| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: e-scnn auswertungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.08.2005, 15:20
| #1 |
 |  e-scnn auswertung hi hoffe mal ich bin im richtigen treat. e-scann hat bei mir 8 vieren gefunden aber natürlich nicht gelöscht. dummwerweise hat bisher noch kein anderes programm die vieren gefunden. dewegen hoffe ich mal das hier wer mit der auswertung behilflich sein kann. thx File C:\Dokumente und Einstellungen\Sebastian\Desktop\eigene Dateien\Download\downloadmangeger.exe tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Sebastian\Desktop\eigene Dateien\Download\netant.exe tagged as "not-a-virus:AdWare.Aureate.a". Action Taken: No Action Taken. Datei C:\Dokumente und Einstellungen\Sebastian\Desktop\eigene Dateien\k\lpr.exe markiert als not-a-virus:PSWTool.Win32.LPR. Keine Aktion vorgenommen. Object "FlashGet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "FlashGet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "FlashGet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Siele\THQ\Dawn of War\Logfiles\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Siele\THQ\Dawn of War\Playback\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Siele\THQ\Dawn of War\Profiles\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrimeWorx\Global Safe Disk\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrimeWorx\". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acr". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ax". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".b3d". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".c00". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cam". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".crw". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2s". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dada". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dcx". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ecw". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fsh". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".g3". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gmf". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gsm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".htm#". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".icl". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ics". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iff". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ils". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".img". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iw44". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".j2k". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jart". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jc!". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jng". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp2". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpart". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpc". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kdc". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kpl". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lbm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldf". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lds". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lwf". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ma0". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mdx". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".med". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mng". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nds". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ngg". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nlm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nol". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pak". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pbm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pcx". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pgm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ppm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ras". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".raw". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgb". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scw". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfw". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sgi". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SP5". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sun". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tga". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tnp". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VCD". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wbmp". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ZZZ". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".~cp". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "82A44D22-9452-49FB-00FB-CEC7DCAF7E23". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AIM LINK". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Babylon". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DARK EARTH". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Dark Signs". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DVCocos Islands Screensaver_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DVSea Sunset Screensaver_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DVTurtles Beach Screensaver_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Egypt3 Demo - Das Schicksal des Ramses". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FIFA RTWC 98". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Firestorm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Freelancer 1.0". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hidden & Dangerous 2 MP Demo". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hidden & Dangerous 2 SP Demo". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{D7AC1EFE-E5D9-49DE-BA04-4972BA4475E8}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 Dancer". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NetAnts". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA Display Driver". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Painkiller SP Demo 2". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PANZERS DEMO". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sacred_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Seven Kingdoms II". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sim AQUARIUM 2_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Söldner". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "The I of the Dragon Demo". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ThePalace animechat.de SE Chat Software". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Universal Biorhythms_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UT2004-Demo". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "War of the Ring". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0DBF3265-57F1-4D8A-87EA-332B2A669BDE}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{113D36BA-56F5-44D0-AF94-AF87E53A33DF}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{21C41BAF-6F62-469D-A43B-DDF01628346E}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4816702A-0879-4499-0085-ACFC0F65E811}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5E30BDEB-9307-11D4-9AE0-006067325E47}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6E298B0A-558C-4138-0096-740677B382CD}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C79CB9C7-10A4-4814-8402-F574672C2192}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DC5AAEEA-E4CD-4147-AE52-14FF15C2BEDA}". Action Taken: No Action Taken. hoffe is net zu groß die datei |
|
25.08.2005, 19:10
| #2 |
  | e-scnn auswertung @Princ_of_Galaxy
__________________lade Regseeker und lade spybot dann updaten. Lese dich in regseeker ein! wechsle in den abgesicherten modus und lösche manuell diese dateien C:\Dokumente und Einstellungen\Sebastian\Desktop\eigene Dateien\Download\downloadmangeger.exe File C:\Dokumente und Einstellungen\Sebastian\Desktop\eigene Dateien\Download\netant.exe lasse spybot jetzt scannen, löschen was es vorschlägt. lasse dann regseeker laufen, kontrolliere ob der Haken bei sichern vor löschen aktiviert ist. neu booten. chaosman
__________________ |
|
26.08.2005, 15:36
| #3 |
| | e-scnn auswertung k das is der neue HijackThis bericht nach spyboot und regseeker
__________________hab einfch mal alle regdateien die er mir aufgezählt hat gelöscht hoffe das war net falsch. is nun alles ok? Logfile of HijackThis v1.99.1 Scan saved at 16:34:22, on 26.08.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programme\CPUCooL\CooLSrv.exe C:\Programme\Norton Utilities\NPROTECT.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\PGPsdkServ.exe c:\fotowin\RTETPISv.exe C:\Programme\Speed Disk\nopdb.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\Fast.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\PROGRA~1\0190WA~1\WARN0190.EXE C:\WINDOWS\System32\taskswitch.exe C:\WINDOWS\System32\fast.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\WinSweep\winjam.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\SETI@home\SETI@home.exe C:\Programme\TuneUp Utilities\MemOptimizer.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\AOL 8.0\aoltray.exe C:\Programme\Zone Labs\ZoneAlarm\zapro.exe C:\Dokumente und Einstellungen\Sebastian\Desktop\Controll\tools\RegSeeker\RegSeeker.exe C:\Programme\AOL 9.0\waol.exe C:\Programme\AOL 9.0\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Sebastian\Desktop\Controll\tools\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.aol.de/e60/suche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.aol.de/e60/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.aol.de/e60/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [WINSWEEP Reklameblockierung] C:\Programme\WinSweep\winjam.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WINSWEEP Popupblocker] C:\Programme\WinSweep\WSPopup.Exe /STEP1 /SOUND O4 - HKCU\..\Run: [seticlient] C:\Programme\SETI@home\SETI@home.exe -min O4 - HKCU\..\Run: [TuneUp MemOptimizer] C:\Programme\TuneUp Utilities\MemOptimizer.exe autostart O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - Global Startup: AOL 8.0 Tray-Symbol.lnk = C:\Programme\AOL 8.0\aoltray.exe O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programme\Zone Labs\ZoneAlarm\zapro.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programme\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programme\VisualRoute\vrie.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O14 - IERESET.INF: START_PAGE_URL=h**p://www.aol.de/e60/ O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - h**p://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098218977781 O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - h**p://install.service-url.de/InstallationsAssistent.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD14B66-746A-4954-AE63-8EFDA2B27B1A}: NameServer = 205.188.146.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD14B66-746A-4954-AE63-8EFDA2B27B1A}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\\aolserv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programme\CPUCooL\CooLSrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe O23 - Service: RTE : TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Programme\Speed Disk\nopdb.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
| Themen zu e-scnn auswertung |
| ad-aware, adware.cydoor, anderes, auswertung, babylon, c:\windows, dateien, desktop, download, driver, einstellungen, explorer, fifa, link, logfiles, microsoft, mp3, not-a-virus, nvidia, personal, programm, programme, saver, screensaver, software, system, version, vieren, windows |
Linear-Darstellung
