|  | 
| 
 rundl problem ECHT WICHTIG(p2esocks_1031) Ich hab echt ein Problem ich kenn mihc mit dem Pc nicht so gut aus, also falls i9hr mir eine antwort gebt, bitte auch in meiner sprache ;-) also mein problem ist das ich einen "RUNDLL.exe" (C://WINDOWS/RUNDLL) fehler hab mit diesem p2esocks_1031.dll.......ich weiß nicht genau obs stimmt...... also bitte helft mir, bin schon ur verzweifelt........ :o lg Bianca666666 | 
| 
 @Bianca666666 poste ein HJT logfile direktdownload anleitung lade escan download anleitung überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht. Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre) chaosman | 
| 
 ich verstehs zwar nicht ganz aba ich werds mal versuchen ;-) trotzdem vielen dank thx | 
| 
 hi ich hoff das ich jetzt das richtige poste, es is ur viel ich hoffe nicht zu viel: Sun Feb 27 10:31:35 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\CMESYS.EXE infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. Sun Feb 27 10:31:40 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\GMT.EXE infected by Sun Feb 27 10:31:46 2005 => File C:\WINDOWS\ELITES~1\ELITES~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.v" Virus. Action Taken: No Action Taken. Sun Feb 27 10:31:46 2005 => File C:\WINDOWS\ELITET~1\ELITET~1.DLL infected by "not-a-virus:AdWare.ToolBar.EliteBar.y" Virus. Action Taken: No Action Taken Sun Feb 27 10:31:55 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\CMESYS.EXE infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:49 2005 => File C:\WINDOWS\zeta.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:53 2005 => File C:\WINDOWS\NDNuninstall4_88.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:53 2005 => File C:\WINDOWS\NDNuninstall4_94.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:53 2005 => File C:\WINDOWS\NDNuninstall5_20.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:54 2005 => File C:\WINDOWS\NDNuninstall5_40.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:54 2005 => File C:\WINDOWS\NDNuninstall5_48.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:56 2005 => File C:\WINDOWS\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:56 2005 => File C:\WINDOWS\NDNuninstall6_10.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:56 2005 => File C:\WINDOWS\NDNuninstall6_22.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 10:32:57 2005 => File C:\WINDOWS\silent.exe infected by "not-a-virus:AdWare.WinFetcher" Virus. Action Taken: No Action Taken. Sun Feb 27 10:36:33 2005 => File C:\WINDOWS\SYSTEM\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:00 2005 => C:\WINDOWS\SYSTEM\netpe32.dll possibly infected and removed by background antivirus package! Sun Feb 27 10:39:00 2005 => File C:\WINDOWS\SYSTEM\netpe32.dll infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:24 2005 => File C:\WINDOWS\SYSTEM\exdl.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:24 2005 => File C:\WINDOWS\SYSTEM\exdl0.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:25 2005 => File C:\WINDOWS\SYSTEM\mqexdlm.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:25 2005 => File C:\WINDOWS\SYSTEM\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:25 2005 => File C:\WINDOWS\SYSTEM\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:26 2005 => File C:\WINDOWS\SYSTEM\msbe.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:26 2005 => File C:\WINDOWS\SYSTEM\exdl1.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:27 2005 => File C:\WINDOWS\SYSTEM\angelex.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:27 2005 => File C:\WINDOWS\SYSTEM\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:28 2005 => File C:\WINDOWS\SYSTEM\doolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.y" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:29 2005 => File C:\WINDOWS\SYSTEM\money.exe infected by "not-a-virus:PornWare.Dialer.Salc" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:30 2005 => File C:\WINDOWS\TEMP\__unin__.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. Sun Feb 27 10:39:30 2005 => File C:\WINDOWS\TEMP\PerfectNavUninstall.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. Sun Feb 27 10:40:16 2005 => File C:\WINDOWS\TEMP\webrebates.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken. Sun Feb 27 10:41:50 2005 => C:\WINDOWS\TEMP\jkill.exe possibly infected and removed by background antivirus package! Sun Feb 27 10:41:50 2005 => File C:\WINDOWS\TEMP\jkill.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken. Sun Feb 27 10:41:50 2005 => File C:\WINDOWS\TEMP\djtopr1150.