Home » Viren, Trojaner & Malware Forum » FakeAV, DollarRev, Adload haben mich befallen !!! » Themenansicht
FakeAV, DollarRev, Adload haben mich befallen !!! |
||
|---|---|---|
| #0
| ||
|
29.10.2006, 19:29
Member
Beiträge: 12 |
||
 
|
|
|
|
29.10.2006, 20:42
Ehrenmitglied
 Beiträge: 29434 |
#2
Inge71
poste dieses log http://virus-protect.org/artikel/tools/combofix.html ** schliesse alle Programme und Anwendungen ** Lade combofix http://download.bleepingcomputer.com/sUBs/combofix.exe ** doppelklick: combofix.exe ** schreibe "Y" ** warte die Datenträgerbereinigung ab mit der rechten Maustaste den Text markieren -> kopieren -> im Forum, wo du einen Beitrag eröffnet hast -> einfügen __________________ stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
30.10.2006, 11:00
Member
Themenstarter Beiträge: 12 |
||
|
|
|
|
|
30.10.2006, 11:01
Ehrenmitglied
Beiträge: 29434 |
#4
berichte auch, ob du die proggies von miener Seite laden kannst - gestern gab es grosse Probleme
 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
30.10.2006, 23:38
Member
Themenstarter Beiträge: 12 |
#5
Hallo Sabina,
die Programme ließen sich hervorragend runterladen ... kein Problem. Anbei das Combofix-Log: alexandra wehrse - 06-10-30 21:13:15,40 Service Pack 2 ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\alexandra wehrse\Desktop" ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) REGISTRY ENTRIES REMOVED: [HKEY_CLASSES_ROOT\clsid\{2F1F5658-01E2-4D78-8C1E-AE5960A21788}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\clsid\{2F1F5658-01E2-4D78-8C1E-AE5960A21788}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\clsid\{2F1F5658-01E2-4D78-8C1E-AE5960A21788}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\clsid\{2F1F5658-01E2-4D78-8C1E-AE5960A21788}\InprocServer32] @="C:\\WINDOWS\\system32\\WFDMLOG.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\clsid\{16263E9E-A9B2-40DF-9345-162484ED2D3E}] @="" [HKEY_CLASSES_ROOT\clsid\{16263E9E-A9B2-40DF-9345-162484ED2D3E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\clsid\{16263E9E-A9B2-40DF-9345-162484ED2D3E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\clsid\{16263E9E-A9B2-40DF-9345-162484ED2D3E}\InprocServer32] @="C:\\WINDOWS\\system32\\dpcprop2.dll" "ThreadingModel"="Apartment" * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * FILES REMOVED: C:\WINDOWS\system32\dnlo0133e.dll C:\WINDOWS\system32\dpcprop2.dll C:\WINDOWS\system32\dtactfrm.dll C:\WINDOWS\system32\dwintf.dll C:\WINDOWS\system32\en46l1hs1.dll C:\WINDOWS\system32\hocutils.dll C:\WINDOWS\system32\i8nmli5118.dll C:\WINDOWS\system32\ir8ul5l91.dll C:\WINDOWS\system32\jtj0071me.dll C:\WINDOWS\system32\ktrql7951.dll C:\WINDOWS\system32\m082lalo1dqc.dll C:\WINDOWS\system32\mrricons.dll C:\WINDOWS\system32\mv0ul9d91.dll C:\WINDOWS\system32\mzc42loc.dll C:\WINDOWS\system32\o4480ehueh480.dll C:\WINDOWS\system32\pdsfs.dll C:\WINDOWS\system32\sumpsnap.dll C:\WINDOWS\system32\wqsdmoe.dll C:\WINDOWS\system32\guard.tmp Granting sedebugprivilege to Administratoren ... successful (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\drsmartload2.dat C:\WINDOWS\teller2.chk C:\Dokumente und Einstellungen\alexandra wehrse\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0P6VSTE7\dfndrff_e_uit[1].exe C:\Dokumente und Einstellungen\alexandra wehrse\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0P6VSTE7\drsmartload45a[1].exe C:\Dokumente und