| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: formatieren?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.12.2004, 12:11
| #1 |
| |  formatieren? also ich habe volgenes prob. könt ihr mir helfen? Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\winge32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\D-Tools\daemon.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\d3ws.exe C:\WINDOWS\System32\qkdhzesl.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\windows\temp\searchbar\180adsolution.exe C:\dokumente und einstellungen\henna\lokale einstellungen\temp\Ls8xmp.exe C:\Program Files\Windows AdService\WinAdServ.exe C:\WINDOWS\system32\kernel32.dlI C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows AdService\WinAdSlave.exe C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154pcicard\Installer\WINXP\DTPCI11GMonitor.exe C:\Programme\Web_Rebates\WebRebates1.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\hijackthis199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://gfhjkhgi.biz (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://gfhjkhgi.biz (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gfhjkhgi.biz (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gfhjkhgi.biz (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gaatm.dll/sp.html#29836 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://gfhjkhgi.biz (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://gfhjkhgi.biz (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://gfhjkhgi.biz (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von freenet.de R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {99EE2FC2-9E5B-29FB-F295-3A3DFCB8F165} - C:\WINDOWS\system32\iebc.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [d3ws.exe] C:\WINDOWS\system32\d3ws.exe O4 - HKLM\..\Run: [xjhhzocwbvgyl] C:\WINDOWS\System32\qkdhzesl.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [180adsolution] c:\windows\temp\searchbar\180adsolution.exe O4 - HKLM\..\Run: [Ls8xmp] C:\dokumente und einstellungen\henna\lokale einstellungen\temp\Ls8xmp.exe O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe O4 - HKLM\..\Run: [Kernel] kernel32.dlI O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: T-COM WLAN Manager T-Sinus 154pcicard.lnk = C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154pcicard\Installer\WINXP\DTPCI11GMonitor.exe O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binarie...1024_EN_XP.cab O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...54869b526326aa O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...0006_adult.cab O16 - DPF: {5376530F-B3F2-65B6-8786-5A697128A587} - http://63.219.176.203/1/gdnDE513.exe O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104358467471 O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (SL Control) - http://static.topconverting.com/activex/sl.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) - O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} (InstControl Class) - http://neo-toolbar.com/Inst.cab O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) - O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.browserplugin.com/plugin/...ss_special.ocx O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing) O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\winge32.exe helft mir schnell ! und mein pc fährt sich net mehr runter !? was mach ich dagegen? |
| Themen zu formatieren? |
| .inf, adobe, antivir, antivir update, bho, dateien, ebay, einstellungen, file missing, formatieren, helfen, hijack, hijackthis, homepage, internet, internet explorer, messenger, microsoft, nvcpl.dll, nvidia, obfuscated, programme, rundll, rundll32.exe, skype.exe, software, system, system32, temp, urlsearchhook, windows, windows messenger, windows\temp, winxp, wlan |
Baum-Darstellung