Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   mein logfile Hilfe (https://www.trojaner-board.de/16228-logfile-hilfe.html)

sweetboy200 04.04.2005 17:23
mein logfile Hilfe
 
Logfile of HijackThis v1.99.1
Scan saved at 18:19:09, on 04.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Virenschutz\AVKService.exe
C:\Programme\Virenschutz\AVKWCtl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AOL 9.0a\waol.exe
C:\Programme\AOL 9.0a\shellmon.exe
C:\WINDOWS\System32\tsbinet.exe
C:\WINDOWS\System32\tsspx32r.exe
C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe
C:\Programme\CxtPls\CxtPls.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Java\jre1.5.0_01\bin\javaw.exe
C:\Dokumente und Einstellungen\bayern\Eigene Dateien\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\bayern\LOKALE~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50168
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\bayern\LOKALE~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Programme\CxtPls\plg0\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {92CF6DB2-9524-4C9B-8418-618D02FFC1CD} - C:\WINDOWS\System32\pnff.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [272V36O] tsspx32r.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\bayern\LOKALE~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Jwt9RWisT] tsbinet.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...bridge-c10.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} - http://ads.dealhelper.com/updates/DealHelperNew.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D0494E8-527D-40E1-A79D-888BFF529431}: NameServer = 205.188.146.145
O18 - Filter: text/html - {D8928C79-AAFF-4869-8A76-F53223AAF949} - C:\WINDOWS\System32\pnff.dll
O18 - Filter: text/plain - {D8928C79-AAFF-4869-8A76-F53223AAF949} - C:\WINDOWS\System32\pnff.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\Virenschutz\AVKService.exe
O23 - Service: G DATA Virenschutz Wächter (AVKWCtl) - Unknown owner - C:\Programme\Virenschutz\AVKWCtl.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe



hallo erstmal an alle vieleicht kann mir jemand helfen und sagen ob mein pc was hat und wie ich die schädlinge bekämpfen kann??

danke schonmal im voraus

chaosman 04.04.2005 17:31
@sweetboy200
update als erstes system und IE
lade dann escan
download
anleitung
EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."


chaosman

Gigamail 04.04.2005 17:38
@ sweetboy200

kurz einmisch :)
folgendes Tool mit ausführen und nach dem escan ein neues HJT posten

sweetboy200 05.04.2005 15:01
mein logfile ist riesengross wie kann ich das einfügen hier ????

als word datei

Gigamail 05.04.2005 15:06
wenn Du das von escan meinst dann auf zweimal aufteilen :daumenhoc

sweetboy200 05.04.2005 16:12
so hier mein riesengrosse logfile habs hochgeladen mal bei yousendit



http://s20.yousendit.com/d.aspx?id=1...A1Y5FARUY2EONY

Gigamail 05.04.2005 16:17
Das schaut sich dort niemand an. Teile es und poste es hier rein

sweetboy200 05.04.2005 16:39
Tue Apr 05 11:19:59 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~1.EXE infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
Tue Apr 05 11:19:59 2005 => File C:\PROGRA~2\AUTOUP~1\AUTOUP~1.EXE infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken.
Tue Apr 05 11:19:59 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~1.EXE infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
Tue Apr 05 11:20:00 2005 => File C:\PROGRA~2\MEDIAA~1\MEDIAA~1.DLL infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
Tue Apr 05 11:20:01 2005 => File C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe infected by "not-a-virus:AdWare.Wintol.aa" Virus. Action Taken: No Action Taken.
C:\PROGRA~1\GEMEIN~1\WinTools\WSup.exe infected by "not-a-virus:AdWare.Wintol.aa" Virus. Action Taken: No Action Taken.
C:\Programme\CxtPls\WinGenerics.dll infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\se.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.

