ich hab mein Ad adware durchlaufen lassen der hat ne malware gefudnen dan hab ich hijackthis laufen lassen aber ich kann nix mit dem log anfangen kan mir jemand helfen?
Logfile of HijackThis v1.99.0
Scan saved at 11:06:50, on 19.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\Dit.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\eMCrypt\eMCrypt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obkepjagtwnhgowxqwbo.com/hKQ ... f1tUy.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhsmstntigofgynhtvwlbflfv.co ... N1q4uQ.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14C3416D-74E3-DE9B-42CF-B823B779139C} - C:\DOKUME~1\Tristan\ANWEND~1\rulegram\HtmBike.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [procstylelocksthunk] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Two tool proc style\AXISPOKE.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GPLEGGS] C:\DOKUME~1\Tristan\ANWEND~1\INTERG~1\Plan Sign.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2816378468
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D758F3-5B21-4ABF-9376-3957336C37A9}: NameServer = 195.50.140.252 195.50.140.250
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InCD Helper - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
O4 - HKLM\..\Run: [MessengerPlus3]
12 Beiträge • Seite 1 von 1
von Nikita am 19.06.2005, 11:31
Hallo@Phax
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obkepjagtwnhgowxqwbo.com/hKQ ... f1tUy.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhsmstntigofgynhtvwlbflfv.co ... N1q4uQ.htm
O2 - BHO: (no name) - {14C3416D-74E3-DE9B-42CF-B823B779139C} - C:\DOKUME~1\Tristan\ANWEND~1\rulegram\HtmBike.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [procstylelocksthunk] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Two tool proc style\AXISPOKE.exe
O4 - HKCU\..\Run: [GPLEGGS] C:\DOKUME~1\Tristan\ANWEND~1\INTERG~1\Plan Sign.exe
PC neustarten
Deinstallieren (und lade das nie wieder )
MessengerPlus! 3
loeschen:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Two tool proc style\AXISPOKE.exe
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\INTERG~1\Plan Sign.exe
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\rulegram\HtmBike.exe
CCleaner--> loesche alle *temp-Datein
http://nikita.eddys-domain.de/IE.html
arbeite das bitte ab
http://nikita.eddys-domain.de/escan.html
und poste alles, was angezeigt wird
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obkepjagtwnhgowxqwbo.com/hKQ ... f1tUy.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhsmstntigofgynhtvwlbflfv.co ... N1q4uQ.htm
O2 - BHO: (no name) - {14C3416D-74E3-DE9B-42CF-B823B779139C} - C:\DOKUME~1\Tristan\ANWEND~1\rulegram\HtmBike.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [procstylelocksthunk] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Two tool proc style\AXISPOKE.exe
O4 - HKCU\..\Run: [GPLEGGS] C:\DOKUME~1\Tristan\ANWEND~1\INTERG~1\Plan Sign.exe
PC neustarten
Deinstallieren (und lade das nie wieder )
MessengerPlus! 3
loeschen:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Two tool proc style\AXISPOKE.exe
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\INTERG~1\Plan Sign.exe
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\rulegram\HtmBike.exe
CCleaner--> loesche alle *temp-Datein
http://nikita.eddys-domain.de/IE.html
arbeite das bitte ab
http://nikita.eddys-domain.de/escan.html
und poste alles, was angezeigt wird
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Phax am 19.06.2005, 12:07
ich habe jetzt alles so gemacht wie du gesagt hast hab dan deinstaliert und lösche jetzt die exen aber ich fnde die nicht :
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\rulegram\HtmBike.exe
Ist das egal wenn nciht führe ich jetzt ccleaner aus
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\rulegram\HtmBike.exe
Ist das egal wenn nciht führe ich jetzt ccleaner aus
- Phax
- Beiträge: 6
- Registriert: 19.06.2005, 11:14
von Nikita am 19.06.2005, 12:48
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren
arbeite das bitte ab
http://nikita.eddys-domain.de/escan.html
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren
arbeite das bitte ab
http://nikita.eddys-domain.de/escan.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Phax am 19.06.2005, 14:39
ergebnisse was muss ich nun machen ?
also ich hab die häckchen erstmal hingeamcht überall aber noch nicht gelöscht
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Sun Jun 19 12:49:47 2005 => File C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\backups\backup-20050619-115649-907.dll infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus! Action Taken: No Action Taken.
