|
Umleitung im IE Guten Tag, Seit einiger Zeit habe ich das Problem ständig umgeleitet zu werden wenn ich einen Link im Internetexplorer( z.b. bei Google oder so) anklicke Diverse Scanner (Spywaredoc, oder Virenscanner) haben bisher nicht fkt. Drum dachte ich das vielleicht jemand mal diese logfile durchstöbern könnte, wenn zeit und lust besteht, das wäre echt sehr nett. Denn bedauerlicherweise hab ich von solchen Dingen nur wenig Ahnung.:balla: Vielen Dank schon mal im Voraus Logfile of HijackThis v1.99.1 Scan saved at 20:30:18, on 26.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Messenger\msmsgs.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Programme\Internet Explorer\IEXPLORE.EXE E:\zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.versatel.de/internet-cd/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/ R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - {4F708013-1888-739C-8AD7-8011B5617983} - defect08.dll (file missing) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [xxtoolbar] lpt.exe O4 - HKLM\..\Run: [Uint32] FLKPT.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [dmpzt.exe] C:\WINDOWS\system32\dmpzt.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ftbar] ActionScr.exe O4 - HKCU\..\Run: [br0ken] gabber.exe O4 - HKCU\..\Run: [slamm] gabber.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Spyware Doctor\sdhelp.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
Hi, also da steht einiges an Arbeit an. Lass bitte diese Dateien Zitat:
Poste dann das Ergebnis hier; bitte komplett, auch die Angaben bei keinen Funden und die Angabe der Dateigröße sind wichtig. Lade dir dann bitte SIlentrunners nach dieser Anleitung herunter und poste das Logfile anschliessend hier. Dann sehen wir weiter. :) Lg kathrin |
Und das auch noch: O4 - HKLM\..\Run: [Uint32] FLKPT.exe O4 - HKLM\..\Run: [dmpzt.exe] C:\WINDOWS\system32\dmpzt.exe O4 - HKCU\..\Run: [ftbar] ActionScr.exe O4 - HKCU\..\Run: [br0ken] gabber.exe O4 - HKCU\..\Run: [slamm] gabber.exe |
Die Zitat:
Lass sie aber bitte auch durchlaufen, dann haben wir diesbezüglich zumindest sicherheit. lg kathrin |
Hallo, vielen Dank für die schnellen Antworten, wirklich sehr freundlich also die meisten Dateien nach denen ich suchen sollte konnte ich nicht finden ausser der dmpzt.exe: STATUS: FINISHEDComplete scanning result of "dmpzt.exe", received in VirusTotal at 09.27.2006, 02:16:24 (CET). Antivirus Version Update Result AntiVir 7.2.0.18 09.26.2006 HEUR/Malware Authentium 4.93.8 09.26.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus Avast 4.7.892.0 09.26.2006 Win32:Small-EK AVG 386 09.26.2006 no virus found BitDefender 7.2 09.27.2006 MemScan:Trojan.Small.AA CAT-QuickHeal 8.00 09.26.2006 Trojan.DNSChanger ClamAV devel- 20060426 09.26.2006 Trojan.Small-255 DrWeb 4.33 09.26.2006 T rojan.DownLoader.5401 eTrust-InoculateIT 23.73.5 09.26.2006 no virus found eTrust-Vet 3 0.3.3102 09.26.2006 Win32/Alureon!generic Ewido 4.0 09.26.2006 Trojan.Pakes Fortinet 2.82.0.0 09.26.2006 suspicious F-Prot 3.16f 09.26.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus F-Prot4 4.2.1. 29 09.25.2006 W32/SecRisk-ProcessPatcher-based!Maximus Ikarus 0.2.65.0 09.26.2006 no virus found Kaspersky 4.0.2.24 09.27.2006 Trojan.Win32.Small.fb McAfee 4860 09.26.2006 Downloader-ARR Microsoft 1.1603 09.26.2006 no virus found NOD32v2 1.1777 09.26.2006 Win32/Small.FB Norman 5.90.23 09.26.2006 no virus found Panda 9.0.0.4 09.26.2006 Trj/Ruins.MB Sophos 4.10.0 09.26.2006 Mal/Packer Symantec 8.0 09.27.2006 no virus found TheHacker 6.0.1.081 09.26.2006 no virus found UNA 1.83 09.26.2006 no virus found VBA32 3.11.1 09.26.2006 Trojan-Downloader.Win32.Small.bwx VirusBuster 4.3.7:9 09.26.2006 no virus found Aditional Information File size: 44032 bytes MD5: d4509c5184f901298d24cf0b9321bfa6 -------------------------------------------------------------------------- der silentrunner hat folgendes ausgespuckt: "Silent Runners.vbs", revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "IncrediMail" = "C:\Programme\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."] "ftbar" = "ActionScr.exe" [file not found] "br0ken" = "gabber.exe" [file not found] "slamm" = "gabber.exe" [file not found] "updateMgr" = ""C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "LaunchAp" = "C:\Programme\Launch Manager\LaunchAp.exe" [empty string] "HotkeyApp" = "C:\Programme\Launch Manager\HotkeyApp.exe" ["Wistron"] "CtrlVol" = "C:\Programme\Launch Manager\CtrlVol.exe" ["Wistron"] "LMgrOSD" = "C:\Programme\Launch Manager\OSD.exe" ["Wistron"] "Wbutton" = ""C:\Programme\Launch Manager\Wbutton.exe"" [empty string] "SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "Realtime Monitor" = "C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" ["Computer Associates International, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "PCMService" = ""C:\Programme\Home Cinema\PowerCinema\PCMService.exe"" ["CyberLink Corp."] "ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "xxtoolbar" = "lpt.exe" [file not found] "Uint32" = "FLKPT.exe" [file not found] "ICQ Lite" = ""C:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."] "dmpzt.exe" = "C:\WINDOWS\system32\dmpzt.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\(Default) = "myBar BHO" -> {HKLM...CLSID} = "myBar BHO" \InProcServer32\(Default) = "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL" ["My Way"] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = "*b" (unwritable string) -> {HKLM...CLSID} = "bho2gr Class" \InProcServer32\(Default) = "C:\Programme\GetRight\xx2gr.dll" ["Headlight Software, Inc."] {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Quick!" \InProcServer32\(Default) = "C:\Programme\quickbar\quickbar.dll" [empty string] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided) -> {HKLM...CLSID} = "PCTools Site Guard" \InProcServer32\(Default) = "C:\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"] {B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided) -> {HKLM...CLSID} = "PCTools Browser Monitor" \InProcServer32\(Default) = "C:\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell" -> {HKLM...CLSID} = "InoShell" \InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte" -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "System" = "csnqk.exe" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}" -> {HKLM...CLSID} = "IMMenuShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\INCRED~1\bin\ImShExt.dll" ["IncrediMail, Ltd."] InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" -> {HKLM...CLSID} = "InoShell" \InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" -> {HKLM...CLSID} = "InoShell" \InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\xx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\scrnsave.scr" [MS] Startup items in "xx" & "All Users" startup folders: ----------------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "ATI CATALYST System Tray" -> shortcut to: "C:\Programme\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}" -> {HKLM...CLSID} = "My &Search Bar" \InProcServer32\(Default) = "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL" ["My Way"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}" -> {HKLM...CLSID} = "Quick!" \InProcServer32\(Default) = "C:\Programme\quickbar\quickbar.dll" [empty string] "{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}" -> {HKLM...CLSID} = "My &Search Bar" \InProcServer32\(Default) = "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL" ["My Way"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string] "{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}" = (no title provided) -> {HKLM...CLSID} = "My &Search Bar" \InProcServer32\(Default) = "C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL" ["My Way"] "{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}" = (no title provided) -> {HKLM...CLSID} = "Quick!" \InProcServer32\(Default) = "C:\Programme\quickbar\quickbar.dll" [empty string] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [empty string] HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\(Default) = "My Search Bar Quick View" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {09E5F659-139F-4022-9097-02E25F93F02A}\ "ButtonText" = "MedionShop" "Exec" = "http://www.medionshop.de/" [file not found] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ "ButtonText" = "Spyware Doctor" "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" -> {HKLM...CLSID} = "PCTools Browser Monitor" \InProcServer32\(Default) = "C:\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"] {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.versatel.de/internet-cd/ Missing lines (compared with English-language version): [Strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ "{4F708013-1888-739C-8AD7-8011B5617983}" = "ssweeper" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "defect08.dll" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Ereignisprotokoll-Überwachung, LogWatch, "C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe" ["Computer Associates"] eTrust Antivirus Job Server, InoTask, ""C:\Programme\CA\eTrust Antivirus\InoTask.exe"" ["Computer Associates International, Inc."] eTrust Antivirus Realtime Server, InoRT, ""C:\Programme\CA\eTrust Antivirus\InoRT.exe"" ["Computer Associates International, Inc."] eTrust Antivirus RPC Server, InoRPC, ""C:\Programme\CA\eTrust Antivirus\InoRpc.exe"" ["Computer Associates International, Inc."] PC Tools Spyware Doctor, SDhelper, "C:\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor i560\Driver = "CNMLM58.DLL" ["CANON INC."] hpzlnt04\Driver = "hpzlnt04.dll" ["HP"] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 61 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 10 seconds. ---------- (total run time: 100 seconds) |
Hallo, scanne vorab auch die Datei csnqk.exe (sollte in c:\windows\system32 liegen) bei virustotal und poste das Ergebnis hier. Gruß Schrulli |
Tut mir leid aber eine "csnqk.exe" kann ich nicht finden. Entweder ich suche irgendwie falsch (machs aber nach der gelinkten Anleitung) oder diese datei hat vielleicht schon irgend ein Viren- resp. Spywarescanner gelöscht. Kann sowas sein? |
|
hi, also ich tat wie mir geheißen und hab, wie in der Anleitung beschrieben, alles durchstöbert aber leider ohne Erfolg. MFG Bob |
Hallo, ich greife myrtille jetzt mal vorraus und Du lädst Dir Fixwareout. Den Inhalt der C:\fixwareout\report.txt postest Du dann hier. Gruß Schrulli |
So, hier nun also der Report: Ich wollte die letzten Dateien von Virustotal checken lassen, aber das dauert wohl noch ein bisschen. UNd vielen dank fürs Interesse Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\gib_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\dknmd ... Random Runs removed from HKLM "dmnkd.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... C:\WINDOWS\SYSTEM32\DMNKD.EXE C:\WINDOWS\SYSTEM32\DMVDO.EXE * csr.exe C:\WINDOWS\System32\CSNOI.EXE * csr.exe C:\WINDOWS\System32\CSUSP.EXE »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSNOI.EXE 51.200 2004-12-31 C:\WINDOWS\SYSTEM32\CSUSP.EXE 51.233 2006-03-18 C:\WINDOWS\SYSTEM32\DMNKD.EXE 44.032 2004-08-04 C:\WINDOWS\SYSTEM32\DMVDO.EXE 44.032 2004-08-04 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. |
Also hier jetzt die 4 Dateien mit virustotal gescannt, ich glaube das sieht nicht gut aus oder? Ich nehme an das jetzt alles löschen? MFG Bob CSNOI. EXE STATUS: FINISHEDComplete scanning result of "csnoi.exe", received in VirusTotal at 09.27.2006, 19:42:21 (CET). Antivirus Version Update Result AntiVir 7.2.0.18 09.27.2006 TR/Dldr.Agent.UJ.12 Authentium 4.93.8 09.27.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus Avast 4.7.892.0 09.27.2006 Win32:Agent-IU AVG 386 09.27.2006 Downloader.Agent.BQI BitDefender 7.2 09.27.2006 Trojan.Downloader.FFZ CAT-QuickHeal 8.00 09.27.2006 Trojan.DNSChanger ClamAV devel-20060426 09.27.2006 Trojan.Downloader.Agent-267 DrWeb 4.33 09.27.2006 Trojan.DownLoader.9145 eTrust-InoculateIT 23.73.6 09.27.2006 no virus found eTrust-Vet 30.3.3103 09.27.2006 Win32/Alureon!generic Ewido 4.0 09.27.2006 Downloader.Agent.uj Fortinet 2.82.0.0 09.27.2006 suspicious F-Prot 3.16f 09.27.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus F-Prot4 4.2.1.29 09.27.2006 W32/SecRisk-ProcessPatcher-based!Maximus Ikarus 0.2.65.0 09.27.2006 no virus found Kaspersky 4.0.2.24 09.27.2006 Trojan-Downloader.Win32.Agent.uj McAfee 4861 09.27.2006 Downloader-ASI Microsoft 1.1603 09.27.2006 no virus found NOD32v2 1.1779 09.27.2006 a variant of Win32/Small.FB Norman 5.90.23 09.27.2006 no virus found Panda 9.0.0.4 09.27.2006 Trj/Ruins.MB Sophos 4.10.0 09.27.2006 Mal/Packer Symantec 8.0 09.27.2006 Trojan Horse TheHacker 6.0.1.084 09.27.2006 no virus found UNA 1.83 09.27.2006 no virus found VBA32 3.11.1 09.27.2006 Trojan.DownLoader.4316 VirusBuster 4.3.7:9 09.27.2006 no virus found Aditional Information File size: 51200 bytes MD5: 5ba4296edb68e47be5828d0a84f96d5b SHA1: d75afaf54be9d79038e59618cded67574578eaec VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity CSUSP.EXE STATUS: FINISHEDComplete scanning result of "csusp.exe", received in VirusTotal at 09.27.2006, 20:55:15 (CET). Antivirus Version Update Result AntiVir 7.2.0.18 09.27.2006 TR/Dldr.Agent.UJ.147 Authentium 4.93.8 09.27.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus Avast 4.7.892.0 09.27.2006 Win32:Agent-IU AVG 386 09.27.2006 Downloader.Agent.13.AV BitDefender 7.2 09.27.2006 Trojan.Downloader.FFZ CAT-QuickHeal 8.00 09.27.2006 Trojan.DNSChanger ClamAV devel-20060426 09.27.2006 Trojan.Downloader.Agent-267 DrWeb 4.33 09.27.2006 Trojan.DownLoader.9145 eTrust-InoculateIT 23.73.6 09.27.2006 no virus found eTrust-Vet 30.3.3103 09.27.2006 Win32/Alureon!generic Ewido 4.0 09.27.2006 Downloader.Agent.uj Fortinet 2.82.0.0 09.27.2006 suspicious F-Prot 3.16f 09.27.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus F-Prot4 4.2.1.29 09.27.2006 W32/SecRisk-ProcessPatcher-based!Maximus Ikarus 0.2.65.0 09.27.2006 no virus found Kaspersky 4.0.2.24 09.27.2006 Trojan-Downloader.Win32.Agent.uj McAfee 4861 09.27.2006 Downloader-ASI Microsoft 1.1603 09.27.2006 no virus found NOD32v2 1.1780 09.27.2006 a variant of Win32/Small.FB Norman 5.90.23 09.27.2006 no virus found Panda 9.0.0.4 09.27.2006 Trj/Vidro.A Sophos 4.10.0 09.27.2006 Mal/Packer Symantec 8.0 09.27.2006 Downloader TheHacker 6.0.1.084 09.27.2006 no virus found UNA 1.83 09.27.2006 no virus found VBA32 3.11.1 09.27.2006 Trojan.DownLoader.4316 VirusBuster 4.3.7:9 09.27.2006 Trojan.DL.Agent.CDJ Aditional Information File size: 51233 bytes MD5: 7f644e6d8cd28e1a14abbe65cb7c7064 SHA1: ca88340c7f77947f399e596926e49eb293fc085e DMVDO.EXE STATUS: FINISHEDComplete scanning result of "dmvdo.exe", received in VirusTotal at 09.27.2006, 22:33:01 (CET). Antivirus Version Update Result AntiVir 7.2.0.18 09.27.2006 HEUR/Malware Authentium 4.93.8 09.27.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus Avast 4.7.892.0 09.27.2006 Win32:Small-EK AVG 386 09.27.2006 no virus found BitDefender 7.2 09.27.2006 MemScan:Trojan.Small.AA CAT-QuickHeal 8.00 09.27.2006 Trojan.DNSChanger ClamAV devel-20060426 09.27.2006 Trojan.Small-255 DrWeb n - no virus found eTrust-InoculateIT 23.73.6 09.27.2006 no virus found eTrust-Vet 30.3.3103 09.27.2006 Win32/Alureon!generic Ewido 4.0 09.27.2006 Trojan.Pakes Fortinet 2.82.0.0 09.27.2006 W32/ARR.FB!tr F-Prot 3.16f 09.27.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus F-Prot4 4.2.1.29 09.27.2006 W32/SecRisk-ProcessPatcher-based!Maximus Ikarus 0.2.65.0 09.27.2006 no virus found Kaspersky 4.0.2.24 09.27.2006 Trojan.Win32.Small.fb McAfee 4861 09.27.2006 Downloader-ARR Microsoft 1.1603 09.27.2006 no virus found NOD32v2 1.1780 09.27.2006 Win32/Small.FB Norman 5.90.23 09.27.2006 no virus found Panda 9.0.0.4 09.27.2006 Trj/Ruins.MB Sophos 4.10.0 09.27.2006 Mal/Packer Symantec 8.0 09.27.2006 no virus found TheHacker 6.0.1.084 09.27.2006 Trojan/Small.fb UNA 1.83 09.27.2006 no virus found VBA32 3.11.1 09.27.2006 Trojan-Downloader.Win32.Small.bwx VirusBuster 4.3.7:9 09.27.2006 no virus found Aditional Information File size: 44032 bytes MD5: d4509c5184f901298d24cf0b9321bfa6 SHA1: 81c88341484a31e6629138fe7b746c22c6353651 DMNKD.EXE STATUS: FINISHEDComplete scanning result of "dmnkd.exe", received in VirusTotal at 09.27.2006, 21:43:20 (CET). Antivirus Version Update Result AntiVir 7.2.0.18 09.27.2006 HEUR/Malware Authentium 4.93.8 09.27.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus Avast 4.7.892.0 09.27.2006 Win32:Small-EK AVG 386 09.27.2006 no virus found BitDefender 7.2 09.27.2006 MemScan:Trojan.Small.AA CAT-QuickHeal 8.00 09.27.2006 Trojan.DNSChanger ClamAV devel-20060426 09.27.2006 Trojan.Small-255 DrWeb 4.33 09.27.2006 Trojan.DownLoader.5401 eTrust-InoculateIT 23.73.6 09.27.2006 no virus found eTrust-Vet 30.3.3103 09.27.2006 Win32/Alureon!generic Ewido 4.0 09.27.2006 Trojan.Pakes Fortinet 2.82.0.0 09.27.2006 W32/ARR.FB!tr F-Prot 3.16f 09.27.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus F-Prot4 4.2.1.29 09.27.2006 W32/SecRisk-ProcessPatcher-based!Maximus Ikarus 0.2.65.0 09.27.2006 no virus found Kaspersky 4.0.2.24 09.27.2006 Trojan.Win32.Small.fb McAfee 4861 09.27.2006 Downloader-ARR Microsoft 1.1603 09.27.2006 no virus found NOD32v2 1.1780 09.27.2006 Win32/Small.FB Norman 5.90.23 09.27.2006 no virus found Panda 9.0.0.4 09.27.2006 Trj/Ruins.MB Sophos 4.10.0 09.27.2006 Mal/Packer Symantec 8.0 09.27.2006 no virus found TheHacker 6.0.1.084 09.27.2006 Trojan/Small.fb UNA 1.83 09.27.2006 no virus found VBA32 3.11.1 09.27.2006 Trojan-Downloader.Win32.Small.bwx VirusBuster 4.3.7:9 09.27.2006 no virus found Aditional Information File size: 44032 bytes |
Hi, die 4: Zitat:
Wegen der beiden Datein die du nicht gefunden hast: Lasse bitte cleanup durchlaufen und führe dann die datfind.bat aus und setze die 4 Logs hier rein, die letzten 3 Monate sollten dabei jeweils reichen! Die kriegen wir auch noch. :) Lg myrtille |
Ok also ich hab jetzt alle 4 bösewichte so wie beschrieben beseitigt, cleanup durchlaufenlassen und knapp 1 Gb Speicher freibekommen, das ist echt super vielen Dank schonmal. Gruß Bob Hier sind jetzt diese 4 Dateien aus datfind: SYSTEM 32 Verzeichnis von C:\WINDOWS\system32 28.09.2006 01:27 2.206 wpa.dbl 28.09.2006 01:26 236.539 kspydoc.log 28.09.2006 01:26 0 Sweeper.cfg 15.09.2006 22:01 43.520 CmdLineExt03.dll 11.09.2006 19:37 8.960.936 MRT.exe 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe 18.08.2006 20:05 531.280 FNTCACHE.DAT 11.08.2006 19:31 352.401 DivXMedia.ax 09.08.2006 02:38 516.096 ac3filter.ax 09.08.2006 02:38 16.384 ac3config.exe 28.07.2006 13:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 25.07.2006 22:33 615.936 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 15.07.2006 10:14 376.350 perfh009.dat 15.07.2006 10:14 52.148 perfc009.dat 15.07.2006 10:14 386.912 perfh007.dat 15.07.2006 10:14 62.974 perfc007.dat 15.07.2006 10:14 886.992 PerfStringBackup.INI 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 07.07.2006 21:30 73.728 ts.dll 05.07.2006 12:55 1.057.792 kernel32.dll 26.06.2006 19:40 8.192 rasadhlp.dll 26.06.2006 19:40 148.480 dnsapi.dll 23.06.2006 13:10 664.576 wininet.dll 23.06.2006 13:10 474.624 shlwapi.dll 23.06.2006 13:10 146.432 msrating.dll 23.06.2006 13:10 39.424 pngfilt.dll 23.06.2006 13:10 1.494.016 shdocvw.dll 23.06.2006 13:10 448.512 mshtmled.dll 23.06.2006 13:10 532.480 mstime.dll 23.06.2006 13:10 152.064 cdfview.dll 23.06.2006 13:10 357.888 dxtmsft.dll 23.06.2006 13:10 96.768 inseng.dll 23.06.2006 13:10 16.384 jsproxy.dll 23.06.2006 13:10 205.312 dxtrans.dll 23.06.2006 13:10 251.392 iepeers.dll 23.06.2006 13:10 1.056.256 danim.dll 23.06.2006 13:10 1.022.976 browseui.dll 23.06.2006 13:10 55.808 extmgr.dll 23.06.2006 10:53 27.136 xpsp3res.dll 22.06.2006 07:06 1.441.792 query.dll 22.06.2006 07:06 69.120 ciodm.dll 19.06.2006 16:20 702.768 WgaLogon.dll 19.06.2006 16:19 571.184 LegitCheckControl.dll 19.06.2006 16:19 304.944 WgaTray.exe 02.06.2006 00:10 3.596.288 qt-dx331.dll 02.06.2006 00:09 53.248 dpuGUI10.dll 02.06.2006 00:09 90.112 dpl100.dll 02.06.2006 00:09 593.920 dpuGUI11.dll 02.06.2006 00:09 200.704 dtu100.dll 02.06.2006 00:09 344.064 dpus11.dll 02.06.2006 00:09 57.344 dpv11.dll 02.06.2006 00:09 294.912 dpu11.dll 02.06.2006 00:09 294.912 dpu10.dll 02.06.2006 00:08 700.416 divxdec.ax 02.06.2006 00:07 4.276 divxsm.tlb 02.06.2006 00:07 536.576 DivXsm.exe 02.06.2006 00:07 10.716 dsm_ja.qm 02.06.2006 00:07 15.331 dsm_de.qm 02.06.2006 00:07 15.172 dsm_fr.qm 02.06.2006 00:07 1.044.480 libdivx.dll 02.06.2006 00:07 200.704 ssldivx.dll 02.06.2006 00:07 245.408 unicows.dll 02.06.2006 00:06 778.240 divx_xx07.dll 02.06.2006 00:06 778.240 divx_xx0c.dll 02.06.2006 00:06 761.856 divx_xx11.dll 02.06.2006 00:06 619.156 DivX.dll 02.06.2006 00:06 12.288 DivXWMPExtType.dll 02.06.2006 00:06 118.784 DivXCodecUpdateChecker.exe 02.06.2006 00:06 8.523 dpude.qm 02.06.2006 00:06 3.136 dtu_de.qm 01.06.2006 20:47 163.840 jgdw400.dll 01.06.2006 20:47 27.648 jgpl400.dll TEMP Datentr„ger in Laufwerk C: ist Platte C Volumeseriennummer: F418-7F23 Verzeichnis von C:\DOKUME~1\xx\LOKALE~1\Temp 28.09.2006 01:27 16.384 Perflib_Perfdata_19c.dat 28.09.2006 01:27 16.384 ~DF8083.tmp 28.09.2006 01:27 512 ~DF6E49.tmp 28.09.2006 01:27 16.384 ~DF6E25.tmp 28.09.2006 01:27 16.384 Perflib_Perfdata_4c4.dat 28.09.2006 01:26 16.384 Perflib_Perfdata_e8.dat 6 Datei(en) 82.432 Bytes 0 Verzeichnis(se), 3.081.687.040 Bytes frei WINDOWS Datentr„ger in Laufwerk C: ist Platte C Volumeseriennummer: F418-7F23 Verzeichnis von C:\WINDOWS 28.09.2006 01:27 4.268 ModemLog_Intel(R) 537EA Modem.txt 28.09.2006 01:27 2.118 ModemLog_Kommunikationskabel zwischen zwei Computern.txt 28.09.2006 01:26 159 wiadebug.log 28.09.2006 01:26 1.630.392 WindowsUpdate.log 28.09.2006 01:26 50 wiaservc.log 28.09.2006 01:26 0 0.log 28.09.2006 01:26 2.048 bootstat.dat 28.09.2006 01:25 32.630 SchedLgU.Txt 27.09.2006 19:03 202 NeroDigital.ini 27.09.2006 10:25 6.679 KB925486.log 27.09.2006 02:56 155 winamp.ini 26.09.2006 19:12 106 drwatson.log 26.09.2006 14:40 737.280 iun6002.exe 26.09.2006 13:07 937 xpsp1hfm.log 26.09.2006 13:07 660 Q331958.log 26.09.2006 00:11 195.461 wmsetup.log 15.09.2006 21:57 375.780 setupapi.log 15.09.2006 03:02 170.817 comsetup.log 15.09.2006 03:02 103.866 ntdtcsetup.log 15.09.2006 03:02 77.882 iis6.log 15.09.2006 03:02 1.374 imsins.log 15.09.2006 03:02 27.279 ocmsn.log 15.09.2006 03:02 198.839 tsoc.log 15.09.2006 03:02 13.076 KB920685.log 15.09.2006 03:02 253.219 ocgen.log 15.09.2006 03:02 24.873 msgsocm.log 15.09.2006 03:02 497.807 FaxSetup.log 15.09.2006 03:02 1.374 imsins.BAK 15.09.2006 03:02 14.989 KB920872.log 15.09.2006 03:02 13.267 KB919007.log 15.09.2006 03:02 9.179 KB922582.log 15.09.2006 03:02 25.191 updspapi.log 13.09.2006 11:53 8.409 WgaNotify.log 11.09.2006 01:16 4.962 DirectX.log 05.09.2006 21:44 38 AviSplitter.INI 05.09.2006 19:42 249 cdplayer.ini 22.08.2006 17:52 222.533 setupact.log 10.08.2006 03:02 16.655 KB920214.log 10.08.2006 03:02 16.371 KB921883.log 10.08.2006 03:02 16.228 KB922616.log 10.08.2006 03:02 16.696 KB921398.log 10.08.2006 03:01 19.869 KB918899.log 10.08.2006 03:01 12.090 KB920670.log 10.08.2006 03:01 12.253 KB917422.log 10.08.2006 03:00 12.456 KB920683.log 03.08.2006 19:33 182.725 Bild 010-1.jpg 15.07.2006 03:01 11.826 KB917159.log 15.07.2006 03:01 12.339 KB914388.log 15.07.2006 03:01 10.408 KB916595.log 17.06.2006 11:19 1.830 spupdsvc.log 17.06.2006 10:06 12.705 KB917734.log 17.06.2006 10:05 14.727 KB918439.log 17.06.2006 10:05 15.087 KB917344.log 17.06.2006 10:04 14.863 KB917953.log 17.06.2006 10:04 14.838 KB911280.log 17.06.2006 10:04 18.102 KB916281.log 17.06.2006 10:04 11.702 KB914389.log 12.06.2006 00:56 2.362 mozver.dat 12.06.2006 00:49 332 wininit.ini 03.06.2006 14:54 34.420 KB899587.log 03.06.2006 14:54 33.529 KB896422.log 03.06.2006 14:53 33.567 KB911927.log 03.06.2006 14:53 33.065 KB901017.log 03.06.2006 14:52 33.374 KB899591.log 03.06.2006 14:52 33.588 KB896424.log 03.06.2006 14:51 33.569 KB893756.log 03.06.2006 14:50 32.497 KB911562.log 03.06.2006 14:50 30.338 KB896423.log 03.06.2006 14:49 32.319 KB900485.log 03.06.2006 14:48 31.115 KB887742.log 03.06.2006 14:46 31.784 KB896358.log 03.06.2006 14:45 25.974 KB910437.log 03.06.2006 14:45 22.062 KB898458.log 03.06.2006 14:44 26.245 KB911564.log 03.06.2006 14:39 34.794 KB912812.log 03.06.2006 14:37 30.989 KB902400.log 03.06.2006 14:35 22.578 KB890046.log 03.06.2006 14:34 21.841 KB905414.log 03.06.2006 14:34 21.208 KB901214.log 03.06.2006 14:33 21.943 KB900725.log 03.06.2006 14:32 19.452 KB912919.log 03.06.2006 14:32 18.993 KB904706.log 03.06.2006 14:31 18.726 KB908531.log 03.06.2006 14:29 18.221 KB905749.log 03.06.2006 14:28 18.484 KB913580.log 03.06.2006 14:27 12.333 KB911565.log 03.06.2006 14:23 16.447 KB896428.log 03.06.2006 14:23 17.211 KB911567.log 03.06.2006 14:21 17.205 KB894391.log 03.06.2006 14:20 14.812 KB908519.log 03.06.2006 14:20 10.971 KB913446.log 03.06.2006 14:20 17.226 KB890859.log 02.06.2006 21:22 9.969 WGA.log 02.06.2006 21:21 8.843 KB898461.log 02.06.2006 21:21 11.632 KB893803v2.log C Datentr„ger in Laufwerk C: ist Platte C Volumeseriennummer: F418-7F23 Verzeichnis von C:\ 28.09.2006 01:39 0 sys.txt 28.09.2006 01:38 12.468 system.txt 28.09.2006 01:38 573 systemtemp.txt 28.09.2006 01:37 107.081 system32.txt 28.09.2006 01:26 535.875.584 hiberfil.sys 28.09.2006 01:26 803.708.928 pagefile.sys 27.09.2006 17:27 456.823 Fixwareout.exe 27.09.2006 13:14 15.895.440 DivXCreate.exe 19.10.2004 15:53 211 boot.ini 05.09.2004 09:35 100 AUTOEXEC.BAT 17.08.2004 17:43 0 CONFIG.SYS 17.08.2004 17:43 0 IO.SYS 17.08.2004 17:43 0 MSDOS.SYS 04.08.2004 14:00 4.952 bootfont.bin 04.08.2004 14:00 47.564 NTDETECT.COM 04.08.2004 14:00 251.184 ntldr 16 Datei(en) 1.356.360.908 Bytes 0 Verzeichnis(se), 3.081.637.888 Bytes frei |
Hmm, also ich seh jetzt erstmal nix, vielleicht kann da aber nochmal jemand drüber schauen? Poste bitte noch ein neues HijackthisLog! lg myrtille |
ok Danke hier noch mal ein log: Logfile of HijackThis v1.99.1 Scan saved at 02:15:50, on 28.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\System32\alg.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE E:\zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/ R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - {4F708013-1888-739C-8AD7-8011B5617983} - defect08.dll (file missing) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [xxtoolbar] lpt.exe O4 - HKLM\..\Run: [Uint32] FLKPT.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ftbar] ActionScr.exe O4 - HKCU\..\Run: [br0ken] gabber.exe O4 - HKCU\..\Run: [slamm] gabber.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Spyware Doctor\sdhelp.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe was ist eigentlich "svchost.exe" das hab ich so oft? Mfg. Bob |
Hi, Lade dir den Uninstaller und führe ihn wie folgt(nr. 4) aus: Ausführen, in das sich öffnende Fenster den Pfad der Datei eingeben und auf gehts. Danach gegebenenfalls neustarten. Deinstalliere dann unter Systemsteuerung->Software: GetRight myBar Und fixe bitte folgende Einträge: Zitat:
Poste abschliessend noch einmal ein Hijackthislog. GetRight bringt Adware mit sich und ist daher nicht zu empfehlen, benutze einen der benannten Downloader, zB diese. :) Ich hoffe ich hab nix vergessen, ist schon nach meiner Zeit. :D Gute Nacht myrtille :) |
Zitat:
AntiVir Adware-Spyware/NewDotNet.E.9 adware gefunden ArcaVir Keine Viren gefunden Avast Win32:Adware-gen. gefunden AVG Antivirus Generic.KWL gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Adware.NewDotNet gefunden F-Prot Antivirus Keine Viren gefunden Fortinet NDotNet gefunden Kaspersky Anti-Virus not-a-virus:AdWare.Win32.NewDotNet.e gefunden NOD32 Keine Viren gefunden Norman Virus Control W32/NewDotNet.AX gefunden UNA Adware.NewDotNet gefunden VirusBuster Keine Viren gefunden VBA32 AdWare.Win32.NewDotNet.e gefunden LG Haengdichweg |
Ups, heißt etwa, man kann diesem Programm nicht vertrauen oder nur von einer bestimmten hp aus nicht?:dummguck: mfg Cleriker |
Hallo, Zitat:
@Haengdichweg: Das werden false positives sein, da es sich hier ja auch um ein Produkt der new.net handelt. Gruß Schrulli |
Hallo, So ich hab alles gemacht wie beschrieben, kann aber quickbar.dll nicht löschen. Der Rest ist aber deinstalliert bzw. gelöscht. Logfile of HijackThis v1.99.1 Scan saved at 17:37:45, on 28.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\System32\alg.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe E:\zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Spyware Doctor\sdhelp.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe gruß Bob |
Leute ich möchte mich herzlich für eure HIlfe bedanken, ich glaub irgendwas von alledem (oder alles zusammen) hat funktioniert. Ich bin nämlich jetzt den ganzen Tag noch nicht einmal "umgelinkt" worden. Also vielen Dank (bes. myrtille) ich werd´euch weiterempfehlen. mit Gruß und Dank Bob |
Hi, Versuche mal den quickbar-Ordner mit der Killbox zu löschen, wieder mit "delete on reboot". Dann kannst du dir noch den regseeker laden und den durchlaufen lassen, alles entfernen was er empfiehlt. Danach bitte das HijackthisLog posten. Danach haben wirs dann hoffentlich geschafft. ;) Lg myrtille |
Hi also den dummen Quickbar Ordner bekomme ich leider nicht weg. Mal ne Frage zu RegSeeker: sind all die roten einträge nach dem Scannen, die welche gelöscht werden sollen? Mfg Bob |
Hallo, wähle in Killbox den Ordner c:\programme\quickbar aus, dass mit delete on reboot. Danach den Rechner neu starten. Nun lösche den Ordner c:\!Killbox. Wenn das nichts gebracht hat, starte den Rechner im abgesicherten Modus (Starten, dabei F8 drücken, es erscheint aus Auswahlmenü), dann dort Killbox ausführen. In Regseeker bedeuten die grünen Einträge, dass sie ohne jeglichen Systembezug stehen, also gelöscht werden können. Die Roten Einträge solltest Du noch mal überprüfen, diese haben irgendwo noch Bezugspunkte im System. Gruß Schrulli |
Hallo, also der quickbar ordner ist dahin, hat mit killbox fkt., mein fehler, hatte nicht die quickbar.dll mit singlefile zu löschen versucht. Die grünen registry einträge sind auch gelöscht hier nochmal das Hijack-log: Logfile of HijackThis v1.99.1 Scan saved at 15:27:16, on 29.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\System32\alg.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Internet Explorer\IEXPLORE.EXE E:\zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file) O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {09E5F659-139F-4022-9097-02E25F93F02A} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Spyware Doctor\sdhelp.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
Hi, also von meiner Seite her sieht das alles schon sehr gut aus! :) Den hier kannst du noch fixen: Zitat:
lg myrtille |
Hallo, Alles klar die hab ich auch noch gelöscht. Ich werde jetzt tatsächlich nicht mehr umgelinkt, war ne echter glücktslink in dieses Forum. Ich möchte mich nochmal herzlich bei allen bedanken. Endlich mal was im Internet, das tatsächlich fkt.:daumenhoc Also dann besten Dank für Zeit und Aufwand, hoffe ich muss euch alle so bald nicht mehr belästigen :) Mit freundlichem Gruß Bob |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 12:05 Uhr. |
Copyright ©2000-2024, Trojaner-Board