Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Probleme mit google (https://www.trojaner-board.de/26621-probleme-google.html)

rosenmilan 07.02.2006 23:56
Probleme mit google
 
Mein Problem mit google ist, dass egal was ich eingebe, ich immer als ersten treffer seitenfüllend die Sex Kontakt Anzeigenseite AdultFriendfinder bekomme. Die Treffer auf den folgenden Seiten sind dann irgendwie nur zweite Wahl. Gut ich arbeite jetzt zwar alternativ mit YAHOO aber es wäre doch nützlich wenn google auch gehen würde. Die Bilder abteilung funktioniert echt gut. Inzwischen benutze ich auch nicht mehr IE weil der auch spinnt, sonder Firefox. aber auch da klappt es nicht mit google. Kleine Bitte noch. Die Hilfe Tipps für doofe. Ich verstehe das meiste was ich hier so gelesen habe nämlich nicht.:)

dartus 08.02.2006 01:10
Hallo rosenmilan,

poste bitte ein Hijackthis-Logfile.
Editiere bitte sämtliche Links und ev. Persönliche Daten.

dartus

rosenmilan 08.02.2006 11:30
Hallo Dartus,

ich habe das mit dem HIjack gemacht. Ich habe dann versucht etwas rauszulöschen. Zum Vergleich schicke ich Dir 2 logs.

Das ist der erste log. Da habe ich bei R1 alle einträge mit 69.50.191.52/5595/ gelöscht. Anfangs hat es dann mit dem IE besser geklappt, aber nach dem neustart hat sich diese Seite wieder als Startseite geladen. Dafür kommt jetzt als erste Treffer in Google andere Werbung, das macht es aber auch nicht besser.

Der Zweite log steht dann unten drunter.

Logfile of HijackThis v1.99.1
Scan saved at 09:55:01, on 08.02.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FSM32.EXE
C:\windows\svchost.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\PROGRA~1\T-TELE~1\backweb\2581593\Program\SERVIC~1.EXE
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\T-TeleSec Personal Security Service\backweb\2581593\Program\fspex.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsgk32st.exe
C:\Programme\T-TeleSec Personal Security Service\backweb\2581593\program\fsbwsys.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\FSGK32.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FSMA32.EXE
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FSMB32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\System32\nvsvc32.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fssm32.exe
C:\windows\System32\svchost.exe
C:\Programme\T-TeleSec Personal Security Service\Common\FCH32.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FAMEH32.EXE
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsav32.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\Programme\T-TeleSec Personal Security Service\FWES\Program\fsdfwd.exe
C:\Programme\T-TeleSec Personal Security Service\FSGUI\fsguiexe.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\windows\System32\ctfmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Programme\Windows NT\Zubehör\WORDPAD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/5595/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/5595/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/5595/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/5595/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\ROSENT~1\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/5595/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/5595/search.php?qq=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.50.191.52/5595/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {498E6171-B246-2EC3-D705-60550DFA724C} - C:\WINDOWS\System32\gmnaj.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\windows\inet20081\3.00.06.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp4,0,2,2.dll
O2 - BHO: (no name) - {FE6ABBCB-A761-4699-97B4-F6FAD5B0B85D} - (no file)
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp4,0,2,2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\T-TeleSec Personal Security Service\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\T-TeleSec Personal Security Service\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\T-TeleSec Personal Security Service\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\T-TeleSec Personal Security Service\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [svchost] C:\windows\svchost.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Suchen mit Copernic Agent - F:\Franks Dateien\copernikus\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\FRANKS~1\COPERN~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\FRANKS~1\COPERN~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\FRANKS~1\COPERN~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O14 - IERESET.INF: START_PAGE_URL=http://de.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2860050D-7F0D-4ED7-8167-84EAAC683066}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{396E4CFD-EA11-4020-88FC-854CF9D66B4C}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{57D5E3D5-F97B-43EE-A7ED-A19D5B1E6E01}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BC66A2C-5FA7-4051-B390-064F8B1A07A2}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3E0FC6D-45F1-4C9D-BFD9-9322DFCD3F8B}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CS1\Services\Tcpip\..\{2860050D-7F0D-4ED7-8167-84EAAC683066}: NameServer = 85.255.114.22,85.255.112.104
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\windows\System32\btxppanel.dll
O18 - Filter: text/html - {56A6D345-329B-4A66-A29E-970DA554D95C} - (no file)
O18 - Filter: text/plain - {56A6D345-329B-4A66-A29E-970DA554D95C} - (no file)
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: T-TeleSec Personal Security Service (BackWeb Plug-in - 2581593) - Unknown owner - C:\PROGRA~1\T-TELE~1\backweb\2581593\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\T-TeleSec Personal Security Service\backweb\2581593\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\T-TeleSec Personal Security Service\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\T-TeleSec Personal Security Service\Common\FSMA32.EXE
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Das ist der 2. Log