2: Sun Jun 19 12:52:10 2005 => System found infected with BearShare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
3: Sun Jun 19 13:01:22 2005 => File C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\chicthatrdrfirst.exe infected by "Trojan-Downloader.Win32.Swizzor.ca" Virus! Action Taken: No Action Taken.
4: Sun Jun 19 13:01:22 2005 => File C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\Chin Lite Hold.exe infected by "Trojan-Downloader.Win32.Swizzor.cb" Virus! Action Taken: No Action Taken.
5: Sun Jun 19 13:03:07 2005 => File C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\backups\backup-20050619-115649-907.dll infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus! Action Taken: No Action Taken.
6: Sun Jun 19 13:41:15 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\A0021660.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
7: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-1.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
8: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-15.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
9: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-16.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
10: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-17.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
11: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-18.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
12: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-19.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
13: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-20.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
14: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-21.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
15: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-22.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
16: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-9.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
17: Sun Jun 19 13:41:29 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021887.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
18: Sun Jun 19 13:41:42 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP139\A0022165.exe infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Sun Jun 19 12:48:36 2005 => File C:\WINDOWS\Dit.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
2: Sun Jun 19 12:54:39 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
3: Sun Jun 19 12:54:39 2005 => File C:\WINDOWS\ehdggxl.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
4: Sun Jun 19 12:57:43 2005 => File C:\apachefriends\xampp\apache\bin\pv.exe tagged as not-a-virus:Tool.Win32.PrcView.3725. No Action Taken.
5: Sun Jun 19 13:01:22 2005 => File C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\xejsskae.exe tagged as "not-a-virus:AdWare.Lop.p". Action Taken: No Action Taken.
6: Sun Jun 19 13:08:45 2005 => Scanning File C:\MAGIX\Media_Manager_2004\Icons\Tagged Image File Format.ico [**]
7: Sun Jun 19 13:15:39 2005 => File C:\Programme\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
8: Sun Jun 19 13:17:36 2005 => File C:\Programme\C2Media\Setup.exe tagged as "not-a-virus:AdWare.Lop". Action Taken: No Action Taken.
9: Sun Jun 19 13:32:57 2005 => File C:\Programme\mIRC\mirc 6.16+3.8\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
10: Sun Jun 19 13:37:48 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP115\A0019055.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
11: Sun Jun 19 13:37:48 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP115\A0019056.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
12: Sun Jun 19 13:41:01 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP131\A0021367.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
13: Sun Jun 19 13:41:08 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP132\A0021540.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
14: Sun Jun 19 13:41:09 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP132\A0021566.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
15: Sun Jun 19 13:41:11 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP133\A0021603.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
16: Sun Jun 19 13:41:16 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\A0021690.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
17: Sun Jun 19 13:41:22 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP135\A0021792.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
18: Sun Jun 19 13:41:27 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021852.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
19: Sun Jun 19 13:41:29 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021875.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
20: Sun Jun 19 13:41:29 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021886.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
21: Sun Jun 19 13:41:30 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021907.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
22: Sun Jun 19 13:41:31 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
23: Sun Jun 19 13:41:42 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP139\A0022166.exe tagged as "not-a-virus:AdWare.Lop.p". Action Taken: No Action Taken.
24: Sun Jun 19 13:41:43 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP139\A0022167.exe tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken.
25: Sun Jun 19 14:17:11 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP97\A0015097.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
26: Sun Jun 19 14:17:11 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP97\A0015098.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
27: Sun Jun 19 14:24:27 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
28: Sun Jun 19 14:24:29 2005 => File C:\WINDOWS\ehdggxl.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Sun Jun 19 12:53:47 2005 => Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
2: Sun Jun 19 12:53:54 2005 => Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
3: Sun Jun 19 12:53:56 2005 => Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
4: Sun Jun 19 12:53:59 2005 => Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
5: Sun Jun 19 12:53:59 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
6: Sun Jun 19 12:54:07 2005 => Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
7: Sun Jun 19 12:54:07 2005 => Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
8: Sun Jun 19 12:54:07 2005 => Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
9: Sun Jun 19 12:54:07 2005 => Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\WINDOWS\Dit.exe => tagged:Garbage.Win32.CustomIcons.
2: C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\backups\backup-20050619-115649-907.dll => Trojan-Downloader.Win32.Swizzor.bo
3: C:\WINDOWS\DitExp.exe => tagged:Garbage.Win32.CustomIcons.
4: C:\apachefriends\xampp\apache\bin\pv.exe => tagged:Tool.Win32.PrcView.3725.