Einstellungen\alexandra wehrse\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O5AJ41U7\drsmartload[1].exe C:\Dokumente und Einstellungen\alexandra wehrse\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O5U3WTE3\deskbar_e[1].exe C:\Dokumente und Einstellungen\alexandra wehrse\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O5U3WTE3\kybrdff_e[1].exe C:\Dokumente und Einstellungen\alexandra wehrse\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O5U3WTE3\nwnmff_e[1].exe C:\Programme\Deskbar C:\Programme\Gemeinsame Dateien\{24FF507D-0640-1031-0926-050718200031} ((((((((((((((((((((((((((((((( Files Created from 2006-09-30 to 2006-10-30 )))))))))))))))))))))))))))))))))) 2006-10-29 20:04 663,040 --a------ C:\WINDOWS\is-JBCTI.exe 2006-10-20 19:19 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2006-10-18 16:43 50,912 --a------ C:\WINDOWS\iconu.exe 2006-10-17 16:26 24,296 --a------ C:\WINDOWS\icont.exe 2006-10-09 18:28 7,936 --a------ C:\WINDOWS\system32\drivers\vspf_hk5.sys 2006-10-09 18:28 6,144 --a------ C:\WINDOWS\system32\stera.exe 2006-10-09 18:28 35,328 --a------ C:\WINDOWS\system32\drivers\FOPN.sys 2006-10-09 18:28 21,504 --a------ C:\WINDOWS\system32\drivers\vspf5.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-30 21:15 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-10-30 20:47 -------- d-------- C:\Programme\Save 2006-10-30 14:13 -------- d-------- C:\Programme\WinAntiVirus Pro 2006 2006-10-28 15:35 -------- d-------- C:\Dokumente und Einstellungen\alexandra wehrse\Anwendungsdaten\AdobeUM 2006-10-09 18:28 -------- d-------- C:\Dokumente und Einstellungen\alexandra wehrse\Anwendungsdaten\WinAntiVirus Pro 2006 2006-10-07 17:20 -------- d---s---- C:\Dokumente und Einstellungen\alexandra wehrse\Anwendungsdaten\Microsoft 2006-10-01 14:32 -------- d-------- C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 2006-09-24 18:12 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-04 13:45 -------- d-------- C:\Programme\MSN Messenger 2006-09-04 13:45 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2006-08-25 16:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-08-06 07:36 225280 --a------ C:\Programme\Uninstall My Global Search Bar.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" "WhenUSave"="\"C:\\Programme\\Save\\Save.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" "SMSERIAL"="sm56hlpr.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "SoundMan"="SOUNDMAN.EXE" "AlcWzrd"="ALCWZRD.EXE" "Alcmtr"="ALCMTR.EXE" "MMTray"="\"C:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\"" "DeviceDiscovery"="C:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "mmtask"="\"C:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\"" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe" "snpstd"="C:\\WINDOWS\\vsnpstd.exe" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "WinAntiVirusPro2006"="\"C:\\Programme\\WinAntiVirus Pro 2006\\WinAV.exe\" /min" "uwa6pcw"="\"C:\\Programme\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-10-30 21:15:44.57 C:\ComboFix.txt ... 06-10-30 21:15 |
|
|
|
|
|
|
31.10.2006, 01:14
Ehrenmitglied
Beiträge: 29434 |
#6
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint:: ________________________ öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.comPC neustarten «« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 04.11.2006 um 00:29 Uhr von Sabina editiert.
