|
escan logfile...bitte mal schauen... Hallo, seit ein paar tagen startet mein pc von alleine neu...und wenn ich auf irgendwelche fenster klicke, macht er die nur ne viertelsekunde auf und schließt sie sofort wieder. nun, da dachte ich mir ich untersuch ihn mal einwenig. wär nur klasse wenn ich davon auch ahnung hätte. nunja...habs also hijackthis mal durchlaufen lassen...und dann escan. nun zu meiner frage kann mir bitte jemand nähere auskunft zu meinem mwav.log geben? Sat Sep 24 17:32:57 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken. Sat Sep 24 17:33:01 2005 => Offending value found in HKLM\Software\magnet\handlers\bearshare !!! Sat Sep 24 17:33:01 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Sep 24 17:33:01 2005 => Offending value found in HKLM\Software\Licenses !!! Sat Sep 24 17:33:01 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Sep 24 17:33:01 2005 => Offending value found in HKLM\Software\Licenses !!! Sat Sep 24 17:33:01 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Sep 24 17:33:19 2005 => Offending file found: C:\WINDOWS\iun6002.exe Sat Sep 24 17:33:19 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken. Sat Sep 24 17:33:29 2005 => ***** Scanning Registry for errors created because of Adware/Spyware ***** Sat Sep 24 17:33:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken. Sat Sep 24 17:33:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken. Sat Sep 24 17:33:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\LBTKA.EXE" refers to invalid object "". Action Taken: No Action Taken. Sat Sep 24 17:33:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\TempIccProfiles\". Action Taken: No Action Taken. Sat Sep 24 17:33:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\TempIccProfiles\Non-Recommended\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Nokia\Nokia PC Suite 5\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Nokia\Nokia PC Suite 5\Lang\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Gemeinsame Dateien\Nokia\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Nokia\Nokia PC Suite 5\Components\PhoneBrowserComponents\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Nokia\Nokia PC Suite 5\Components\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Nokia\Nokia PC Suite 5\Components\PhoneBrowserComponents\Lang\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Gemeinsame Dateien\Nokia\MPDB40\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TMPGEnc\TMPGEnc 3.0 XPress\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TMPGEnc\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Eidos Interactive\TRAOD\". Action Taken: No Action Taken. Sat Sep 24 17:33:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Eidos Interactive\". Action Taken: No Action Taken. Sat Sep 24 17:33:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{93656878-FF8B-4935-99BB-F3F260037C57}". Action Taken: No Action Taken. Sat Sep 24 17:33:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IrfanView". Action Taken: No Action Taken. Sat Sep 24 17:33:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IsoBuster_is1". Action Taken: No Action Taken. Sat Sep 24 17:33:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KoolPlaya". Action Taken: No Action Taken. Sat Sep 24 17:33:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7B63B2922B174135AFC0E1377DD81EC2}". Action Taken: No Action Taken. Sat Sep 24 17:33:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8ADFC4160D694100B5B8A22DE9DCABD9}". Action Taken: No Action Taken. Sat Sep 24 17:33:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A4D7B764-4140-11D4-88EB-0050DA3579C0}". Action Taken: No Action Taken. Sat Sep 24 17:33:37 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "E:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken. Sat Sep 24 17:33:37 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "E:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken. Sat Sep 24 17:33:38 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "E:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken. Sat Sep 24 17:33:38 2005 => Entry "HKCR\TypeLib\{0CEBAFA2-A5F8-11D1-B76F-58BB04C10000}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:38 2005 => Entry "HKCR\TypeLib\{1257CD33-90D0-11D1-A197-080009AB3411}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{143C9CF1-E3E7-11D1-A1D2-080009AB3411}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{19362773-E965-11D1-A1F0-080009AB3411}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{3E895E71-0C27-11D2-A212-080009AB3411}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{67800A63-C222-11D1-A1B3-080009AB3411}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "E:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{9F3595E2-B5CC-11D1-B76F-58BB04C10000}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{9FD46A24-F9E8-11D1-A204-080009AB3411}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{C8E100B3-6D59-11D1-A181-080009AB3411}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:39 2005 => Entry "HKCR\TypeLib\{FD6E3405-67CB-11D1-A17E-080009AB3411}" refers to invalid object "E:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken. Sat Sep 24 17:33:40 2005 => Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken. Sat Sep 24 17:33:40 2005 => Entry "HKCR\.xmd" refers to invalid object "xmd". Action Taken: No Action Taken. Sat Sep 24 17:33:40 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Sat Sep 24 17:33:40 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Sat Sep 24 17:33:41 2005 => Entry "HKCR\Kavvlg.Kavvlg" refers to invalid object "{5A61B58E-2B0A-4B67-A882-FFC6FEAF12EE}". Action Taken: No Action Taken. Sat Sep 24 17:33:41 2005 => Entry "HKCR\Kavvlg.Kavvlg.1" refers to invalid object "{5A61B58E-2B0A-4B67-A882-FFC6FEAF12EE}". Action Taken: No Action Taken. Sat Sep 24 17:33:41 2005 => Entry "HKCR\KoolPlayaFile\shell\open\command" refers to invalid object "E:\Koolplaya.exe "%1"". Action Taken: No Action Taken. Sat Sep 24 17:33:41 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Sat Sep 24 17:33:41 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Sat Sep 24 17:33:41 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Sat Sep 24 17:33:42 2005 => Entry "HKCR\RECORDING.RecordingCtrl.1" refers to invalid object "{42A3A9AB-F7B4-40B1-B2AA-F31E35459D4A}". Action Taken: No Action Taken. achja, und was ist zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe) genau? wo fängt man sich denn so wat ein? vielen dank im voraus... |