5: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\chicthatrdrfirst.exe => Trojan-Downloader.Win32.Swizzor.ca
6: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\Chin Lite Hold.exe => Trojan-Downloader.Win32.Swizzor.cb
7: C:\Programme\BitTorrent\uninstall.exe => tagged:Tool.Win32.Processor.1001.
8: C:\Programme\mIRC\mirc 6.16+3.8\mirc.exe => tagged:Client-IRC.Win32.mIRC.16.
9: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP115\A0019055.exe => tagged:Garbage.Win32.CustomIcons.
10: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP115\A0019056.exe => tagged:Garbage.Win32.CustomIcons.
11: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\A0021660.dll => Trojan.Win32.Agent.db
12: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-1.DAT => Trojan.Win32.Agent.db
13: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-15.DAT => Trojan.Win32.Agent.db
14: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-16.DAT => Trojan.Win32.Agent.db
15: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-17.DAT => Trojan.Win32.Agent.db
16: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-18.DAT => Trojan.Win32.Agent.db
17: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-19.DAT => Trojan.Win32.Agent.db
18: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-20.DAT => Trojan.Win32.Agent.db
19: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-21.DAT => Trojan.Win32.Agent.db
20: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-22.DAT => Trojan.Win32.Agent.db
21: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-9.DAT => Trojan.Win32.Agent.db
22: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021887.exe => Trojan.Win32.Stervis.c
23: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP139\A0022165.exe => Trojan-Downloader.Win32.Swizzor.bo
24: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP97\A0015097.exe => tagged:Garbage.Win32.CustomIcons.
25: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP97\A0015098.exe => tagged:Garbage.Win32.CustomIcons.
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Sun Jun 19 14:33:17 2005 => Total Objects Scanned: 111899
Sun Jun 19 14:33:17 2005 => Total Virus(es) Found: 48
Sun Jun 19 14:33:17 2005 => Total Errors: 9
Sun Jun 19 14:33:17 2005 => Virus Database Date: 2005/06/17
Sun Jun 19 14:33:17 2005 => Virus Database Count: 135140
Sun Jun 19 14:33:26 2005 => Total Objects Scanned: 111899
Sun Jun 19 14:33:26 2005 => Total Virus(es) Found: 48
Sun Jun 19 14:33:26 2005 => Total Errors: 9
also ich hab die häckchen erstmal hingeamcht überall aber noch nicht gelöscht
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Sun Jun 19 12:49:47 2005 => File C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\backups\backup-20050619-115649-907.dll infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus! Action Taken: No Action Taken.
2: Sun Jun 19 12:52:10 2005 => System found infected with BearShare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
3: Sun Jun 19 13:01:22 2005 => File C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\chicthatrdrfirst.exe infected by "Trojan-Downloader.Win32.Swizzor.ca" Virus! Action Taken: No Action Taken.
4: Sun Jun 19 13:01:22 2005 => File C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\Chin Lite Hold.exe infected by "Trojan-Downloader.Win32.Swizzor.cb" Virus! Action Taken: No Action Taken.
5: Sun Jun 19 13:03:07 2005 => File C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\backups\backup-20050619-115649-907.dll infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus! Action Taken: No Action Taken.
6: Sun Jun 19 13:41:15 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\A0021660.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
7: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-1.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
8: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-15.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
9: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-16.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
10: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-17.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
11: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-18.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
12: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-19.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
13: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-20.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
14: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-21.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
15: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-22.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
16: Sun Jun 19 13:41:20 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-9.DAT infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
17: Sun Jun 19 13:41:29 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021887.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
18: Sun Jun 19 13:41:42 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP139\A0022165.exe infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Sun Jun 19 12:48:36 2005 => File C:\WINDOWS\Dit.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
2: Sun Jun 19 12:54:39 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
3: Sun Jun 19 12:54:39 2005 => File C:\WINDOWS\ehdggxl.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
4: Sun Jun 19 12:57:43 2005 => File C:\apachefriends\xampp\apache\bin\pv.exe tagged as not-a-virus:Tool.Win32.PrcView.3725. No Action Taken.
5: Sun Jun 19 13:01:22 2005 => File C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\xejsskae.exe tagged as "not-a-virus:AdWare.Lop.p". Action Taken: No Action Taken.