|
|
|
|
|
|
|
03.11.2006, 18:22
Member
Themenstarter Beiträge: 12 |
#7
Hallo Sabina,
folgend das Avenger-Log: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\srmeknyl ******************* Script file located at: \??\C:\WINDOWS\system32\ycskulix.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN Status: 0xc0000034 File C:\WINDOWS\is-JBCTI.exe deleted successfully. File C:\Programme\Uninstall My Global Search Bar.dll deleted successfully. File C:\WINDOWS\iconu.exe deleted successfully. File C:\WINDOWS\icont.exe deleted successfully. File C:\WINDOWS\system32\drivers\vspf_hk5.sys deleted successfully. File C:\WINDOWS\system32\stera.exe deleted successfully. File C:\WINDOWS\system32\drivers\FOPN.sys deleted successfully. File C:\WINDOWS\system32\drivers\vspf5.sys deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\TEMP\~wa6psetup.exe not found! Deletion of file C:\WINDOWS\TEMP\~wa6psetup.exe failed! Could not process line: C:\WINDOWS\TEMP\~wa6psetup.exe Status: 0xc0000034 File C:\Dokumente und Einstellungen\alexandra wehrse\Desktop\Xinstall.exe not found! Deletion of file C:\Dokumente und Einstellungen\alexandra wehrse\Desktop\Xinstall.exe failed! Could not process line: C:\Dokumente und Einstellungen\alexandra wehrse\Desktop\Xinstall.exe Status: 0xc0000034 Folder C:\Programme\Save deleted successfully. Folder C:\Programme\MyGlobalSearch deleted successfully. Folder C:\Programme\BearShare deleted successfully. Folder C:\WINDOWS\TEMP\NI.UWA6PU_0001_N91M2107 not found! Deletion of folder C:\WINDOWS\TEMP\NI.UWA6PU_0001_N91M2107 failed! Could not process line: C:\WINDOWS\TEMP\NI.UWA6PU_0001_N91M2107 Status: 0xc0000034 Folder C:\WINDOWS\TEMP\is-RFM43.tmp not found! Deletion of folder C:\WINDOWS\TEMP\is-RFM43.tmp failed! Could not process line: C:\WINDOWS\TEMP\is-RFM43.tmp Status: 0xc0000034 Folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 deleted successfully. Folder C:\Programme\WinAntiVirus Pro 2006 deleted successfully. Folder C:\Dokumente und Einstellungen\alexandra wehrse\Anwendungsdaten\WinAntiVirus Pro 2006 deleted successfully. Could not open folder C:\Programme\Common Files\Companion Wizard for deletion Deletion of folder C:\Programme\Common Files\Companion Wizard failed! Could not process line: C:\Programme\Common Files\Companion Wizard Status: 0xc000003a Could not open folder C:\Programme\Common Files\WinAntiVirus Pro 2006 for deletion Deletion of folder C:\Programme\Common Files\WinAntiVirus Pro 2006 failed! Could not process line: C:\Programme\Common Files\WinAntiVirus Pro 2006 Status: 0xc000003a Folder C:\Dokumente und Einstellungen\alexandra wehrse\Lokale not found! Deletion of folder C:\Dokumente und Einstellungen\alexandra wehrse\Lokale failed! Could not process line: C:\Dokumente und Einstellungen\alexandra wehrse\Lokale Status: 0xc0000034 Could not open folder Einstellungen\Temporary Internet Files\Content.IE5\O5U3WTE3 for deletion Deletion of folder Einstellungen\Temporary Internet Files\Content.IE5\O5U3WTE3 failed! Could not process line: Einstellungen\Temporary Internet Files\Content.IE5\O5U3WTE3 