Trojaner Zlob + SpywareQuake |
||
---|---|---|
#0
| ||
05.06.2006, 07:49
...neu hier
Beiträge: 3 |
#1
Seid gestern taucht ständig die Wahrnung auf, dass ich mir´diesen Trojaner eingefangen habe, und zusätzlich öffnet sich ständig das Programm SpywareQuake, dass ich aber sicher nicht installiert habe. Das Problem ist, ich bin nicht der einzige User dieses PCs. Symatec kann den Trojaner nicht entfernen, zu löschen geht er auch nicht.
|
|
|
||
05.06.2006, 11:27
Ehrenmitglied
Beiträge: 29434 |
#2
rapunzel024
arbeite das bitte ab und poste alle Logs . dann helfe ich dir, das zu reinigen http://board.protecus.de/t23188.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.06.2006, 15:30
...neu hier
Themenstarter Beiträge: 3 |
#3
Hallo Sabina,
Das Clean up ergab folgendes Ergebnis: Ich möchte mich vorab schon sehr herzlich für deine Hilfe bedanken Schöne Grüße Rapunzel CleanUp! started on 06/05/06 15:26:38. ... C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\CAO9UBW1.htm&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_c d=32&u_tz=120&u_java=true currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\faq[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\findnew[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\frown_new[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\listthreads[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\message[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\m[1].js - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\nav_next[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\popup[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\postops[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\profile[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\Sabina[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\search[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\t13714[2].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\t23188-lastpage[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\t23423[2].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\t23623[1].htm currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\t23623[2].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\wink_new[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\wink_new[2].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\8f[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\altindexasf[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\bottom[1].png - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\bottom[2].png - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\campaign[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\findnew[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\hig_1[1].js - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\hijackthis[1].zip - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\hjtkurz[1].htm currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\icon_razz[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\line[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\listthreads[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\list[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\login[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\login[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\logo[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\logo[2].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\nav_first[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\nav_page[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\newsticker[1].htm currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\n[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\pm[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\pm[1].php - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\t-15054[1].htm - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\team[1].gif - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\top[1].png - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\urchin[2].js - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EL3QDLPZ\CACXIZKP.htm&u_h=768&u_w=1024&u_ah=738&u_aw=1024& u_cd=32&u_tz=120&u_java=true currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EL3QDLPZ\t23623[1].htm currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\CAO9UBW1.htm&u_h=768&u_w=1024&u_ah=738&u_aw=102 4&u_cd=32&u_tz=120&u_java=true currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M1EH6549\t23623[1].htm currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\hjtkurz[1].htm currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y04WKNOB\newsticker[1].htm currently in use. Will be deleted when Windows is restarted. http://www.google.at/search?hl=de&q=spyware+quake&btnG=Suche&meta=lr%3Dlang_de - deleted http://www.google.at/search?hl=de&q=zlob&meta=lr%3Dlang_de - deleted http://board.protecus.de/templates/images/menu/list.gif - deleted http://www.ranking-hits.de/?ref=www.virus-protect.org&style=28 - deleted http://m1.webstats4u.com/m.js - deleted http://board.protecus.de/t13714.htm - deleted http://board.protecus.de/templates/images/menu/login.gif - deleted http://www.google.at/intl/de/images/toolbar_promo.gif - deleted http://www.informationsarchiv.net/foren/newsticker.html - deleted http://board.protecus.de/templates/default/images/top.png - deleted http://m1.webstats4u.com/n?id=ADv0Hg4/3oRh1cDWrU3gmPQCLz6A&r=http%3A/ /board.protecus.de/t23188.htm&p=384&w=1024&h=768&c=32&v=1 - deleted http://www.validome.org/images/valid/set3/valid_html_4_0.gif - deleted http://board.protecus.de/listthreads.php - deleted http://board.protecus.de/templates/default/images/icon/wink_new.gif - deleted http://castlecops.com/zx/Merijn/hijackthis.zip - deleted http://virus-protect.org/artikel/bilder/8f.gif - deleted http://board.protecus.de/templates/default/images/forward.png - deleted http://m1.webstats4u.com/md.js?country=at&id=ADv0Hg4/3oRh1cDWrU3g mPQCLz6A&_t=1149513310760 - deleted http://board.protecus.de/t23623.htm - deleted http://pagead2.googlesyndication.com/pagead/imgad?id=CMuqsvyIhrDltQEQ1AMYPDIIRYZsP8Kq_mk& ai=Bv_D0XS6ERIH6KciCQeT-0aoL0Z7yF7er888BxY23AQAQASDj5oYFQPgPSKI5UO P1vd_______wGgAbWVyP0DsgERdmlydXMtcHJ vdGVjdC5vcmfI AQLaASVodHRwOi8vdmlydXMtcHJvdGVjdC5vcmcvaGp0a3Vyei5odG1sgAIBlQIrvxAK - deleted http://newsticker.shortnews.de/de/export/js/hig_1.js - deleted http://newsticker.shortnews.de/de/js/free/3/ticker.js - deleted http://board.protecus.de/templates/images/menu/team.gif - deleted http://board.protecus.de/templates/default/images/answer.png - deleted http://board.protecus.de/templates/images/findnew.gif - deleted http://board.protecus.de/templates/default/images/bottom.png - deleted http://virus-protect.org/artikel/bilder/blau15.jpg - deleted http://virus-protect.org/artikel/bilder/weiter.gif - deleted http://www.hijackthis-forum.de/archive/archive.css - deleted http://board.protecus.de/templates/images/menu/faq.gif - deleted http://board.protecus.de/templates/images/line.gif - deleted http://www.google.at/intl/de/nav_page.gif - deleted http://board.protecus.de/templates/images/menu/profile.gif - deleted http://www.google.at/search?hl=de&q=spyware+quake&meta= - deleted http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-7482287762742253&dt=1 149513310129&lmt=1144255260&format=728x90_as&output=html&url=htt p%3A%2F%2Fvirus-protect.org%2Fhjtkurz.html&color_bg=b0c4de&color_text=00000 0&color_link=0000cc&color_url=000000&color_border=b0c4de&ad_type=text_image&ref=http%3A%2F% 2Fboard.protecus.de%2Ft23188.htm&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u _tz=120&u_java=true - deleted http://pagead2.googlesyndication.com/pagead/show_ads.js - deleted http://www.google-analytics.com/urchin.js - deleted http://board.protecus.de/logo.gif - deleted http://board.protecus.de/pm.php?action=new&recipient=Sabina - deleted http://board.protecus.de/avatar/Sabina.gif - deleted http://virus-protect.org/hjtkurz.html - deleted http://newsticker.shortnews.de/de/js/free/3/a.js - deleted http://www.spywareinfo.com/~merijn/images/hijackthis_big.gif - deleted http://www.google.at/intl/de/nav_first.gif - deleted http://www.google.at/intl/de/nav_current.gif - deleted http://pagead2.googlesyndication.com/cpa/ads?client=ca-pub-7 482287762742253&cpa_choice=CAAQ t6vzzwEaCHZDu4MUGIIdKL2093M&oe=iso-885 9-1&dt=1149513310239&lmt=1144255260&format=468x60_as_ri mg&output=html&url =http%3A%2F%2Fvirus-protect.org%2Fhjtkurz.html®ion=_google_cpa_re gion_&ref=http%3A%2F %2Fboard.protecus.de%2Ft2318 8.htm&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32 &u_tz=120&u_java=true - deleted http://board.protecus.de/templates/images/menu/search.gif - deleted http://board.protecus.de/templates/css/1.css - deleted http://www.google.at/images/logo_sm.gif - deleted http://www.google.at/intl/de/nav_next.gif - deleted http://board.protecus.de/t23188-lastpage.htm - deleted http://forum.hijackthis.de/archive/index.php/t-15054.html - deleted http://board.protecus.de/templates/images/menu/message.gif - deleted http://board.protecus.de/templates/images/report.gif - deleted http://board.protecus.de/t23188.htm - deleted http://board.protecus.de/pm.php - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006060520060606\index.dat - deleted C:\Dokumente und Einstellungen\Home\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006060520060606\ - deleted 'Typed URLs' (Internet Explorer) - removed from the registry. Visited: Home@http://board.protecus.de/listthreads.php - deleted Visited: Home@file:///C:/Programme/hijackthis.zip - deleted Visited: Home@http://virus-protect.org/zip/datFind.zip - deleted Visited: Home@http://www.informationsarchiv.net/foren/profile.php - deleted Visited: Home@http://board.protecus.de/t23188.htm - deleted Visited: Home@http://www.saxobank.com/Advertisements/Online_mkt/landingpages/s wf/landing_finans_de.swf - deleted Visited: Home@http://at.msn.com - deleted Visited: Home@http://board.protecus.de/pm.php - deleted Visited: Home@http://board.protecus.de/editprofile.php - deleted Visited: Home@file:///C:/Programme/SmitfraudFix.zip - deleted Visited: Home@file:///C:/rapport3.txt - deleted Visited: Home@file:///C:/Programme/datFind.zip - deleted Visited: Home@http://board.protecus.de/t22668-lastpage.htm - deleted Visited: Home@http://www.informationsarchiv.net/foren/p_beitrag-239194.html - deleted Visited: Home@http://www.pandasoftware.com/spyxposer/pavspy1.asp - deleted Visited: Home@http://g.msn.at/1AT9/101809.5?http://at.msn.com&&CE=h01 - deleted Visited: Home@http://computercops.biz/zx/Merijn/hijackthis.zip - deleted Visited: Home@javascript:history.back() - deleted Visited: Home@http://castlecops.com/zx/Merijn/hijackthis.zip - deleted Visited: Home@http://ilead.itrack.it/clients/extas.aspx?cid=5991&sid=32445&wid=5488&swid=AdS421622&ta rgetpage=popup&openpopup=0&rescale=1&kid=255599&bid=912922&dat=421622&keyword=null - deleted Visited: Home@http://www.pandasoftware.com/spyxposer/pavspy4.asp - deleted Visited: Home@http://www.informationsarchiv.net/foren/profile.php?mode=register - deleted Visited: Home@http://esd.element5.com/product.html?productid=300031278&languageid=1&c art=1¤cies=USD&cookies=1&nolselection=1 - deleted Visited: Home@http://www.google.at - deleted Visited: Home@http://board.protecus.de/search.php - deleted Visited: Home@http://www.msn.at - deleted Visited: Home@http://info.ahnlab.com/english/product/02_6_run.html - deleted Visited: Home@http://www.google.de/custom?domains=www.informationsarchiv.net&q =inurl:www.informationsarchiv.net/foren/+zlob&sitesearch=www.inf ormationsarchiv.net&client=pub-7056082987134841&forid=1&ie=ISO-8859-1&oe= ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A6 63399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3 BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF% 3BFORID%3A1%3B&hl=de - deleted Visited: Home@http://www.404dns.com - deleted Visited: Home@http://virus-protect.org/hjtkurz.html - deleted Visited: Home@http://siri.urz.free.fr/Fix/SmitfraudFix.zip - deleted Visited: Home@http://board.protecus.de/do_login.php - deleted Visited: Home@http://board.protecus.de/team.php - deleted Visited: Home@http://www.wcm.at/forum/showthread.php?s=68dd7256377b3107adb76251d7348 50a&postid=1838077 - deleted Visited: Home@http://board.protecus.de/login.php?source=t23623.htm - deleted Visited: Home@http://board.protecus.de/t19429.htm?highlight=zlob - deleted Visited: Home@http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome - deleted Visited: Home@http://www.google.at/search?hl=de&q=spyware+quake&meta= - deleted Visited: Home@http://loginnet.passport.com/logout.srf?_lang=DE&lc=1031&id=2&ru=h ttp%3a%2f%2fg%2 emsn%2ecom%2f8HMADEAT%2f14029&dontall= - deleted Visited: Home@http://www.informationsarchiv.net/foren/profile.php?mode=register&agreed=true - deleted Visited: Home@file:///C:/system32.txt - deleted Visited: Home@http://www.informationsarchiv.net/foren/memberlist.php - deleted Visited: Home@http://www.google.at/search?hl=de&q=spyware&meta= - deleted Visited: Home@http://virus-protect.org/datfindbat.html - deleted Visited: Home@http://board.protecus.de/t23188-lastpage.htm - deleted Visited: Home@http://by121fd.bay121.hotmail.msn.com/cgi-bin/logout?curmbox=00000000 %2d0000%2d0000%2d0000%2d000000000001&a=16474003996613fbe8afa596d4e69034 c704be163f4ec30de8ec6c6c05e76f5b&t=1149486385&loru=&id=2&fs=1&cb=_lang %3dDE%26country%3dAT&ct=1149486385 - deleted Visited: Home@http://specgate.com/gatech.php?pn=srch0p13total7s2 - deleted Visited: Home@http://board.protecus.de/t23623.htm - deleted Visited: Home@http://www.informationsarchiv.net/foren/groupcp.php - deleted Visited: Home@http://forum.hijackthis.de/archive/index.php/t-15054.html - deleted Visited: Home@http://virus-protect.org/index.html - deleted Visited: Home@http://www.pandasoftware.com/products/spyxposer/com/spyxposer_principal.htm - deleted Visited: Home@http://board.protecus.de/t13714.htm - deleted Visited: Home@http://board.protecus.de/help.php - deleted Visited: Home@http://virus-protect.org/antispytools.html - deleted Visited: Home@http://board.protecus.de/t23623.htm?highlight=zlob - deleted Visited: Home@http://board.protecus.de/t23623.htm - deleted Visited: Home@http://www.google.at/search?hl=de&q=zlob&meta= - deleted Visited: Home@http://board.protecus.de/pm.php?action=new&recipient=Sabina - deleted Visited: Home@http://www.google.at/search?hl=de&q=zlob&meta=lr%3Dlang_de - deleted Visited: Home@http://www.webtopsecurity.com/ch/as/sec-17sdjdjss - deleted Visited: Home@http://board.protecus.de/t23336.htm?highlight=zlob - deleted Visited: Home@http://login.live.com/logout.srf?_lang=DE&lc=1031&id=2&ru=http%3a%2f%2fg% 2emsn%2ecom%2f8HMADEAT%2f14029&dontall= - deleted Visited: Home@http://virus-protect.org - deleted Visited: Home@javascript:Seguir(); - deleted Visited: Home@file:///C:/rapport2.txt - deleted Visited: Home@http://board.protecus.de/t22668.htm?highlight=zlob - deleted Visited: Home@http://board.protecus.de/reply.php - deleted Visited: Home@http://www.pandasoftware.com/spyxposer/pavspy2.asp - deleted Visited: Home@http://www.google.at/search?hl=de&q=spyware+quake&btnG=Suche&meta=lr%3Dlang_de - deleted Visited: Home@javascript:validar_formu(); - deleted Visited: Home@http://board.protecus.de/v_profile.php?userid=12579 - deleted Visited: Home@file:///C:/systemtemp.txt - deleted Visited: Home@http://www.pandasoftware.com/cmsPanda/Templates/Plantilla_1_ Placeholder.aspx?NRMODE= Published&NRORIGINALURL=%2fproducts%2fspyxposer%2fcom%2fspyxposer_principal%2 ehtm&NRNODEGUID=%7bDE381A82-D8ED-43DF-892F-BF625F05FB4E%7 d&NRCACHEHINT=Guest - deleted Visited: Home@http://virus-protect.org/artikel/tools/smitfrautfix.html - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@18766632[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@ad.ambiweb[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@as-eu.falkag[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@at.msn[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@c5931297-b644-4b56-92d4-6c427102420e.statcamp[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@element5[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@forum.hijackthis[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@google[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@google[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@informationsarchiv[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@live[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@m1.webstats4u[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@msn[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@msn[3].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@protecus[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@saxobank[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@server.iad.liveperson[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@serving-sys[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@spyxposer[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@tripple[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@virus-protect[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@www.gratiscounter[2].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\home@www.wcm[1].txt - deleted C:\Dokumente und Einstellungen\Home\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. Cookie:home@m1.webstats4u.com/ - deleted Cookie:home@at.msn.com/ - deleted Cookie:home@live.com/ - deleted Cookie:home@www.pandasoftware.com/spyxposer/ - deleted Cookie:home@serving-sys.com/ - deleted Cookie:home@google.at/ - deleted Cookie:home@www.gratiscounter.at/ - deleted Cookie:home@protecus.de/ - deleted Cookie:home@ad.ambiweb.de/ - deleted Cookie:home@tripple.at/ - deleted Cookie:home@element5.com/ - deleted Cookie:home@msn.at/ - deleted Cookie:home@server.iad.liveperson.net/hc/18766632 - deleted Cookie:home@c5931297-b644-4b56-92d4-6c427102420e.statcamp.net/ - deleted Cookie:home@server.iad.liveperson.net/ - deleted Cookie:home@virus-protect.org/ - deleted Cookie:home@msn.com/ - deleted