6: Sun Jun 19 13:08:45 2005 => Scanning File C:\MAGIX\Media_Manager_2004\Icons\Tagged Image File Format.ico [**]
7: Sun Jun 19 13:15:39 2005 => File C:\Programme\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
8: Sun Jun 19 13:17:36 2005 => File C:\Programme\C2Media\Setup.exe tagged as "not-a-virus:AdWare.Lop". Action Taken: No Action Taken.
9: Sun Jun 19 13:32:57 2005 => File C:\Programme\mIRC\mirc 6.16+3.8\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
10: Sun Jun 19 13:37:48 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP115\A0019055.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
11: Sun Jun 19 13:37:48 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP115\A0019056.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
12: Sun Jun 19 13:41:01 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP131\A0021367.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
13: Sun Jun 19 13:41:08 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP132\A0021540.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
14: Sun Jun 19 13:41:09 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP132\A0021566.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
15: Sun Jun 19 13:41:11 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP133\A0021603.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
16: Sun Jun 19 13:41:16 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\A0021690.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
17: Sun Jun 19 13:41:22 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP135\A0021792.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
18: Sun Jun 19 13:41:27 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021852.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
19: Sun Jun 19 13:41:29 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021875.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
20: Sun Jun 19 13:41:29 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021886.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
21: Sun Jun 19 13:41:30 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021907.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
22: Sun Jun 19 13:41:31 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
23: Sun Jun 19 13:41:42 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP139\A0022166.exe tagged as "not-a-virus:AdWare.Lop.p". Action Taken: No Action Taken.
24: Sun Jun 19 13:41:43 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP139\A0022167.exe tagged as "not-a-virus:AdWare.Lop.m". Action Taken: No Action Taken.
25: Sun Jun 19 14:17:11 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP97\A0015097.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
26: Sun Jun 19 14:17:11 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP97\A0015098.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
27: Sun Jun 19 14:24:27 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
28: Sun Jun 19 14:24:29 2005 => File C:\WINDOWS\ehdggxl.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Sun Jun 19 12:53:47 2005 => Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
2: Sun Jun 19 12:53:54 2005 => Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
3: Sun Jun 19 12:53:56 2005 => Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
4: Sun Jun 19 12:53:59 2005 => Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
5: Sun Jun 19 12:53:59 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
6: Sun Jun 19 12:54:07 2005 => Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
7: Sun Jun 19 12:54:07 2005 => Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
8: Sun Jun 19 12:54:07 2005 => Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
9: Sun Jun 19 12:54:07 2005 => Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\WINDOWS\Dit.exe => tagged:Garbage.Win32.CustomIcons.
2: C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\backups\backup-20050619-115649-907.dll => Trojan-Downloader.Win32.Swizzor.bo
3: C:\WINDOWS\DitExp.exe => tagged:Garbage.Win32.CustomIcons.
4: C:\apachefriends\xampp\apache\bin\pv.exe => tagged:Tool.Win32.PrcView.3725.
5: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\chicthatrdrfirst.exe => Trojan-Downloader.Win32.Swizzor.ca
6: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\Chin Lite Hold.exe => Trojan-Downloader.Win32.Swizzor.cb
7: C:\Programme\BitTorrent\uninstall.exe => tagged:Tool.Win32.Processor.1001.
8: C:\Programme\mIRC\mirc 6.16+3.8\mirc.exe => tagged:Client-IRC.Win32.mIRC.16.
9: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP115\A0019055.exe => tagged:Garbage.Win32.CustomIcons.
10: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP115\A0019056.exe => tagged:Garbage.Win32.CustomIcons.
11: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\A0021660.dll => Trojan.Win32.Agent.db
12: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-1.DAT => Trojan.Win32.Agent.db
13: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-15.DAT => Trojan.Win32.Agent.db
14: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-16.DAT => Trojan.Win32.Agent.db
15: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-17.DAT => Trojan.Win32.Agent.db
16: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-18.DAT => Trojan.Win32.Agent.db
17: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-19.DAT => Trojan.Win32.Agent.db
18: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-20.DAT => Trojan.Win32.Agent.db
19: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-21.DAT => Trojan.Win32.Agent.db
20: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-22.DAT => Trojan.Win32.Agent.db
21: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP134\snapshot\MFEX-9.DAT => Trojan.Win32.Agent.db
22: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP136\A0021887.exe => Trojan.Win32.Stervis.c
23: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP139\A0022165.exe => Trojan-Downloader.Win32.Swizzor.bo
24: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP97\A0015097.exe => tagged:Garbage.Win32.CustomIcons.