Status: 0xc000003a Folder C:\Dokumente und Einstellungen\alexandra wehrse\Lokale not found! Deletion of folder C:\Dokumente und Einstellungen\alexandra wehrse\Lokale failed! Could not process line: C:\Dokumente und Einstellungen\alexandra wehrse\Lokale Status: 0xc0000034 Could not open folder Einstellungen\Temporary Internet for deletion Deletion of folder Einstellungen\Temporary Internet failed! Could not process line: Einstellungen\Temporary Internet Status: 0xc000003a Could not open folder Files\Content.IE5\0P6VSTE7 for deletion Deletion of folder Files\Content.IE5\0P6VSTE7 failed! Could not process line: Files\Content.IE5\0P6VSTE7 Status: 0xc000003a Folder C:\Programme\Gemeinsame Dateien\{24FF507D-0640-1031-0926-050718200031} not found! Deletion of folder C:\Programme\Gemeinsame Dateien\{24FF507D-0640-1031-0926-050718200031} failed! Could not process line: C:\Programme\Gemeinsame Dateien\{24FF507D-0640-1031-0926-050718200031} Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|WinAntiVirusPro2006 deleted successfully. Completed script processing. ******************* Finished! Terminate. Werde jetzt mit Hijack etc. weitermachen. So, habe alles weiter ausgeführt. Als letztes die Ausgabe von datFindbat: ### DOWN: Datentr„ger in Laufwerk C: ist N00806 Volumeseriennummer: 24FF-507D Verzeichnis von C:\WINDOWS\Downloaded Program Files 27.09.2006 18:40 85.504 UERSU_9999_N91S2009NetInstaller.exe 29.08.2006 16:36 205.264 speedtest2.dll 21.08.2006 16:54 88.576 USDR6_0001_D19M2108NetInstaller.exe 19.08.2006 13:34 141.824 UDC6_0001_D19M1908NetInstaller.exe 15.08.2006 13:08 82.432 UWAS6_0001_N91M1508NetInstaller.exe ### SYSTEM: Datentr„ger in Laufwerk C: ist N00806 Volumeseriennummer: 24FF-507D Verzeichnis von C:\WINDOWS 03.11.2006 18:37 0 0.log 03.11.2006 18:37 4.126 ModemLog_Motorola SM56 Data Fax Modem.txt 03.11.2006 18:37 159 wiadebug.log 03.11.2006 18:37 1.204.237 WindowsUpdate.log 03.11.2006 18:37 50 wiaservc.log 03.11.2006 18:37 2.048 bootstat.dat 03.11.2006 18:36 32.622 SchedLgU.Txt 03.11.2006 18:14 611.352 setupapi.log 30.10.2006 14:51 69 NeroDigital.ini 29.10.2006 20:04 12.728 is-JBCTI.msg 29.10.2006 20:04 296 is-JBCTI.lst 20.10.2006 19:40 53.290 DirectX.log 14.10.2006 14:30 295.557 comsetup.log 14.10.2006 14:30 324.161 tsoc.log 14.10.2006 14:30 176.601 ntdtcsetup.log 14.10.2006 14:30 45.204 ocmsn.log 14.10.2006 14:30 130.791 iis6.log 14.10.2006 14:30 1.393 imsins.log 14.10.2006 14:30 13.805 KB924191.log 14.10.2006 14:30 405.534 ocgen.log 14.10.2006 14:30 41.659 msgsocm.log 14.10.2006 14:30 864.326 FaxSetup.log 14.10.2006 14:30 38.760 updspapi.log 14.10.2006 14:30 1.393 imsins.BAK 14.10.2006 14:30 13.409 KB922819.log 14.10.2006 14:30 11.621 KB923414.log 14.10.2006 14:30 11.615 KB924496.log 14.10.2006 14:30 8.965 KB923191.log 27.09.2006 00:25 10.750 KB925486.log 24.09.2006 10:18 0 keyboard1.dat 24.09.2006 10:18 0 newname.dat 14.09.2006 20:02 13.255 KB920685.log 14.09.2006 20:02 15.073 KB920872.log 14.09.2006 20:02 13.403 KB919007.log 14.09.2006 20:02 9.238 KB922582.log 29.08.2006 16:42 8.785 WgaNotify.log 27.08.2006 18:00 50.586 wmsetup.log 13.08.2006 14:16 18.362 KB920214.log 13.08.2006 14:16 18.353 KB922616.log 13.08.2006 14:16 18.760 KB921398.log 13.08.2006 14:16 22.035 KB918899.log 13.08.2006 14:15 14.733 KB920670.log 13.08.2006 14:15 15.491 KB917422.log 13.08.2006 14:15 15.299 KB920683.log 09.08.2006 20:00 14.505 KB921883.log 09.08.2006 18:28 8.640 hpdj3600.ini 09.08.2006 18:28 1.024.441 hpdj3600.his ### SYSTEMTEMP: Datentr„ger in Laufwerk C: ist N00806 Volumeseriennummer: 24FF-507D Verzeichnis von C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp 03.11.2006 18:40 512 ~DF74A4.tmp 03.11.2006 18:40 933.888 ~DF73D9.tmp 03.11.2006 18:40 16.384 ~DF51D9.tmp 03.11.2006 18:40 512 ~DF46AC.tmp 03.11.2006 18:40 16.384 ~DF461E.tmp 03.11.2006 18:40 512 ~DF42F6.tmp 03.11.2006 18:40 933.888 ~DF42B4.tmp 03.11.2006 18:40 0 hpotdd000.log 03.11.2006 18:40 134 hpotdd009.log 03.11.2006 18:37 16.384 ~DFA597.tmp 03.11.2006 18:37 16.384 ~DF8B97.tmp 11 Datei(en) 1.934.982 Bytes 0 Verzeichnis(se), 67.148.120.064 Bytes frei ### SYS: Datentr„ger in Laufwerk C: ist N00806 Volumeseriennummer: 24FF-507D Verzeichnis von C:\ 03.11.2006 18:43 0 sys.txt 03.11.2006 18:43 1.113 down.txt 03.11.2006 18:42 327 tmp.txt 03.11.2006 18:42 12.270 system.txt 03.11.2006 18:42 782 systemtemp.txt 03.11.2006 18:41 98.335 system32.txt 03.11.2006 18:37 1.056.362.496 hiberfil.sys 03.11.2006 18:37 1.585.446.912 pagefile.sys 03.11.2006 18:17 24.178 avenger.txt 30.10.2006 21:15 9.967 ComboFix.txt 17.08.2006 09:29 230.424 img1-005.raw 11.08.2006 11:32 230.424 img1-001.raw 05.08.2006 21:49 39.554 hpfr3600.log 29.12.2005 17:42 211 boot.ini 29.12.2005 16:45 27 expand.txt 29.12.2005 16:45 211 BOOT.BAK 24.10.2005 14:29 2.299 Prodlog.txt 24.10.2005 14:29 1.231 FSP811N00806.dat 24.10.2005 12:59 251.712 ntldr 24.10.2005 12:37 0 MSDOS.SYS 24.10.2005 12:37 0 CONFIG.SYS 24.10.2005 12:37 0 AUTOEXEC.BAT 24.10.2005 12:37 0 IO.SYS 22.12.2004 18:37 455.451 txtsetup.sif 11.10.2004 06:18 19 LANG.TXT 04.08.2004 13:00 262.448 $LDR$ 04.08.2004 13:00 47.564 NTDETECT.COM 04.08.2004 13:00 4.952 bootfont.bin 04.08.2004 13:00 2 oem.tag ### SYSTEM32: Datentr„ger in Laufwerk C: ist N00806 Volumeseriennummer: 24FF-507D Verzeichnis von C:\WINDOWS\system32 03.11.2006 18:40 1.158 wpa.dbl 03.11.2006 18:14 2 stera.job 29.10.2006 17:21 394.922 perfh007.dat 29.10.2006 17:21 54.610 perfc009.dat 29.10.2006 17:21 383.460 perfh009.dat 29.10.2006 17:21 65.736 perfc007.dat 29.10.2006 17:21 907.762 PerfStringBackup.INI 09.10.2006 19:18 2 stera.log 04.10.2006 21:03 9.639.336 MRT.exe 13.09.2006 06:02 1.084.416 msxml3.dll 04.09.2006 07:12 1.494.016 shdocvw.dll 25.08.2006 16:46 617.472 comctl32.dll 21.08.2006 13:26 16.896 fltlib.dll 21.08.2006 10:14 23.040 fltmc.exe 16.08.2006 12:58 100.352 6to4svc.dll ### TMP: Datentr„ger in Laufwerk C: ist N00806 Volumeseriennummer: 24FF-507D Verzeichnis von C:\WINDOWS\Temp 03.11.2006 18:40 409 WGANotify.settings 03.11.2006 18:40 255 WGAErrLog.txt So, das wärs. Bin ich noch zu retten .... ;-) Gruß Inge Dieser Beitrag wurde am 03.11.2006 um 19:01 Uhr von Inge71 editiert.
|
|
|
|
|
|
|
04.11.2006, 00:34
Ehrenmitglied
Beiträge: 29434 |
#8
Inge71
Avenger Zitat Files to delete:** loesche alle backups vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb ** scanne - lasse dann alles loeschen - und poste den scanreport http://virus-protect.org/ewido.html + poste das neue Log vom HijacktHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
13.11.2006, 19:13
Member
Themenstarter Beiträge: 12 |
#9
Hallo Sabina,
anbei das AVG-Log: --------------------------------------------------------- AVG Anti-Spyware - Scan-Bericht --------------------------------------------------------- + Erstellt um: 19:08:11 13.11.2006 + Scan-Ergebnis: C:\Programme\BearShare\BearShareZangoInstaller.exe/clientax.dll -> Adware.180Solutions : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP110\A0021238.exe/clientax.dll -> Adware.180Solutions : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017799.exe -> Adware.AdURL : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP110\A0021251.exe -> Adware.AdURL : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021123.exe -> Adware.Agent : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP95\A0014019.exe -> Adware.Agent : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP95\A0014037.exe -> Adware.Agent : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0018010.exe -> Adware.ErrorSafe : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0020072.exe -> Adware.ErrorSafe : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP102\A0014431.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP102\A0014432.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP102\A0014453.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP102\A0014462.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP102\A0014472.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0014482.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0014492.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0014494.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0014501.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0014510.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0014515.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0014523.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0014524.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015523.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015533.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015534.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015545.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015546.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015561.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015562.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015574.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015575.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015585.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015586.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015599.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015600.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015615.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015616.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015627.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015628.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015641.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0015642.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016641.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016653.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016654.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016665.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016670.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016678.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016686.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016690.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016697.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016701.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016706.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016713.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016721.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP104\A0016755.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP104\A0016766.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP104\A0016768.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP104\A0016777.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP104\A0017779.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP104\A0017787.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP104\A0017792.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017802.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017807.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017814.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017823.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017837.exe -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017838.exe -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017859.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017864.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017870.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0017993.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0018002.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0018007.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0019006.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020002.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020014.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020015.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020021.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020022.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020028.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020029.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020035.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020036.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020051.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020052.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020058.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0020063.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0020099.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0020100.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021097.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021119.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021124.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021126.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021127.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021128.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021129.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021130.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021131.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021132.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021133.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021134.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021135.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021136.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021137.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021138.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021139.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021140.dll -> Adware.Look2Me : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0021141.dll -> Adware.Look2Me : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Startmenü\Programme\WhenU -> Adware.SaveNow : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Startmenü\Programme\WhenU\Customer Support.lnk -> Adware.SaveNow : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Startmenü\Programme\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Startmenü\Programme\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Startmenü\Programme\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Startmenü\Programme\WhenU\Uninstall.lnk -> Adware.SaveNow : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Startmenü\Programme\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Startmenü\Programme\WhenU\WhenU.com Website.url -> Adware.SaveNow : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016722.exe -> Adware.SaveNow : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP103\A0016723.dll -> Adware.SaveNow : Gesäubert. HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Gesäubert. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : Gesäubert. HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Gesäubert. HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Gesäubert. HKLM\SOFTWARE\WhenUSave\Partners\EEPE -> Adware.SaveNow : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017842.dll -> Adware.Softomate : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP105\A0017850.dll -> Adware.Softomate : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP95\A0014020.dll -> Adware.Softomate : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP95\A0014034.dll -> Adware.Softomate : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0017943.exe/IUCMORE.DLL -> Adware.Ucmore : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0017943.exe/UCMTSAIE.DLL -> Adware.Ucmore : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP108\A0017943.exe/empty_00000001 -> Adware.Ucmore : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0020074.exe -> Adware.WinAntiVirus : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP109\A0020087.exe -> Adware.WinAntiVirus : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP110\A0021272.exe -> Adware.WinAntiVirus : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP110\A0021274.exe -> Adware.WinAntiVirus : Gesäubert. C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Gesäubert. HKU\S-1-5-21-3955693007-3582637486-110803054-1007\Software\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Gesäubert. HKU\S-1-5-21-3955693007-3582637486-110803054-1007\Software\WinAntiVirus Pro 2006\Settings -> Adware.WinAntiVirus : Gesäubert. C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP110\A0021252.exe -> Adware.Zestyfind : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6PU_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6PU_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6PU_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWA6PU_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_N91M2407NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_9999_N91S2009NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_N91M2407NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_9999_N91S2009NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSU_0001_N91M2407NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSU_9999_N91S2009NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS6_0001_N91M1508NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSU_0001_N91M2407NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSU_9999_N91S2009NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSU_0001_N91M2407NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSU_9999_N91S2009NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\UERSU_0001_N91M2407NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Cookies\alexandra wehrse@atdmt[1].txt -> TrackingCookie.Atdmt : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Cookies\alexandra wehrse@ivwbox[2].txt -> TrackingCookie.Ivwbox : Gesäubert. C:\Dokumente und Einstellungen\alexandra wehrse\Cookies\alexandra wehrse@weborama[2].txt -> TrackingCookie.Weborama : Gesäubert. C:\Addon\proginst.exe -> Trojan.Small.gv : Gesäubert. ::Berichtende .... UND HIJACKTHIS: Logfile of HijackThis v1.99.1 Scan saved at 19:12:22, on 13.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\vsnpstd.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [uwa6pcw] "C:\Programme\WinAntiVirus Pro 2006\uwa6pcw.exe" -c O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: hpdj - HP - C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\hpdj.exe Gruß Inge |
|
|
|
|
|
|
13.11.2006, 19:19
Member
Beiträge: 3716 |
#10
hallo, eine anweisung:
mache einen rechtsklick auf arbeitsplatz,registerkarte systemwiderherstellung. schalte sie für alle laufwerke aus, warte 5 minuten, fahre deinen rechner komplett runter. (ausschalten) mache ihn wieder an und schalte sie wieder ein. weitere anweisungen von sabina |
|
|
|
|
|
|
14.11.2006, 10:28
Ehrenmitglied
Beiträge: 29434 |
#11
Inge71
1. öffne das HijackThis -- Button "scan" -- vor diesen Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O4 - HKLM\..\Run: [uwa6pcw] "C:\Programme\WinAntiVirus Pro 2006\uwa6pcw.exe" -cPC neustarten 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
es hat mich übel erwischt. Anbei mein HijackThis-Log. Was soll ich tun? Wäre für Hilfe super dankbar.
Gruß
Inge71
Log:
Logfile of HijackThis v1.99.1
Scan saved at 19:23:47, on 29.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\vsnpstd.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\{24FF507D-0640-1031-0926-050718200031}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Save\Save.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\TEMP\NI.UWA6PU_0001_N91M2107\setup.exe
C:\WINDOWS\TEMP\~wa6psetup.exe
C:\WINDOWS\TEMP\is-RFM43.tmp\is-EQ3ES.tmp
C:\Programme\BearShare\BearShare.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\AntiVir PersonalEdition Classic\avscan.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Musicmatch\Musicmatch Jukebox\mmjb.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [explorer] C:\Dokumente und Einstellungen\alexandra wehrse\Desktop\Xinstall.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e13.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e13.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e13.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Programme\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6PU_0001_N91M2107NetInstaller.exe" -nag
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/313133352D2D2D.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall_de.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\jtlu0739e.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe