|
dropper - loch im system???? Ich habe ein problem sowohl mit einem trojaner, als auch mit einem dropper. ich lösche beide täglich mindestens 10mal und nach wenigen minuten/stunden findet antivir diese wieder... was kann ich tun??? loch im XP??? ich benutze XP SP2... würde mich freuen, wenn mir einer von euch helfen könnte... vielen dank im vorraus..... york p.s. name des droppers: Droppers DR/Dldr.VB.EU |
@ york In welchem Ordner wird besagte Datei gefunden(Pfadangabe)? Erstelle zusätzlich einen Log mittels Hijackthis und poste diesen hier. Zitat:
|
hi cronos, vielen dank für deine antwort... meistens sitzen die trojaner/dropper im system32 ordner... hier noch die anderen viren die mich stündlich befallen... Trojanisches Pferd TR/Dldr.Small.abd Trojanisches Pferd TR/Dldr.Mavit.3 Trojanisches Pferd TR/Dldr.Agent.ih.4 mein log: Logfile of HijackThis v1.99.1 Scan saved at 20:11:05, on 02.06.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\Hcontrol.exe C:\WINDOWS\system32\WLANSTA.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system\grcprpv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\Kodak\KODAK Bildübertragungssoftware\pts.exe C:\WINDOWS\ATKOSD.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Programme\iPod\bin\iPodService.exe E:\downloads\hijackthis\HijackThis.exe O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hfadygd.dll (file missing) O2 - BHO: (no name) - {E022E241-CD5D-A89C-E000-1A87C01EC4F0} - C:\WINDOWS\system32\cdapp\qyobofgjhw.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ServiceLayer] C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: KODAK Bildübertragungssoftware.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - h**p://install.sms-bereich.de/InstallationsAssistent.ocx O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe würde mich sehr freuen, wenn du mir einem tipp geben kannst, wie ich mich verhalten soll.... danke im vorraus... y. |
Bei dir ist einiges unklar, Mr. Doppelthread ;) Lass mal Escan wie beschrieben durchlaufen und tile uns die Ergebnisse mit. |
sorry for that :-) wie kann ich meine frage weiter nach oben schieben, wie kann ich sie wieder löschen??? hier mein ergebnis: File System Found infected by "BookedSpace Spyware/Adware" Virus. Action Taken: No Action Taken. File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken. File System Found infected by "bookedspace Spyware/Adware" Virus. Action Taken: No Action Taken. oder braucht ihr das ganze log? wenn ja, muss ich irgendetwas vor dem posten beachten (änderung realname, h**p, etc...) vielen dank und nochmal sorry... y. |
Geh mal wie folgt vor: http://www.trojaner-board.de/showpos...40&postcount=4 Zitat:
|
hi cronos, ich habe den text von der seite kopiert und als find.bat gespeichert... was soll ich mit dieser datei nun machen... bei doppelt click passiert leider nichts... auf der seite von yopie steht: "verfahre weiter nach anleitung" - anleitung!?!?!? sorry - vielleicht habe ich etwas übersehen... y. |
Es sollte sich nach doppelklicken auf die find.bat ein Dos-Fensster aufmachen, was nach dem scannen wieder zugeht. Danach solltest du auf deiner Festplatte einen Ordner namens : eScan_neu.txt finden. Den Inhalt dessen sollst du uns mitteilen. |
diesen text (siehe unten) habe ich als .bat gespeichert - beim ausführen öffnet sich das DOS fenster nur ein millisekunde und schliesst sich sofort wieder (kaum sichtbar) - eine datei ist leider fehlanzeige.... y. if not exist c:\bases\mwav.log goto 1 echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ > C:\eScan_alt.txt echo Funde für "infected" >> C:\eScan_alt.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt findstr /i "infected" c:\bases\mwav.log >> C:\eScan_alt.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt echo Funde für "tagged" >> C:\eScan_alt.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt findstr /i "tagged" c:\bases\mwav.log >> C:\eScan_alt.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt echo Statisktiken: >> C:\eScan_alt.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt findstr /i "Found:" c:\bases\mwav.log >> C:\eScan_alt.txt findstr /i "Errors:" c:\bases\mwav.log >> C:\eScan_alt.txt findstr /i "Elapsed:" c:\bases\mwav.log >> C:\eScan_alt.txt findstr /i "Scanned:" c:\bases\mwav.log >> C:\eScan_alt.txt findstr /i "Date:" c:\bases\mwav.log >> C:\eScan_alt.