|
Habe keine Ahnung was los ist Hilfe bitte <Hallo Mein Pc ist jetzt seit einiger Zeit oft sehr beschäftigt. Die CPU Auslastung liegt dann oft bei min. 30%. Verknüpfungen auf dem Desktop können nicht mehr gefunden werden. Wenn ich ne Excel Datei öffne, wird der Windows Installer aktiv und möchte die Office Cd haben. ( Beim Initialisieren der VBA Bibliotheken (126) ist ein Fehler aufgetreten) Mein Drucker druckt eine Seite und wird dann nicht mehr erkannt. Es wäre nett, wenn sich jemand mal meinen Logfile unten ansehen könnte. vielen dank noelles Logfile of HijackThis v1.99.1 Scan saved at 20:54:11, on 10.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\Programme\T-DSL SpeedManager\SpeedMgr.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mim.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\noelles\Eigene Dateien\test\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.1und1.de/Herzlich_Willkommen/b1/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.1und1.de/Herzlich_Willkommen/b1/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [MimBoot] C:\Programme\Musicmatch\Musicmatch Jukebox\mimboot.exe O4 - HKLM\..\Run: [MMTray] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Verknüpfung mit msimn.lnk = C:\Programme\Outlook Express\msimn.exe O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O12 - Plugin for .mpg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/ O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - h**p://aolcc.aol.de/computercheckup/qdiagcc.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe [edit] links entfernt [/edit] |
Hi, das Log ist soweit sauber. Mach mal zur Sicherheit einen eScan. Halte Dich bitte genau an die Anleitung und poste das Ergebnis. Dauer ca. 1 Std. cacatoa |
Hallo, hoffe habe alles richtig gemacht. Hier das Ergebnis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Oct 11 18:58:47 2005 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken. Tue Oct 11 18:58:50 2005 => System found infected with unknown pest Spyware/Adware (readme.rtf)! Action taken: No Action Taken. Tue Oct 11 18:58:51 2005 => System found infected with unknown pest Spyware/Adware (readme.rtf)! Action taken: No Action Taken. Tue Oct 11 18:58:55 2005 => System found infected with cws.loadbat Spyware/Adware (hp.htm)! Action taken: No Action Taken. Tue Oct 11 18:58:57 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. Tue Oct 11 18:58:57 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. Tue Oct 11 18:59:59 2005 => Total Disinfected Files: 0 Tue Oct 11 19:14:49 2005 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken. Tue Oct 11 19:14:52 2005 => System found infected with unknown pest Spyware/Adware (readme.rtf)! Action taken: No Action Taken. Tue Oct 11 19:14:53 2005 => System found infected with unknown pest Spyware/Adware (readme.rtf)! Action taken: No Action Taken. Tue Oct 11 19:14:56 2005 => System found infected with cws.loadbat Spyware/Adware (hp.htm)! Action taken: No Action Taken. Tue Oct 11 19:14:57 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. Tue Oct 11 19:14:57 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. Tue Oct 11 19:35:21 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Tue Oct 11 20:58:57 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Oct 11 18:58:30 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!! Tue Oct 11 18:58:45 2005 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!! Tue Oct 11 18:58:45 2005 => Offending Key found: HKLM\Software\limewire !!! Tue Oct 11 18:58:46 2005 => Offending Folder found: C:\Programme\limewire Tue Oct 11 18:58:47 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek\gtupdate\aupdate\channels\channels.ini Tue Oct 11 18:58:50 2005 => Offending file found: C:\Dokumente und Einstellungen\noelles\Eigene Dateien\software\adobe\customer support\test files\readme.rtf Tue Oct 11 18:58:51 2005 => Offending file found: C:\Dokumente und Einstellungen\noelles\Eigene Dateien\software\adobe\english\extending acrobat\asian fonts\cjk test files\readme.rtf Tue Oct 11 18:58:55 2005 => Offending file found: C:\Dokumente und Einstellungen\noelles\Eigene Dateien\software\web\dreamweaver\macromedia mx 2004\dreamweaver mx 2004\plugins\p7_carringtonpress\carrington_press\auth\hp.htm Tue Oct 11 19:10:22 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!! Tue Oct 11 19:14:45 2005 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!! Tue Oct 11 19:14:45 2005 => Offending Key found: HKLM\Software\limewire !!! Tue Oct 11 19:14:48 2005 => Offending Folder found: C:\Programme\limewire Tue Oct 11 19:14:49 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek\gtupdate\aupdate\channels\channels.ini Tue Oct 11 19:14:52 2005 => Offending file found: C:\Dokumente und Einstellungen\noelles\Eigene Dateien\software\adobe\customer support\test files\readme.rtf Tue Oct 11 19:14:53 2005 => Offending file found: C:\Dokumente und Einstellungen\noelles\Eigene Dateien\software\adobe\english\extending acrobat\asian fonts\cjk test files\readme.rtf Tue Oct 11 19:14:56 2005 => Offending file found: C:\Dokumente und Einstellungen\noelles\Eigene Dateien\software\web\dreamweaver\macromedia mx 2004\dreamweaver mx 2004\plugins\p7_carringtonpress\carrington_press\auth\hp.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tue Oct 11 18:59:59 2005 => Total Virus(es) Found: 10 Tue Oct 11 20:58:57 2005 => Total Virus(es) Found: 10 Tue Oct 11 18:59:59 2005 => Total Errors: 1231 Tue Oct 11 20:58:57 2005 => Total Errors: 1249 Tue Oct 11 18:59:59 2005 => Time Elapsed: 00:02:37 Tue Oct 11 20:58:57 2005 => Time Elapsed: 01:46:17 Tue Oct 11 18:59:59 2005 => Total Objects Scanned: 21205 Tue Oct 11 20:58:57 2005 => Total Objects Scanned: 77486 Tue Oct 11 18:56:42 2005 => Virus Database Date: 2005/10/08 Tue Oct 11 19:00:00 2005 => Virus Database Date: 2005/10/08 Tue Oct 11 19:00:02 2005 => Virus Database Date: 2005/10/08 Tue Oct 11 19:01:58 2005 => Virus Database Date: 2005/10/08 Tue Oct 11 19:09:07 2005 => Virus Database Date: 2005/10/11 Tue Oct 11 20:58:57 2005 => Virus Database Date: 2005/10/11 Tue Oct 11 21:02:27 2005 => Virus Database Date: 2005/10/11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Hi, laß mal im abgesicherten Modus Sypbot S&D 1.4 und AdAware SE laufen. Beide Progs zuerst updaten! Berichte das Ergebnis. cacatoa |
Ad-Aware SE Build 1.06r1 Logfile Created on:Dienstag, 11. Oktober 2005 21:54:55 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R47 24.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):20 total references Tracking Cookie(TAC index:3):6 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11.10.2005 21:54:55 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Administrator\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-682003330-746137067-839522115-500\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-682003330-746137067-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-682003330-746137067-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-682003330-746137067-839522115-500\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 168 ThreadCreationTime : 11.10.2005 19:48:04 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 216 ThreadCreationTime : 11.10.2005 19:48:13 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 240 ThreadCreationTime : 11.10.2005 19:48:15 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 284 ThreadCreationTime : 11.10.2005 19:48:21 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 296 ThreadCreationTime : 11.10.2005 19:48:21 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 444 ThreadCreationTime : 11.10.2005 19:48:26 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 508 ThreadCreationTime : 11.10.2005 19:48:28 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 564 ThreadCreationTime : 11.10.2005 19:48:31 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 756 ThreadCreationTime : 11.10.2005 19:48:43 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:10 [spybotsd.exe] FilePath : C:\Programme\Spybot - Search & Destroy\ ProcessID : 860 ThreadCreationTime : 11.10.2005 19:49:07 BasePriority : Normal FileVersion : 1.4.0.3 ProductVersion : 1, 4, 0, 3 ProductName : SpyBot-S&D CompanyName : Safer Networking Limited FileDescription : Spybot - Search & Destroy InternalName : SpybotSD LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : SpyBotSD.exe Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen. #:11 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1052 ThreadCreationTime : 11.10.2005 19:54:29 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 20 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 20 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 20 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 20 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : nicoda@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Nicoda\Cookies\nicoda@2o7[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : nicoda@advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Nicoda\Cookies\nicoda@advertising[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : nicoda@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Nicoda\Cookies\nicoda@atdmt[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : nicoda@doubleclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Nicoda\Cookies\nicoda@doubleclick[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : nicoda@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Nicoda\Cookies\nicoda@mediaplex[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : nicoda@servedby.advertising[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Nicoda\Cookies\nicoda@servedby.advertising[2].txt Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 2 entries scanned. New critical objects:0 Objects found so far: 26 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 26 22:07:27 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:12:32.78 Objects scanned:112330 Objects identified:6 Objects ignored:0 New critical objects:6 |
Na, das ist schon mal gut. Die MRU-Listen kannst löschen. Was sagte Spybot? cacatoa |
spybot meldet keine infektionen. herzlichen glückwunsch |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:31 Uhr. |
Copyright ©2000-2025, Trojaner-Board