Logfile of HijackThis v1.99.1
Scan saved at 10:16:10, on 08.02.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FSM32.EXE
C:\windows\svchost.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\PROGRA~1\T-TELE~1\backweb\2581593\Program\SERVIC~1.EXE
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\T-TeleSec Personal Security Service\backweb\2581593\Program\fspex.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsgk32st.exe
C:\Programme\T-TeleSec Personal Security Service\backweb\2581593\program\fsbwsys.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\FSGK32.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FSMA32.EXE
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FSMB32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\System32\nvsvc32.exe
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fssm32.exe
C:\windows\System32\svchost.exe
C:\Programme\T-TeleSec Personal Security Service\Common\FCH32.EXE
C:\Programme\T-TeleSec Personal Security Service\Common\FAMEH32.EXE
C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsav32.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\Programme\T-TeleSec Personal Security Service\FWES\Program\fsdfwd.exe
C:\Programme\T-TeleSec Personal Security Service\FSGUI\fsguiexe.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\windows\System32\ctfmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\ROSENT~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/5595/search.php?qq=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.50.191.52/5595/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {498E6171-B246-2EC3-D705-60550DFA724C} - C:\WINDOWS\System32\gmnaj.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\windows\inet20081\3.00.06.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp4,0,2,2.dll
O2 - BHO: (no name) - {FE6ABBCB-A761-4699-97B4-F6FAD5B0B85D} - (no file)
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp4,0,2,2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\T-TeleSec Personal Security Service\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\T-TeleSec Personal Security Service\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\T-TeleSec Personal Security Service\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\T-TeleSec Personal Security Service\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [svchost] C:\windows\svchost.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Suchen mit Copernic Agent - F:\Franks Dateien\copernikus\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\FRANKS~1\COPERN~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\FRANKS~1\COPERN~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\FRANKS~1\COPERN~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O14 - IERESET.INF: START_PAGE_URL=http://de.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2860050D-7F0D-4ED7-8167-84EAAC683066}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{396E4CFD-EA11-4020-88FC-854CF9D66B4C}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{57D5E3D5-F97B-43EE-A7ED-A19D5B1E6E01}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BC66A2C-5FA7-4051-B390-064F8B1A07A2}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3E0FC6D-45F1-4C9D-BFD9-9322DFCD3F8B}: NameServer = 85.255.114.22,85.255.112.104
O17 - HKLM\System\CS1\Services\Tcpip\..\{2860050D-7F0D-4ED7-8167-84EAAC683066}: NameServer = 85.255.114.22,85.255.112.104
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\windows\System32\btxppanel.dll
O18 - Filter: text/html - {56A6D345-329B-4A66-A29E-970DA554D95C} - (no file)
O18 - Filter: text/plain - {56A6D345-329B-4A66-A29E-970DA554D95C} - (no file)
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: T-TeleSec Personal Security Service (BackWeb Plug-in - 2581593) - Unknown owner - C:\PROGRA~1\T-TELE~1\backweb\2581593\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\T-TeleSec Personal Security Service\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\T-TeleSec Personal Security Service\backweb\2581593\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\T-TeleSec Personal Security Service\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\T-TeleSec Personal Security Service\Common\FSMA32.EXE
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Erstmal auch Danke für die Hilfe.

dartus 08.02.2006 23:56
Hallo rosenmilan,

Du hast ziemlich viele Schadprogramme in Deinem System. Ein saubere Bereinigung ist IMHO sehr zeitaufwendig und gewährleistet nicht, dass dann Dein System sauber ist. Meine Empfehlung ist ein sauberer Schnitt in Form einer Neuinstalation, Anleitung:
http://www.trojaner-board.de/showthread.php?t=12154

Thema Datensicherung
http://www.trojaner-board.de/showpos...8&postcount=11

dartus


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:11 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129