Servus, sandrafds! Schon versucht, die unerwünschte Adware durch Deinstallation in der Systemsteuerung-->Software zu entfernen? Die Datei Zitat: Zitat:
http://www.bleepingcomputer.com/files/killbox.php mit der Option "delete on reboot" im abgesicherten modus bei abgeschalteter Systemwiederherstellung http://www.systemwiederherstellung-d...indows-xp.html zu löschen! Lass anschließend mal Spybot S&D http://security.kolla.de/ und/oder Adaware http://www.lavasoft.de/ im abgesicherten Modus laufen und entferne, was vorgeschlagen wird. Für die Meldungen wegen der ungültigen Verweise in der Registry benutze RegSeeker http://www.winload.de/download/26877...1.35.1203.html mit der Option "Clean the registry" Danach nach temp. Ordner, Papierkorb leeren und anschließend die Systemwiederherstellung wieder einschalten! Anschließend poste ein HJT-Logfile nach Cidres Anleitung http://www.trojaner-board.de/showthread.php?t=17493 Bis dann, stupormundi |
so, alles gemacht. allerdings findet nix meine blöde bearshare spyware. ich hab das schon ewig nicht mehr auf´m pc. und nix hat bisher deswegen alarm geschlagen. weder ad-aware noch regfreeze noch sonstwas. nur escan schlägt alarm... nunja...eine bitte hab ich noch: bitte nicht mein total veraltetes system auslachen und meine hundert sicherheitsprogs :crazy: ich weiß...ist nicht der hit...ist aber alles was ich habe... Logfile of HijackThis v1.99.1 Scan saved at 20:50:06, on 26.09.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Securepoint Personal Firewall\driver\spfirewallsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\SLEE81.exe C:\WINDOWS\Explorer.EXE C:\Programme\Trojancheck 6.2\tcguard.exe C:\unzipped\rebuilt.anydvd\AnyDVD.exe C:\Programme\D-Tools\daemon.exe C:\programme\securepoint personal firewall\bin\sppfw.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\NOPOPUP\NoPopUp 2003\nopopup.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\unzipped\RegSeeker\RegSeeker\RegSeeker.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\regedit.exe C:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.osnanet.de/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6.2\tcguard.exe O4 - HKLM\..\Run: [AnyDVD] C:\unzipped\rebuilt.anydvd\AnyDVD.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Securepoint Personal Firewall] c:\programme\securepoint personal firewall\bin\sppfw.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NOPOPUP\NoPopUp 2003\nopopup.exe /autorun O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: RegFreeze.lnk = C:\Programme\RegFreeze\regfreeze.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://webmail.osnanet.de O16 - DPF: {24311111-1111-1121-1111-111191113457} - O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe O23 - Service: Securepoint Personal Firewall (spfirewallsvc) - Securepoint Latinoamerica S.A. de C.V. - C:\Programme\Securepoint Personal Firewall\driver\spfirewallsvc.exe vielen dank... |
@Sandrafds update dein system und IE wechsle danach in den abgesicherten modus und fixe mit HJT O16 - DPF: {24311111-1111-1121-1111-111191113457} - neu booten, neues HJT logfile posten chaosman |
da bin ich wieder... mit systemupdaten war nicht viel, da ich so´n nettes modem habe...du weißt schon 56 kb...ähm das würde 10 stunden dauern...aber da ich bald dsl hab...hol ich das dann schnell nach... Logfile of HijackThis v1.99.1 Scan saved at 09:12:43, on 28.09.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Securepoint Personal Firewall\driver\spfirewallsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\SLEE81.exe C:\WINDOWS\Explorer.EXE C:\Programme\Trojancheck 6.2\tcguard.exe C:\unzipped\rebuilt.anydvd\AnyDVD.exe C:\Programme\D-Tools\daemon.exe C:\programme\securepoint personal firewall\bin\sppfw.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\NOPOPUP\NoPopUp 2003\nopopup.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.osnanet.de/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6.2\tcguard.exe O4 - HKLM\..\Run: [AnyDVD] C:\unzipped\rebuilt.anydvd\AnyDVD.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Securepoint Personal Firewall] c:\programme\securepoint personal firewall\bin\sppfw.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NOPOPUP\NoPopUp 2003\nopopup.exe /autorun O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: RegFreeze.lnk = C:\Programme\RegFreeze\regfreeze.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://webmail.osnanet.de O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe O23 - Service: Securepoint Personal Firewall (spfirewallsvc) - Securepoint Latinoamerica S.A. de C.V. - C:\Programme\Securepoint Personal Firewall\driver\spfirewallsvc.exe bearshare hab ich mittlerweile gefunden und enfernt auch, ebenso C:\WINDOWS\iun6002.exe...dafür hab ich jetzt angeblich ezula daruf...GRRRRRRRRRRRR |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:52 Uhr. |
Copyright ©2000-2025, Trojaner-Board