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_alt.txt echo ~~~~~~~ © Haui ;-) ~~~~~~~ >>C:\eScan_alt.txt echo ~~~~~~~ Dank an Cidre ~~~~~~~ >>C:\eScan_alt.txt :1 if not eXist c:\bases_x\mwav.log goto 2 echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ > C:\eScan_neu.txt echo Funde für "infected" >> C:\eScan_neu.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt findstr /i "infected" c:\bases_x\mwav.log >> C:\eScan_neu.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt echo Funde für "tagged" >> C:\eScan_neu.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt findstr /i "tagged" c:\bases_x\mwav.log >> C:\eScan_neu.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt echo Statistiken: >>c:\eScan_neu.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt findstr /i "Found:" c:\bases_X\mwav.log >> C:\eScan_neu.txt findstr /i "Errors:" c:\bases_x\mwav.log >> C:\eScan_neu.txt findstr /i "Elapsed:" c:\bases_x\mwav.log >> C:\eScan_neu.txt findstr /i "Scanned:" c:\bases_x\mwav.log >> C:\eScan_neu.txt findstr /i "Date:" c:\bases_x\mwav.log >> C:\eScan_neu.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ >> C:\eScan_neu.txt echo ~~~~~~~ © Haui ;-) ~~~~~~~ >>C:\eScan_neu.txt echo ~~~~~~~ Dank an Cidre ~~~~~~~ >>C:\eScan_neu.txt :2 exit |
Du sollst das Ergebnis der neu erstellten: C:\eScan_neu.txt posten und nicht den Inhalt der .bat Datei! |
würde ich ja gerne - leider kommt beim ausführen der bat datei keine escan_neu.txt zu stande... eventuell ist der inhalt der bat datei falsch, daher hatte ich dir den text noch mal gepostet, um fehler zu umgehen.... sorry, ich bekomme aber leider kein ergebnis, wie gesagt, dass fenster öffnet sich nur eine millisekunde ohne ergebnis... y. |
Dann nutz doch mal deine Windows-Suchfunktion! Such nach: eScan_neu.txt |
schon gemacht - leider auch ohne erfolg - das programm (.bat) wird nicht ausgeführt... ich weiss leider nicht aus welchem grund....kann dir auf einem anderen weg die benötigten daten zukommen lassen???? vielen, vielen dank für deine zeit.... y. |
Hi cronos, wie gestern nacht schon gesagt - leider läuft die .bat datei bei mir aus irgendeinem grund nicht... kann ich dir die benötigten daten auch anders zukommen lassen.... vielen dank, y. |
Zitat:
Was auch noch interessant ist: In der mwav.log Datei befindet sich ganz unten ähnlicher Text: Total Objects Scanned: Total Virus(es) Found: Total Disinfected Files: Total Files Renamed: Total Deleted Objects: Total Errors: Time Elapsed: Das bitte auch rauskopieren und mitteilen. |
Hi cronos, hier die daten von der mwav.log datei - teil 1 von 3 (zu viele daten, muss sie leider aufteilen - sorry)... vielen dank für deine hilfe... grüsse y. TUESDAY 31.05.2005 C:\WINDOWS\system32\hfadygd.dll infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. c:\windows\system32\evzqjew.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\hfadygd.dll infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\qslos.dll infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken. c:\windows\system32\evzqjew.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken. C:\WINDOWS\SYSTEM32\HDIDYEJ.SYS infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\hdimyas.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken. Tue May 31 22:34:18 2005 => File System Found infected by "BookedSpace Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => System found infected with AdRotator Spyware/Adware ({1cfb8b32-4053-4144-af6f-1540eec7f101})! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => Offending value found in HKLM\Software\myway !!! Tue May 31 22:34:19 2005 => System found infected with myway Spyware/Adware! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:19 2005 => Offending value found in HKLM\Software\bookedspace !!! Tue May 31 22:34:19 2005 => System found infected with bookedspace Spyware/Adware! Action taken: No Action Taken. Tue May 31 22:34:19 2005 => File System Found infected by "bookedspace Spyware/Adware" Virus. Action Taken: No Action Taken. Tue May 31 22:34:41 2005 => System found infected with AdRotator Spyware/Adware (hiwinnager.dat)! Action taken: No Action Taken. Tue May 31 22:34:41 2005 => File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\adstartup.exe infected by "not-a-virus:AdWare.Adstart.h" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\hoapefe.vxd infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\hpikeci.