >>files.txt
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Eigene Dateien" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: