Home » Spyware & Browser Hijacker Support Forum » Trojaner gefunden, sowie einige Warnungen und Viren » Themenansicht
Trojaner gefunden, sowie einige Warnungen und VirenThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
15.11.2006, 21:34
Ehrenmitglied
 Beiträge: 29434 |
||
 
|
|
|
|
15.11.2006, 21:37
Member
Themenstarter Beiträge: 34 |
#17
ich weiss nicht, aber ich denke schon, denn die anderen zip's sind ja auch gegangen. In der Winzip-Ordner sind noch Sachen wie unzip.exe oder SmiUpdate.exe .
Mist - nun hat alles so gut geklappt :-( Gibst Du mir noch einen Tipp, was ich machen könnte? Danke! |
|
|
|
|
|
|
15.11.2006, 21:39
Ehrenmitglied
Beiträge: 29434 |
#18
ich denke mal, dein Virenscanner hat es einfach in die Quarantaene gepackt.... findest du : smitfraudfix.cmd ?
aber eigentlich muesste das Avengerscript alles rausgeloescht haben. um sicher zu gehen, lade counterspy, scanne und poste den report http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
15.11.2006, 22:10
Member
Themenstarter Beiträge: 34 |
#19
In der Quarantaene im Antivirenprogramm liegt nur der Trojaner den ich am Anfang gemeldet habe: C:/windows/system32/jbtazy.dll
Soll oder kann ich den löschen? Das Programm CounterSpy saust über meine Dateien - ich melde gleich den Bericht |
|
|
|
|
|
|
15.11.2006, 22:12
Ehrenmitglied
Beiträge: 29434 |
#20
ach deshalb hat mein tolles script die dll nicht gefunden
 klar - loesche das __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
15.11.2006, 22:16
Member
Themenstarter Beiträge: 34 |
#21
Na klar, ich kann doch nicht den Trojaner einfach so auf meiner Festplatte "liegenlassen" :-)
Kann ich dann den CounterSpy wieder ausmachen, das dauernd sooo lange, dann probier ich es nochmal mit dem Smitfraudfix, ok? |
|
|
|
|
|
|
15.11.2006, 22:24
Ehrenmitglied
Beiträge: 29434 |
#22
nein, nun scanne mit couterspy - wo du das proggie schon mal drauf hast.
die smitfraudfix bleibt fuer spaeter. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
16.11.2006, 00:04
Member
Themenstarter Beiträge: 34 |
#23
So das isser jetzt der lange Berichth von CounterSpy:
Spyware Scan Details Start Date: 15.11.2006 21:57:40 End Date: 15.11.2006 23:59:57 Total Time: 2 hrs 2 mins 17 secs Detected spyware Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Ignored Infected files detected C:\WINDOWS\system32\P2P Networking v123.cpl Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 My Way Speedbar Potentially Unwanted Program more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} myBar BHO HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\0\win32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\HELPDIR C:\Programme\MyWay\myBar\1.bin\ HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0 Toolbar 1.0 Type Library HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeStartup HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeShutdown HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner autologin http://ki.rd.myway.com/jsp/cfg_redir.jsp?id=KI&url= HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner cfg http://ki.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al&p=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner mywayurl http://ki.search.myway.com/ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner name Altnet Points Manager HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner search http://ki.bar.myway.com/KI/barsearch.html?st=bar&searchfor= HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner uninstallurl http://mcc.myway.com/jsp/baruninstall.jsp?id=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 02CF7E29-DD5F-4EA1-A5D8-AC42E1279AED HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 156.59174 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 39 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://ki.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al&p=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2003071414 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Branding 10 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 0 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 myBarNetscapeStartup Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CurVer MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup myBarNetscapeStartup Class HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 My Way Settings Plugin HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CurVer MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin My Way Settings Plugin HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 myBarNetscapeShutdown Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CurVer MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown myBarNetscapeShutdown Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall DisplayName My Search Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall UninstallString mshta res://C:\PROGRA~1\MyWay\myBar\1.bin\mybar.dll/101 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall HelpLink http://help.myway.com/ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall Publisher My Search HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall UrlInfoAbout http://info.myway.com/index/id/ourmission.html HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InProcServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Shutdown MyWayToolBar.NetscapeShutdown.1 MyWayToolBar.NetscapeShutdown.1 HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Startup MyWayToolBar.NetscapeStartup.1 MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_LOCAL_MACHINE\SOFTWARE\MyWay HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner autologin http://ki.rd.myway.com/jsp/cfg_redir.jsp?id=KI&url= HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner cfg http://ki.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al&p=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner mywayurl http://ki.search.myway.com/ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner name Altnet Points Manager HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner search http://ki.bar.myway.com/KI/barsearch.html?st=bar&searchfor= HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner uninstallurl http://mcc.myway.com/jsp/baruninstall.jsp?id=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 02CF7E29-DD5F-4EA1-A5D8-AC42E1279AED HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 156.59174 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 39 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://ki.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al&p=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2003071414 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Branding 10 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 0 KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} WhenU.WhenUSearch Low Risk Adware more information... Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Ignored Infected files detected C:\Programme\Gemeinsame Dateien\aol\AOL Privacy Protection\PlayGifo.ocx Infected registry entries detected HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88} HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\aol\AOL Privacy Protection\PlayGifo.ocx HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\FLAGS 2 HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\aol\AOL Privacy Protection HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0 PlayGif ActiveX Control module Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PornPass Manager HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PornPass Manager Order Cookie: Advertising.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\lissykeck\cookies\lissykeck@advertising[2].txt Cookie: Win-Spy Software Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\lissykeck\cookies\lissykeck@doubleclick[1].txt Cookie: Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\lissykeck\cookies\lissykeck@mediaplex[1].txt Habe danach nochmal den SmitfraudFix probiert aber das selbe wir vorhin mit der Meldung "drücke eine beliebige Taste, etc...." Dieser Beitrag wurde am 16.11.2006 um 00:22 Uhr von LissyK editiert.
|
|
|
|
|
|
|
16.11.2006, 11:23
Ehrenmitglied
Beiträge: 29434 |
#24
Status: Ignored
 scanne noch einmal und stelle alles auf remove, bei ignored wird nichts geloescht . __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
16.11.2006, 18:24
Member
Themenstarter Beiträge: 34 |
#25
Spyware Scan Details
Start Date: 16.11.2006 18:24:54 End Date: 16.11.2006 20:13:41 Total Time: 1 hrs 48 mins 47 secs Detected spyware Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Deleted Infected files detected C:\WINDOWS\system32\P2P Networking v123.cpl Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} My Way Speedbar Potentially Unwanted Program more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\0\win32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\HELPDIR C:\Programme\MyWay\myBar\1.bin\ HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0 Toolbar 1.0 Type Library HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeStartup HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeShutdown HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner autologin http://ki.rd.myway.com/jsp/cfg_redir.jsp?id=KI&url= HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner cfg http://ki.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al&p=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner mywayurl http://ki.search.myway.com/ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner name Altnet Points Manager HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner search http://ki.bar.myway.com/KI/barsearch.html?st=bar&searchfor= HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner uninstallurl http://mcc.myway.com/jsp/baruninstall.jsp?id=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 02CF7E29-DD5F-4EA1-A5D8-AC42E1279AED HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 156.59174 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 39 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://ki.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al&p=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2003071414 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Branding 10 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 0 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 myBarNetscapeStartup Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CurVer MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup myBarNetscapeStartup Class HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 My Way Settings Plugin HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CurVer MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin My Way Settings Plugin HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 myBarNetscapeShutdown Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CurVer MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown myBarNetscapeShutdown Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall DisplayName My Search Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall UninstallString mshta res://C:\PROGRA~1\MyWay\myBar\1.bin\mybar.dll/101 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall HelpLink http://help.myway.com/ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall Publisher My Search HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall UrlInfoAbout http://info.myway.com/index/id/ourmission.html HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InProcServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Shutdown MyWayToolBar.NetscapeShutdown.1 MyWayToolBar.NetscapeShutdown.1 HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Startup MyWayToolBar.NetscapeStartup.1 MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_LOCAL_MACHINE\SOFTWARE\MyWay HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner autologin http://ki.rd.myway.com/jsp/cfg_redir.jsp?id=KI&url= HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner cfg http://ki.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al&p=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner mywayurl http://ki.search.myway.com/ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner name Altnet Points Manager HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner search http://ki.bar.myway.com/KI/barsearch.html?st=bar&searchfor= HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner uninstallurl http://mcc.myway.com/jsp/baruninstall.jsp?id=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 02CF7E29-DD5F-4EA1-A5D8-AC42E1279AED HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 156.59174 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 39 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://ki.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al&p=KI HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2003071414 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Branding 10 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 0 WhenU.WhenUSearch Low Risk Adware more information... Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Deleted Infected files detected C:\Programme\Gemeinsame Dateien\aol\AOL Privacy Protection\PlayGifo.ocx Infected registry entries detected HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88} HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\aol\AOL Privacy Protection\PlayGifo.ocx HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\FLAGS 2 HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\aol\AOL Privacy Protection HKEY_CLASSES_ROOT\TypeLib\{E2FF4C59-7110-49DA-9D97-4868DE797B88}\1.0 PlayGif ActiveX Control module Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PornPass Manager HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PornPass Manager Order Cookie: Advertising.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\lissykeck\cookies\lissykeck@advertising[1].txt Dieser Beitrag wurde am 16.11.2006 um 20:21 Uhr von LissyK editiert.
|
|
|
|
|
|
|
17.11.2006, 00:29
Ehrenmitglied
Beiträge: 29434 |
#26
so ist es schon viel besser
 poste bitte das neue log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.11.2006, 00:37
Member
Themenstarter Beiträge: 34 |
#27
Hallöchen Sabina, hier ist der neue Log - Seit dem ganzen Chaos bootet mein PC extrem langsam hoch und er fährt auch sehr langsam wieder runter.
Logfile of HijackThis v1.99.1 Scan saved at 00:34:45, on 17.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\avmwlanstick\WlanNetService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Programme\Winamp\winampa.exe C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe C:\Programme\Medion\PowerVCR II\Agent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Programme\Java\jre1.5.0_08\bin\jusched.exe C:\Programme\Gemeinsame Dateien\AOL\1134248376\ee\AOLSoftware.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programme\avmwlanstick\FRITZWLANMini.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Steganos Internet Anonym 7\SIA7.exe C:\Programme\ScannerU\AM32.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe C:\Programme\AOL 9.0c\waol.exe C:\Programme\AOL 9.0c\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe C:\Programme\AntiVir PersonalEdition Classic\avscan.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\LissyKeck\Lokale Einstellungen\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fritz.box/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.marktkauf.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\programme\steganos internet anonym 7\sia7iep.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file) O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Agent] C:\Programme\Medion\PowerVCR II\Agent.exe O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\Medion\PowerVCR II\RemoteAgent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [ZyConfig] "C:\Programme\ZyConfig\ZyConfig.exe" -update O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1134248376\ee\AOLSoftware.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SIA7] "C:\Programme\Steganos Internet Anonym 7\SIA7.exe" -boot O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Action Manager 32.lnk = C:\Programme\ScannerU\AM32.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.de/beta/qdiagcc.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?312 O17 - HKLM\System\CCS\Services\Tcpip\..\{1EF658C6-564C-497F-A8A7-C6C7AC5D101B}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{1EF658C6-564C-497F-A8A7-C6C7AC5D101B}: NameServer = 205.188.146.145 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\\aolserv.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
|
|
|
|
|
17.11.2006, 01:02
Ehrenmitglied
Beiträge: 29434 |
#28
1.
fixe mit dem HijackThis: Zitat O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)2. deinstalliere counterspy wieder. 3. entscheide dich zwischen Antivirus oder McAfee - beide zusammen "vertragen sich nicht " ansonsten - alles gute __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.11.2006, 01:06
Member
Themenstarter Beiträge: 34 |
#29
Aber Antivirs und McAfee ist doch einmal ne Firewall und das andere ein Virenprogramm. Trotzdem eins von beiden löschen?
Danke für Deine unermüdliche Hilfe! Du hast mir sehr geholfen Liegt es daran, dass der PC so lahmt, dass zwei Virenprogramme drauf sind (Antivirus und CounterSpy) ? Dir auch alles Gute !! |
|
|
|
|
|
|
17.11.2006, 01:30
Ehrenmitglied
Beiträge: 29434 |
#30
der Rechner lahmt, weil er mit Antivirenproggies ueberfrachtet ist, Antivirus reicht + die Firewall vom XP
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
__________
MfG Sabina
rund um die PC-Sicherheit