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken. Sun Feb 27 10:41:53 2005 => File C:\WINDOWS\TEMP\istsvc_updater.exe infected by "Trojan-Downloader.Win32.IstBar.ga" Virus. Action Taken: No Action Taken. Sun Feb 27 10:49:08 2005 => File C:\_RESTORE\ARCHIVE\FS119.CAB infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:49:18 2005 => File C:\_RESTORE\ARCHIVE\FS123.CAB infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:23 2005 => File C:\WINDOWS\SYSTEM\EGCOMLIB_1035.dll infected by "not-a-virus:PornWare.Dialer.InstantAccess" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:48 2005 => File C:\WINDOWS\SYSTEM\exdl.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:48 2005 => File C:\WINDOWS\SYSTEM\exdl0.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:48 2005 => File C:\WINDOWS\SYSTEM\mqexdlm.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:48 2005 => File C:\WINDOWS\SYSTEM\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:48 2005 => File C:\WINDOWS\SYSTEM\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:49 2005 => File C:\WINDOWS\SYSTEM\msbe.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:49 2005 => File C:\WINDOWS\SYSTEM\exdl1.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:49 2005 => File C:\WINDOWS\SYSTEM\angelex.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:50 2005 => File C:\WINDOWS\SYSTEM\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:50 2005 => File C:\WINDOWS\SYSTEM\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:51 2005 => File C:\WINDOWS\SYSTEM\doolsav.dat infected by "not-a-virus:AdWare.ToolBar.EliteBar.y" Virus. Action Taken: No Action Taken. Sun Feb 27 10:59:52 2005 => File C:\WINDOWS\SYSTEM\money.exe infected by "not-a-virus:PornWare.Dialer.Salc" Virus. Action Taken: No Action Taken. Sun Feb 27 11:05:32 2005 => File C:\WINDOWS\TEMP\__unin__.exe infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken. Sun Feb 27 11:05:33 2005 => File C:\WINDOWS\TEMP\PerfectNavUninstall.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. Sun Feb 27 11:06:19 2005 => File C:\WINDOWS\TEMP\webrebates.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken. Sun Feb 27 11:06:19 2005 => File C:\WINDOWS\TEMP\djtopr1150.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken. Sun Feb 27 11:06:22 2005 => File C:\WINDOWS\TEMP\istsvc_updater.exe infected by "Trojan-Downloader.Win32.IstBar.ga" Virus. Action Taken: No Action Taken. Sun Feb 27 11:17:58 2005 => File C:\WINDOWS\Downloaded Program Files\WUInst.dll infected by "not-a-virus:AdWare.SaveNow.ab" Virus. Action Taken: No Action Taken. Sun Feb 27 11:18:01 2005 => File C:\WINDOWS\Downloaded Program Files\v3.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.s" Virus. Action Taken: No Action Taken. Sun Feb 27 11:18:02 2005 => File C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken. Sun Feb 27 11:18:03 2005 => File C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken. Sun Feb 27 11:29:55 2005 => File C:\WINDOWS\zeta.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:16 2005 => File C:\WINDOWS\NDNuninstall4_88.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:17 2005 => File C:\WINDOWS\NDNuninstall4_94.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:17 2005 => File C:\WINDOWS\NDNuninstall5_20.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:17 2005 => File C:\WINDOWS\NDNuninstall5_40.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:17 2005 => File C:\WINDOWS\NDNuninstall5_48.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:37 2005 => File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:38 2005 => File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:39 2005 => File C:\WINDOWS\NDNuninstall5_64.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:39 2005 => File C:\WINDOWS\NDNuninstall6_10.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:40 2005 => File C:\WINDOWS\NDNuninstall6_22.exe infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken. Sun Feb 27 11:39:40 2005 => File C:\WINDOWS\silent.exe infected by "not-a-virus:AdWare.WinFetcher" Virus. Action Taken: No Action Taken. Sun Feb 27 11:42:32 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:42:32 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken. Sun Feb 27 11:42:32 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:42:32 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:42:33 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:42:33 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:42:35 2005 => File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:42:36 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:26 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:26 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:26 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:27 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:27 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:27 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:27 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:27 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:28 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:27 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:46:28 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken. Sun Feb 27 11:52:01 2005 => File C:\Programme\hbinst\Hbinst.exe infected by "not-a-virus:AdWare.ToolBar.Hotbar.c" Virus. Action Taken: No Action Taken. Sun Feb 27 11:52:04 2005 => File C:\Programme\Lycos\IEagent\CSIEINST.DLL infected by "not-a-virus:AdWare.ClearSearch.c" Virus. Action Taken: No Action Taken. Sun Feb 27 11:52:04 2005 => File C:\Programme\Lycos\IEagent\CSSSINST.DLL infected by "not-a-virus:AdWare.ClearSearch.c" Virus. Action Taken: No Action Taken. Sun Feb 27 11:52:04 2005 => File C:\Programme\Lycos\IEagent\CSBIINST.DLL infected by "not-a-virus:AdWare.ClearSearch.c" Virus. Action Taken: No Action Taken. Sun Feb 27 11:52:04 2005 => File C:\Programme\Lycos\IEagent\CSIE.DLL infected by "not-a-virus:AdWare.ClearSearch.c" Virus. Action Taken: No Action Taken. Sun Feb 27 11:58:44 2005 => File C:\Programme\Kazaa\PerfectNavUninstall.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: No Action Taken. Sun Feb 27 11:59:55 2005 => File C:\Programme\MyWay\myBar\1.bin\MY2NS.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken. Sun Feb 27 11:59:56 2005 => File C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken. Sun Feb 27 11:59:59 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Sun Feb 27 11:59:59 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\45876477.0D0 Sun Feb 27 11:59:59 2005 => File C:\Programme\AVPersonal\INFECTED\45876477.0D0 infected by "not-a-virus:PornWare.Dialer.Generic" Virus. Action Taken: No Action Taken. Sun Feb 27 11:59:59 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\#INDEX# Sun Feb 27 12:01:26 2005 => File C:\Programme\DashBar\DBUninstaller.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken. Sun Feb 27 12:01:26 2005 => File C:\Programme\DashBar\DbAu.exe infected by "not-a-virus:AdWare.ToolBar.DashBar.d" Virus. Action Taken: No Action Taken. Sun Feb 27 12:01:27 2005 => File C:\Programme\DashBar\DashBar17.dll infected by "not-a-virus:AdWare.ToolBar.DashBar.b" Virus. Action Taken: No Action Taken. Sun Feb 27 12:21:44 2005 => File C:\sidebDD.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.v" Virus. Action Taken: No Action Taken. Sun Feb 27 12:21:45 2005 => File C:\upgradetb093.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken. viel spaß lol ;) | 
| 
 @Bianca666666 speichere alle dialer dateien auf diskette zwecks beweismittelsicherung, falls du eine hohe telefonrechnung bekommst. lade spybot download und update es. lade LSp-Fix deinstalliere über systemsteuerung, software, Newdot.Net oder Newnet oder ähnliches. wechsle dann in den abgesicherten modus, lasse spybot laufen, lösche was es vorschlägt. lösche danach alle gefundene dateien manuell. neu booten, HJT logfile posten chaosman | 
| 
 Danke, für die hilfe....hab spybot durchlaufen lassen und es hat viele fehler gefunden und auch repariert... das klingt jetzt vl. dumm, aber was meinst du mit: neu booten, HJT logfile posten??? nochmal danke bianca | 
| 
 | 
| 
 oh, danke :-) also das müsste dieses hjt logfile sein Logfile of HijackThis v1.99.1 Scan saved at 18:53:28, on 28.02.2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\SYSTEM\ATIPTAXX.EXE C:\PROGRAMME\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAMME\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.deu.chello.at/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.chello.at/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.at:8080 R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file) R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing) O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon O4 - HKCU\..\Run: [IncrediMail] C:\PROGRAMME\INCREDIMAIL\BIN\IncMail.exe /c O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1031.dll,InstantAccess O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot O4 - Startup: Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O15 - Trusted Zone: *.iframe.biz O15 - Trusted Zone: *.newiframe.biz O15 - Trusted Zone: *.pizdato.biz O15 - Trusted Zone: *.vse-moe.biz O15 - Trusted Zone: *.sp2fucked.biz O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.megapornix.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.finefind.net O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net...b/emCraft1.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_AT.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.powerurl.de/StarInstall.ocx O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28b34a0b...p/RdxIE601.cab O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vacat...ationTeleX.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylomgames.com/activex...amesplayer.cab O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binarie...etslv32_EN.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab | 
| 
 Hallo??? Hilft mir denn keiner mehr.... also wie gesagt hat das programm schon ssehr viele fehler auf meinem pc gefunden und gelöst und zeigt auch an, dass der pc keine fehler mehr hat... aber....der "RUNDLL-fehler" ist noch immer da und es ist sogar ein zweiter dazugekommen. nun meine frage: was kann ich dagegen tun und vorallem warum findet das programm diesen fehler nicht?? einer der fehler lautet: fehler beim Laden von C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL also bitte bitte helft mir.... schon mal ein großes DANKESCHÖN :bussi: bianca | 
| 
 Also du hast ja ganz schön viel Spyware Also das hier solltest du unbedingt fixen mit Hijackthis: R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file) R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing) O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.megapornix.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.finefind.net O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/emCraft1.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_AT.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.powerurl.de/StarInstall.ocx O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binari...netslv32_EN.cab | 
| 
 danke, dass du mir helfen willst...:-) es gibt nur ein problem...ich bin ein totaler pc-trottel und versteh leider nicht,was ich jetzt genau tun soll.... ich weiß, ich kenn mich echt null aus...*snief* was meinst du mit "fixen"??? *verwirrtbin* schon mal vielen, vielen dank bianca | 
| 
 Entpacke HijackThis in einen eigenen Ordner 1.) Spybot Search&Destroy und Ad-Aware runterladen und updaten. 2.) führe das aus, was hier beschrieben ist. 3.) Deinstalliere alle dir unbekannte/unseriöse Software! 4.) boote in den abgesicherten Modus. fixe mit Hijackthis (mit HjT scannen, Haken setzen und "fix checked" anklicken) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.chello.at:8080 (außer von dir gewollt) R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file) R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing) O2 - BHO: BHO Class - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\ELITES~1\ELITES~1.DLL O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngi neMain O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1031.dll,InstantAccess (Dürfte dein am Anfang erwähntes Problem verursachen) O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.ne...ab/emCraft1.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_AT.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.powerurl.de/StarInstall.ocx O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28b34a0...ip/RdxIE601.cab O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.com/teleport/vaca...cationTeleX.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Acti...iveLauncher.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylomgames.com/active...gamesplayer.cab O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball...tgameloader.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.serviceurl.de/InstallationsAssistent.ocx O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binari...netslv32_EN.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/m...pdownloader.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab Falls einzelne ActiveX-Objekte bekannt/erwünscht sein sollten, diese nicht fixen. 5.) lösche manuell: C:\WINDOWS\EliteToolBar C:\PROGRA~1\WILDTA~1\ Lies auch mal das und setze es gegebenenfalls um. 6.) Lösche die Dateien, die von eScan gefunden wurden (beachte bitte auch chaosman's Post!). Scanne mit Ad-Aware und Spybot S&D. Mach einen erneuten Scan mit eScan um zu sehen, ob du alles erwischt hast. 7.) Neustart 8.) Alternativen Browser wählen! 9.) Neues HijackThis-Logfile posten. Problem gelöst? btw:: Falls du Probleme hast, die Dateien zu finden, nimm bitte folgende Einstellungen vor: Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren PS: Ich hafte für nichts.... @Paul7338 Könntest du bitte damit aufhören, einfach die Ergebnisse der automatischen Auswertung zu posten. Das fixen reicht nicht... | 
| 
 hi ich weißn ich brauch ziemlich viel hilfe aber die sicherheitseinstelungen lassen bei mir den download nicht zu, wo kann ich das umstellen? hoff ihr könnts ma helfen und habts geduld mit mir lol | 
| 
 hi ich hab versucht das DelDomains.inf  zu installieren aber es geht nicht was soll ich jetzt tun? ich bitte um hilfe........... :heulen: | 
| 
 HALLO??? ist da jemand??? ich krieg meine fehler einfach ned weg!!! | 
| Alle Zeitangaben in WEZ +1. Es ist jetzt 05:35 Uhr. | 
	Copyright ©2000-2025, Trojaner-Board