Cookie:home@informationsarchiv.net/ - deleted Cookie:home@google.de/ - deleted Cookie:home@saxobank.com/ - deleted Cookie:home@www.wcm.at/ - deleted Cookie:home@as-eu.falkag.net/ - deleted Cookie:home@forum.hijackthis.de/ - deleted C:\Dokumente und Einstellungen\Home\Recent\datFind.lnk - deleted C:\Dokumente und Einstellungen\Home\Recent\hijackthis.lnk - deleted C:\Dokumente und Einstellungen\Home\Recent\Lokaler Datenträger (C).lnk - deleted C:\Dokumente und Einstellungen\Home\Recent\Programme.lnk - deleted C:\Dokumente und Einstellungen\Home\Recent\rapport2.lnk - deleted C:\Dokumente und Einstellungen\Home\Recent\rapport3.lnk - deleted C:\Dokumente und Einstellungen\Home\Recent\SmitfraudFix.lnk - deleted C:\Dokumente und Einstellungen\Home\Recent\system32.lnk - deleted C:\Dokumente und Einstellungen\Home\Recent\systemtemp.lnk - deleted C:\DOKUME~1\Home\LOKALE~1\Temp\~DF6BC0.tmp currently in use. Will be deleted when Windows is restarted. C:\DOKUME~1\Home\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe currently in use. Will be deleted when Windows is restarted. C:\DOKUME~1\Home\LOKALE~1\Temp\~DF6BC0.tmp currently in use. Will be deleted when Windows is restarted. C:\DOKUME~1\Home\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe currently in use. Will be deleted when Windows is restarted. C:\WINDOWS\temp\WGAErrLog.txt - deleted C:\WINDOWS\temp\WGANotify.settings - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Home\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. Emptied Recycle Bin on drive C: 'Run MRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. CleanUp! 4.5.1 recovered 1.4 MB of disk space from 280 files. CleanUp! finished on 06/05/06 15:26:44. |
|
|
||
05.06.2006, 16:10
Ehrenmitglied
Beiträge: 29434 |
#4
poste bitte alle weiteren Logs hier, nicht per PM
das Log vom HijackThis ist nicht komplett:..bitte komplett posten Zitat Logfile of HijackThis v1.99.1« __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.06.2006, 16:20
Ehrenmitglied
Beiträge: 29434 |
#5
Zitat Hallo Sabine, __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.06.2006, 16:24
Ehrenmitglied
Beiträge: 29434 |
#6
ich habe es mir noch mal angesehen...es ist sinnlos, es wimmelt nur so von Dialern und Backdoors.
du musst formatieren und in Zukunft verzichte auf P2P-Software. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2006, 13:52
...neu hier
Themenstarter Beiträge: 3 |
#7
Hallo Sabina,
Der Computer wird sowieso von einem anderen ersetzt, ich hoffe nur beim Überspielen der Daten auf den neuen PC, werden die Probleme nicht mit transferiert. Aber das macht mir eh ein Freund der sich da besser auskennt als ich. Habe im Netzwerk noch einen zweiten PC, der zeigt zwar so noch keine Spyware an, aber geht seid ein paar Tagen auch extrem langsam. Vielen Dank im Vorhinein Ich poste jetzt mal das Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 13:45:38, on 06.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\QKeys\QKeys.EXE C:\Programme\Java\jre1.5.0_05\bin\jusched.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\Realtek\Rtl8180\RtlWake.exe C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\System32\macromed\flash\GetFlash.exe C:\Programme\Windows NT\Zubehör\wordpad.exe C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.deu.chello.at/ssi/welcome/welcome.php?url=search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.deu.chello.at/ssi/welcome/welcome.php?url=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.deu.chello.at/ssi/welcome/welcome.php?url=home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von chello broadband n.v. O1 - Hosts: 69.64.35.177 auto.search.msn.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {6FAD3252-9B65-0FC1-D156-65557CA52D39} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QKeys] C:\Programme\QKeys\QKeys.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: RtlWake.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.deu.chello.at/ssi/welcome/welcome.php?url=home O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG6 Service (AvgServ) - Unknown owner - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe |
|
|
||
06.06.2006, 14:29
Ehrenmitglied
Beiträge: 29434 |
#8
öffne das HijackThis -- Button "scan" -- vor die Eintraege Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O1 - Hosts: 69.64.35.177 auto.search.msn.comPC neustarten Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove --> Status: Deleted *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||