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\htijebl.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\install_ID6.exe infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\modgxyz.exe infected by "not-a-virus:AdWare.Adstart.d" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\qslosc.exe infected by "not-a-virus:AdWare.Adstart.h" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\qslosd.exe infected by "not-a-virus:AdWare.Adstart.b" Virus. Action Taken: No Action Taken. Tue May 31 22:36:32 2005 => Scanning File C:\WINDOWS\system32\qslose.xml Tue May 31 22:36:32 2005 => Scanning File C:\WINDOWS\system32\qslosf.exe Tue May 31 22:36:32 2005 => File C:\WINDOWS\system32\qslosf.exe infected by "not-a-virus:AdWare.Adstart.d" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\SWin32.dll infected by "not-a-virus:AdWare.Adstart.i" Virus. Action Taken: No Action Taken. C:\WINDOWS\system32\unpack.exe infected by "Trojan.Win32.Painwin.a" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\York\LOKALE~1\Temp\bs52.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmp [**] Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\*.* Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\bbrs2.exe Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs53.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmp [**] Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\*.* Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\bbrs2.exe Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs5319.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmp [**] Tue May 31 22:37:41 2005 => Scanning Folder: C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\*.* Tue May 31 22:37:41 2005 => Scanning File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\bbrs2.exe Tue May 31 22:37:41 2005 => File C:\DOKUME~1\York\LOKALE~1\Temp\bs54F.tmpbsx32\bbrs2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken. File C:\DOKUME~1\York\LOKALE~1\Temp\i8.tmp infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken. Tue May 31 22:39:25 2005 => ***** Scanning complete. ***** Tue May 31 22:39:25 2005 => Total Objects Scanned: 5331 Tue May 31 22:39:25 2005 => Total Virus(es) Found: 31 Tue May 31 22:39:25 2005 => Total Disinfected Files: 0 Tue May 31 22:39:25 2005 => Total Files Renamed: 0 Tue May 31 22:39:25 2005 => Total Deleted Objects: 0 Tue May 31 22:39:25 2005 => Total Errors: 8 Tue May 31 22:39:25 2005 => Time Elapsed: 00:05:54 Tue May 31 22:39:25 2005 => Virus Database Date: 2005/04/25 Tue May 31 22:39:25 2005 => Virus Database Count: 127328 |
Teil 2 von 3... THURSDAY 02.06.2005 System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "BookedSpace Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:39:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:39:47 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:39:47 2005 => Offending value found in HKLM\Software\myway !!! Thu Jun 02 23:39:47 2005 => System found infected with myway Spyware/Adware! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:39:47 2005 => Offending value found in HKLM\Software\bookedspace !!! Thu Jun 02 23:39:47 2005 => System found infected with bookedspace Spyware/Adware! Action taken: No Action Taken. Thu Jun 02 23:39:47 2005 => File System Found infected by "bookedspace Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Jun 02 23:40:06 2005 => ***** Scanning complete. ***** Thu Jun 02 23:40:06 2005 => Total Objects Scanned: 862 Thu Jun 02 23:40:06 2005 => Total Virus(es) Found: 5 Thu Jun 02 23:40:06 2005 => Total Disinfected Files: 0 Thu Jun 02 23:40:06 2005 => Total Files Renamed: 0 Thu Jun 02 23:40:06 2005 => Total Deleted Objects: 0 Thu Jun 02 23:40:06 2005 => Total Errors: 0 Thu Jun 02 23:40:06 2005 => Time Elapsed: 00:01:09 Thu Jun 02 23:40:06 2005 => Virus Database Date: 2005/04/25 Thu Jun 02 23:40:06 2005 => Virus Database Count: 127328 Thu Jun 02 23:40:06 2005 => Scan Completed. SATURDAY 04.06.2005 Sat Jun 04 19:34:54 2005 => ***** Scanning Registry and File system for Adware/Spyware ***** Sat Jun 04 19:34:54 2005 => System found infected with BookedSpace Spyware/Adware ({a85c4a1b-bd36-44e5-a70f-8ec347d9b24f})! Action taken: No Action Taken. Sat Jun 04 19:34:54 2005 => Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:54 2005 => System found infected with Bargain Buddy Spyware/Adware ({ce188402-6ee7-4022-8868-ab25173a3e14})! Action taken: No Action Taken. Sat Jun 04 19:34:54 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:54 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken. Sat Jun 04 19:34:54 2005 => Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:58 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!! Sat Jun 04 19:34:58 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:58 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\TopText iLookup !!! Sat Jun 04 19:34:58 2005 => Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:34:59 2005 => Offending value found in HKLM\Software\myway !!! Sat Jun 04 19:34:59 2005 => Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:01 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\addestroyer !!! Sat Jun 04 19:35:01 2005 => Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:01 2005 => Offending value found in HKLM\Software\bookedspace !!! Sat Jun 04 19:35:01 2005 => Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:02 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\MediaLoads Enhanced !!! Sat Jun 04 19:35:02 2005 => Object "MediaLoads Enhanced Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:17 2005 => System found infected with farmmext Spyware/Adware (farmmext.ini)! Action taken: No Action Taken. Sat Jun 04 19:35:17 2005 => Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:17 2005 => System found infected with farmmext Spyware/Adware (farmmext.inf)! Action taken: No Action Taken. Sat Jun 04 19:35:17 2005 => Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken. Sat Jun 04 19:35:29 2005 => ***** Scanning complete. ***** Sat Jun 04 19:35:29 2005 => Total Objects Scanned: 11931 Sat Jun 04 19:35:29 2005 => Total Virus(es) Found: 13 Sat Jun 04 19:35:29 2005 => Total Disinfected Files: 0 Sat Jun 04 19:35:29 2005 => Total Files Renamed: 0 Sat Jun 04 19:35:29 2005 => Total Deleted Objects: 0 Sat Jun 04 19:35:29 2005 => Total Errors: 70 Sat Jun 04 19:35:29 2005 => Time Elapsed: 00:01:31 Sat Jun 04 19:35:29 2005 => Virus Database Date: 2005/05/29 Sat Jun 04 19:35:29 2005 => Virus Database Count: 132253 Sat Jun 04 19:35:29 2005 => Scan Completed. |
teil 3 von 3.... vielen dank... y. Virus Log Information vom 04.06.2005 File C:\WINDOWS\cfgmgr51.dll tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken. File C:\WINDOWS\System32\psoft1.exe tagged as "not-a-virus:AdWare.Pacer.f". Action Taken: No Action Taken. Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Bargain Buddy Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "BookedSpace Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "MediaLoads Enhanced Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\York\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebUncoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AppleRGB.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\ColorMatchRGB.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\EuroscaleCoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\EuroscaleUncoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\JapanStandard.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\sRGB Color Space Profile.icm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfedCoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USSheetfedUncoated.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\USWebCoatedSWOP.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Recommended\AdobeRGB1998.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\WideGamutRGB.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\NTSC1953.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\PAL_SECAM.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\SMPTE-C.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\CIERGB.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop5DefaultCMYK.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Adobe\Acrobat 5.0\TempICCProfiles\Profiles\Non-Recommended\Photoshop4DefaultCMYK.icc". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{22B9A67D-E689-44B6-B775-0E8FE84B4F9B}" refers to invalid object "C:\WINDOWS\system32\hfadygd.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}" refers to invalid object "C:\WINDOWS\system32\PopOops2.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{43918f8f-f3be-4760-b4bb-6c89d9d91487}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{44b09a5f-5dee-4539-8001-d4b2d45c2876}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{63CCB35F-4B6C-11D2-BA18-00A024BF101B}" refers to invalid object "C:\Programme\Canon\PhotoRecord\OpPrintCom\OpPrintCom.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{6b177e4f-2743-4a6d-8f31-d2efa4636bee}" refers to invalid object "C:\WINDOWS\system32\qqark.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{73381E35-92F2-B604-12D0-26B9BA6ACAEE}" refers to invalid object "C:\WINDOWS\System32\vrggv\atgvdxr.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{96632d1e-f3eb-4f54-ba79-9969692db659}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbuiwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}" refers to invalid object "C:\WINDOWS\bs3.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}" refers to invalid object "C:\WINDOWS\System32\nvms.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B5DEAC82-1997-4EE0-8C8A-1C2DCCE145B0}" refers to invalid object "C:\WINDOWS\system32\qslos.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B6E2506C-3B9C-5B43-3671-A098AB5402C4}" refers to invalid object "C:\WINDOWS\System32\yndal\fvyqadsv.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}" refers to invalid object "C:\WINDOWS\System32\mscb.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D0E02707-7B4A-3104-AFED-807117DD1052}" refers to invalid object "C:\WINDOWS\System32\oaxdeg\wqnko.exe". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D2C9BFF8-DD93-483C-AFCB-3F910EB3AF9D}" refers to invalid object "C:\WINDOWS\system32\Kceji.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{d4387178-98ca-4929-b8e3-a11cd2f333a6}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}" refers to invalid object "C:\WINDOWS\system32\SWLAD1.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}" refers to invalid object "C:\WINDOWS\DOWNLO~1\INSTAL~1.OCX". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}" refers to invalid object "C:\WINDOWS\System32\msbe.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{fba38bcf-e23d-4979-811e-1326bbadb8c8}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\MakeCab.DirectSoundFXGarglePage.3" refers to invalid object "{527CCD03-918D-43D1-0A47-7570B345E1E8}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. |
hallo alle zusammen, da cronos derzeit nicht mehr online ist - vielleicht kann ein anderer mir bitte helfen.... ich habe probleme mit verschiedenen trojaner und droppern... (siehe erster eintrag) -> hier mein hijackthis logfile... mein log file von escan findet weiter unten(eintrag 16-18)... würde mich freuen, wenn mir einer weiterhelfen könnte... vielen dank an euch alle im vorraus... york Logfile of HijackThis v1.99.1 Scan saved at 20:11:05, on 02.06.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\Hcontrol.exe C:\WINDOWS\system32\WLANSTA.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system\grcprpv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.ex e C:\Programme\Kodak\KODAK Bildübertragungssoftware\pts.exe C:\WINDOWS\ATKOSD.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Programme\iPod\bin\iPodService.exe E:\downloads\hijackthis\HijackThis.exe O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll O2 - BHO: adlog Class - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - C:\WINDOWS\system32\hfadygd.dll (file missing) O2 - BHO: (no name) - {E022E241-CD5D-A89C-E000-1A87C01EC4F0} - C:\WINDOWS\system32\cdapp\qyobofgjhw.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ServiceLayer] C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.ex e O4 - Global Startup: KODAK Bildübertragungssoftware.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - h**p://install.sms-bereich.de/InstallationsAssistent.ocx O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 08:23 Uhr. |
Copyright ©2000-2024, Trojaner-Board