C:\WINDOWS\System32\vbsys2.dll infected by "Trojan-Clicker.Win32.Agent.ac" Virus. Action Taken: No Action Taken.
C:\WINDOWS\System32\WinNB57.dll infected by "not-a-virus:AdWare.NetNucleus" Virus. Action Taken: No Action Taken.
C:\WINDOWS\nem220.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen"
C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll infected by "not-a-virus:AdWare.Wintol.y" Virus. Action Taken: No Action Taken.
C:\WINDOWS\System32\pnff.dll infected by "Trojan.Win32.StartPage.ix" Virus. Action Taken: No Action Taken.
C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe infected by "not-a-virus:AdWare.Wintol.aa" Virus. Action Taken: No Action Taken.
C:\PROGRA~2\MEDIAA~1\MEDIAA~2.EXE infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\PROGRA~2\AUTOUP~1\AUTOUP~1.EXE infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken.
System found infected with DyFuCA Spyware/Adware ({40b1d454-9ca4-43cc-86aa-cb175eac52fb})! Action taken: No Action Taken.
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with DyFuCA Spyware/Adware ({1c01d150-91a4-4de0-9bf8-a35d1bdf1001})! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with DyFuCA Spyware/Adware ({00000010-6f7d-442c-93e3-4a4827c2e4c8})! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with IstBAR Spyware/Adware ({0985c112-2562-46f2-8da6-92648ba4630f})! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: N
System found infected with IstBAR Spyware/Adware ({67907b3c-a6ef-4a01-99ad-3fcd5f526429})! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with SideFind Spyware/Adware ({58634367-d62b-4c2c-86be-5aac45cdb671})! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken:
System found infected with SideFind Spyware/Adware ({d0288a41-9855-4a9b-8316-babe243648da})! Action taken: No Action Taken.
System found infected with SideFind Spyware/Adware ({d0288a41-9855-4a9b-8316-babe243648da})! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
Offending value found in HKCU\Software\powerscan !!!
Tue Apr 05 11:20:41 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action
System found infected with Adintelligence.AproposToolbar Spyware/Adware ({016235be-59d4-4ceb-add5-e2378282a1d9})! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "Adintelligence.AproposToolbar Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with sidefind Spyware/Adware! Action taken: No Action
File System Found infected by "sidefind Spyware/Adware" Virus. Action Taken: No Action Taken.




teil 1

sweetboy200 05.04.2005 16:43
System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:20:41 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with power scan Spyware/Adware! Action taken: No Action Taken.
=> File System Found infected by "power scan Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with istbar Spyware/Adware! Action taken: No Action Taken.
File System Found infected by "istbar Spyware/Adware" Virus. Action Taken: No
System found infected with DyFuCA Spyware/Adware! Action taken: No Action T
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with kapabout Spyware/Adware! Action taken: No Action
File System Found infected by "kapabout Spyware/Adware" Virus. Action Taken: No Action Taken.
System found infected with 180Solutions Spyware/Adware! Action taken: No A
File System Found infected by "180Solutions Spyware/Adware" Virus. Action
System found infected with ist Spyware/Adware! Action taken: No Action Take
File System Found infected by "ist Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:20:42 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\Internet Optimizer !!!
Tue Apr 05 11:20:42 2005 => System found infected with Internet Optimizer Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:20:42 2005 => File System Found infected by "Internet Optimizer Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:20:42 2005 => Offending value found in HKCU\Software\avenue media !!!
Tue Apr 05 11:20:42 2005 => Offending value found in HKCU\Software\policies\avenue media !!!
Tue Apr 05 11:20:42 2005 => System found infected with avenue media Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:20:42 2005 => File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:20:42 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\saap !!!
Tue Apr 05 11:20:42 2005 => Offending value found in HKCU\Software\saap !!!
Tue Apr 05 11:20:42 2005 => System found infected with saap Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:20:42 2005 => File System Found infected by "saap Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:20:42 2005 => Offending value found in HKCU\Software\VB and VBA Program Settings !!!
Tue Apr 05 11:20:42 2005 => System found infected with VB and VBA Program Settings Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:20:42 2005 => File System Found infected by "VB and VBA Program Settings Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:20:42 2005 => System found infected with text/html Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:20:42 2005 => File System Found infected by "text/html Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:20:42 2005 => Offending value found in HKLM\Software\envolo !!!
Tue Apr 05 11:20:42 2005 => System found infected with envolo Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:20:42 2005 => File System Found infected by "envolo Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:20:42 2005 => Offending value found in HKLM\Software\autoloader !!!
Tue Apr 05 11:20:43 2005 => System found infected with autoloader Spyware/Adware! Action taken: No Action Taken.
Tue Apr 05 11:20:43 2005 => File System Found infected by "autoloader Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:20:43 2005 => System found infected with ezula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken.
Tue Apr 05 11:20:43 2005 => File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:22:07 2005 => System found infected with WindUpdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
Tue Apr 05 11:22:07 2005 => File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 05 11:22:07 2005 => System found infected with powerscan Spyware/Adware (powerscan.exe)! Action taken: No Action Taken.
Tue Apr 05 11:22:07 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.


teil 2

sweetboy200 05.04.2005 16:58
File C:\WINDOWS\cxtpls_loader.exe infected by "not-a-virus:AdWare.Apropos.b" Virus. Action Taken: No Action Taken.
C:\WINDOWS\dhp2.dll infected by "not-a-virus:AdWare.DealHelper.j" Virus. Action Taken: No Action Taken.
C:\WINDOWS\download.exe infected by "Trojan-Downloader.Win32.Small.nj" Virus. Action Taken: No Action Taken.
C:\WINDOWS\IEMenuExtension.exe infected by "not-a-virus:AdWare.ToolBar.
C:\WINDOWS\installer_SIAC.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action
C:\WINDOWS\saaphook.dll infected by "not-a-virus:AdWare.180Solutions" V
C:\WINDOWS\switpa.exe infected by "not-a-virus:AdWare.Atlas.a" Virus. A
C:\WINDOWS\System32\wpnmsnsv.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
C:\WINDOWS\System32\wshs31.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\auf0.exe infected by "Trojan-Downloader.Win32.Apropo.s" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\AutoUpdate0\auto_update_install.exe infected by "Trojan-Downloader.Win32.Apropo.u" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\common.dll infected by "not-a-virus:AdWare.WebSearch.o" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\MirarSetup.exe infected by "not-a-virus:AdWare.SaveNow.bj" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.d" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\se.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\TBPS.exe infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\Temp\toolbar.dll infected by "not-a-virus:AdWare.WebSearch.o" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\8VGJE4C0\tb_setup[1].cab infected by "not-a-virus:AdWare.WebSearch.x" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\CLA7KTIF\eied_s7[1].chm infected by "Trojan-Downloader.Win32.Mediket.y" Virus. Action Taken: No Action Taken.
Tue Apr 05 11:48:02 2005 => File C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\G78RQ5O9\MediaAccC[1].dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\G78RQ5O9\MediaAccess[1].exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\G78RQ5O9\MediaAccK[1].exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\L3FFLPGE\powerscan[1].exe infected by "not-a-virus:AdWare.PowerScan.d" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\O1W74FSZ\DealHelperNew[1].cab infected by "not-a-virus:AdWare.DealHelper.q" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\O1W74FSZ\TBPSSvc[1].cab infected by "not-a-virus:AdWare.WebSearch.f" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\SDUVSL6B\a673ab75[1].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action T
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\SDUVSL6B\a673ab75[2].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
Tue Apr 05 12:07:51 2005 => File C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\SDUVSL6B\a673ab75[3].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\SDUVSL6B\a673ab75[4].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No A
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\WP0LQ1U9\a573aa75[1].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
C:\DOKUME~1\bayern\LOKALE~1\TEMPOR~1\Content.IE5\WP0LQ1U9\bridge-c10[2].cab infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\!Submit\egdi32.exe infected by "Trojan-Downloader.Win32.Agent.fv" Virus. Action Taken: No Action Taken.
C:\!Submit\stoolbd.dll infected by "not-a-virus:AdWare.ToolBar.FastLook.a" Virus. Action Taken: No Action
C:\Dokumente und Einstellungen\bayern\Eigene Dateien\Eigene Dateien\backups\backup-20050212-124318-557.dll infected by "not-a-virus:AdWare.NavExcel.i" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\auf0.exe infected by "Trojan-Downloader.Win32.Apropo.s" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\AutoUpdate0\auto_update_install.exe infected by "Trojan-Downloader.Win32.Apropo.u" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\common.dll infected by "not-a-virus:AdWare.WebSearch.o" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\MirarSetup.exe infected by "not-a-virus:AdWare.SaveNow.bj" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.d" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\se.dll infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action


teil 3

Gigamail 05.04.2005 17:10
lade dir Spybot und Ad-aware beide updaten.
Boote in den abgesicherten Modus und deaktiviere die Systemwiederherstellung
scanne nacheinander mit Spybot und Ad-aware und lösche was gefunden wurde

Datenträgerbereinigung:

Windowstaste+R --> cleanmgr --> enter
klick bei temp
klick bei temporary internet files
ok

Lösche dann von Hand (schau ob Du die untenstehenden Programme deinstallieren kannst):
C:\PROGRA~2\MEDIAA~1\MEDIAA~1.EXE <-- kompletten Ordner
C:\PROGRA~2\AUTOUP~1\AUTOUP~1.EXE <-- kompletten Ordner
C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe <-- kompletten Ordner
C:\Programme\CxtPls\WinGenerics.dll <-- kompletten Ordner
C:\DOKUME~1\bayern\LOKALE~1\Temp\se.dll
C:\WINDOWS\System32\vbsys2.dll
C:\WINDOWS\nem220.dll
C:\WINDOWS\System32\pnff.dll

und alle in deinem teil 3 gefundenen (hatte schon geantwortet als der dritte kam)

Boote neu und führe das Tool in meinem post #3 aus und poste ein HJT

sweetboy200 05.04.2005 17:18
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\TBPS.exe infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temp\toolbar.dll infected by "not-a-virus:AdWare.WebSearch.o" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8VGJE4C0\tb_setup[1].cab infected by "not-a-virus:AdWare.WebSearch.x" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CLA7KTIF\eied_s7[1].chm infected by "Trojan-Downloader.Win32.Mediket.y" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G78RQ5O9\MediaAccC[1].dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G78RQ5O9\MediaAccess[1].exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G78RQ5O9\MediaAccK[1].exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\L3FFLPGE\powerscan[1].exe infected by "not-a-virus:AdWare.PowerScan.d" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O1W74FSZ\DealHelperNew[1].cab infected by "not-a-virus:AdWare.DealHelper.q" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O1W74FSZ\TBPSSvc[1].cab infected by "not-a-virus:AdWare.WebSearch.f" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SDUVSL6B\a673ab75[1].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SDUVSL6B\a673ab75[2].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SDUVSL6B\a673ab75[3].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SDUVSL6B\a673ab75[4].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WP0LQ1U9\a573aa75[1].js infected by "Trojan-Downloader.JS.Small.aq" Virus. Action Taken: No Action Taken.
C:\Dokumente und Einstellungen\bayern\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WP0LQ1U9\bridge-c10[2].cab infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\Program Files\Internet Optimizer\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
C:\Program Files\Internet Optimizer\update\optimize313.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
C:\Program Files\Media Access\MediaAccC.dll infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\Program Files\Media Access\MediaAccess.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
C:\Programme\180Solutions\sais.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
C:\Programme\CxtPls\CxtPls.dll infected by "not-a-virus:AdWare.Apropos.e" Virus. Action Taken: No Action Taken.
Programme\CxtPls\uninstaller.exe infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.

Tue Apr 05 14:10:37 2005 => Scanning File C:\Programme\CxtPls\WinGenerics.dll
Tue Apr 05 14:10:37 2005 => File C:\Programme\CxtPls\WinGenerics.dll infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
C:\Programme\Gemeinsame Dateien\WinTools\Update\WToolsA.exe infected by "not-a-virus:AdWare.Wintol.aa" Virus. Action Taken: No Action Taken.
C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe infected by "not-a-virus:AdWare.Wintol.aa" Virus. Action Taken: No Action Taken.
C:\Programme\Gemeinsame Dateien\WinTools\WToolsS.exe infected by "Trojan-Downloader.Win32.Wintool.f" Virus. Action Taken: No Action Taken.
C:\Programme\Power Scan\powerscan.exe infected by "not-a-virus:AdWare.PowerScan.d" Virus. Action Taken: No Action Taken.
C:\Programme\SideFind\sfbho.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
C:\Programme\WhenUSearch\search.dll infected by "not-a-virus:AdWare.SaveNow.az" Virus. Action Taken: No Action Taken.
C:\q387817.exe infected by "Trojan-Downloader.Win32.Agent.jz" Virus. Action Taken: No Action Taken.
C:\q912597.exe infected by "Trojan-Downloader.Win32.Agent.jz" Virus. Action Taken: No Action Taken.
C:\System Volume Information\_restore{0E84967D-4393-4538-9BFE-363D6262C43F}\RP10\A0006707.exe infected by "not-a-virus:AdWare.NavExcel.i" Virus. Action Taken: No Action Taken.
C:\System Volume Information\_restore{0E84967D-4393-4538-9BFE-363D6262C43F}\RP3\A0000116.exe infected by "not-a-virus:Porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action Taken.
C:\System Volume Information\_restore{0E84967D-4393-4538-9BFE-363D6262C43F}\RP3\A0000161.dll infected by "not-a-virus:AdWare.NavExcel.i" Virus. Action Taken: No Action Taken.
C:\System Volume Information\_restore{595CFEF1-0216-4ACC-9F35-154E83472B54}\RP1\A0000010.dll infected by "not-a-virus:AdWare.NavExcel.i" Virus. Action Taken: No Action Taken.
C:\System Volume Information\_restore{595CFEF1-0216-4ACC-9F35-154E83472B54}\RP21\A0002426.exe infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
C:\System Volume Information\_restore{595CFEF1-0216-4ACC-9F35-154E83472B54}\RP21\A0002445.exe infected by "Trojan-Downloader.Win32.Wintool.a" Virus. Action Taken: No Action Taken.
C:\System Volume Information\_restore{595CFEF1-0216-4ACC-9F35-154E83472B54}\RP21\A0002593.exe infected by "Trojan-Downloader.Win32.QDown.m" Virus. Action Taken: No Action Taken.
C:\System Volume Information\_restore{595CFEF1-0216-4ACC-9F35-154E83472B54}\RP21\A0002658.exe infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.


teil 4

sweetboy200 05.04.2005 17:24
wie deaktiviere ich die systemwiederherstellung

Gigamail 05.04.2005 17:26
schau hier http://www.systemwiederherstellung-d...indows-xp.html

sweetboy200 05.04.2005 20:07
hier das hijackthis logfile das neue

Logfile of HijackThis v1.99.1
Scan saved at 20:23:59, on 05.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Virenschutz\AVKService.exe
C:\Programme\Virenschutz\AVKWCtl.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\tsspx32r.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\tsbinet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\AOL 9.0a\waol.exe
C:\Programme\AOL 9.0a\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Dokumente und Einstellungen\bayern\Eigene Dateien\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [272V36O] tsspx32r.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Programme\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Jwt9RWisT] tsbinet.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...bridge-c10.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D0494E8-527D-40E1-A79D-888BFF529431}: NameServer = 205.188.146.145
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\Virenschutz\AVKService.exe
O23 - Service: G DATA Virenschutz Wächter (AVKWCtl) - Unknown owner - C:\Programme\Virenschutz\AVKWCtl.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:04 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131