25: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP97\A0015098.exe => tagged:Garbage.Win32.CustomIcons.
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Sun Jun 19 14:33:17 2005 => Total Objects Scanned: 111899
Sun Jun 19 14:33:17 2005 => Total Virus(es) Found: 48
Sun Jun 19 14:33:17 2005 => Total Errors: 9
Sun Jun 19 14:33:17 2005 => Virus Database Date: 2005/06/17
Sun Jun 19 14:33:17 2005 => Virus Database Count: 135140
Sun Jun 19 14:33:26 2005 => Total Objects Scanned: 111899
Sun Jun 19 14:33:26 2005 => Total Virus(es) Found: 48
Sun Jun 19 14:33:26 2005 => Total Errors: 9
- Phax
- Beiträge: 6
- Registriert: 19.06.2005, 11:14
von Nikita am 19.06.2005, 16:37
•KillBox
http://bilder.informationsarchiv.net/Ni ... illBox.zip
Anleitung: (bebildert)
http://nikita.eddys-domain.de/killbox.html
•Delete File on Reboot <--anhaken
und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
von hier aus reinkopieren:
C:\WINDOWS\ehdggxl.exe
C:\Programme\C2Media\Setup.exe
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\xejsskae.exe
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\chicthatrdrfirst.exe
C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\backups\backup-20050619-115649-907.dll
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\Chin Lite Hold.exe
PC neustarten
Deaktivieren Wiederherstellung (dann aktiviere sie wieder)
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid<--loeschen
dann scanne noch mal mit escan + berichte+ poste das neue Log vom HijackThis
http://bilder.informationsarchiv.net/Ni ... illBox.zip
Anleitung: (bebildert)
http://nikita.eddys-domain.de/killbox.html
•Delete File on Reboot <--anhaken
und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
von hier aus reinkopieren:
C:\WINDOWS\ehdggxl.exe
C:\Programme\C2Media\Setup.exe
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\xejsskae.exe
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\chicthatrdrfirst.exe
C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\backups\backup-20050619-115649-907.dll
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid\Chin Lite Hold.exe
PC neustarten
Deaktivieren Wiederherstellung (dann aktiviere sie wieder)
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterGrid<--loeschen
dann scanne noch mal mit escan + berichte+ poste das neue Log vom HijackThis
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Phax am 19.06.2005, 16:57
noch mal ein escan der dauert 2 h ? ist voll lange ;(
wieder im gesicherten modus?
wieder im gesicherten modus?
- Phax
- Beiträge: 6
- Registriert: 19.06.2005, 11:14
von Phax am 19.06.2005, 19:51
meine auswertung von escan:
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Sun Jun 19 17:52:13 2005 => System found infected with BearShare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Sun Jun 19 18:29:58 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
2: Sun Jun 19 18:33:09 2005 => File C:\apachefriends\xampp\apache\bin\pv.exe tagged as not-a-virus:Tool.Win32.PrcView.3725. No Action Taken.
3: Sun Jun 19 18:43:55 2005 => Scanning File C:\MAGIX\Media_Manager_2004\Icons\Tagged Image File Format.ico [**]
4: Sun Jun 19 18:50:42 2005 => File C:\Programme\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
5: Sun Jun 19 19:07:40 2005 => File C:\Programme\mIRC\mirc 6.16+3.8\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
6: Sun Jun 19 19:09:25 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP140\A0022402.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
7: Sun Jun 19 19:16:37 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Sun Jun 19 17:48:46 2005 => ERROR!!! Invalid Entry Dit = Dit.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Sun Jun 19 17:53:50 2005 => Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
3: Sun Jun 19 17:53:56 2005 => Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
4: Sun Jun 19 17:53:58 2005 => Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
5: Sun Jun 19 17:54:01 2005 => Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
6: Sun Jun 19 17:54:02 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
7: Sun Jun 19 17:54:09 2005 => Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
8: Sun Jun 19 17:54:09 2005 => Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
9: Sun Jun 19 17:54:09 2005 => Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
10: Sun Jun 19 17:54:09 2005 => Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\WINDOWS\DitExp.exe => tagged:Garbage.Win32.CustomIcons.
2: C:\apachefriends\xampp\apache\bin\pv.exe => tagged:Tool.Win32.PrcView.3725.
3: C:\Programme\BitTorrent\uninstall.exe => tagged:Tool.Win32.Processor.1001.
4: C:\Programme\mIRC\mirc 6.16+3.8\mirc.exe => tagged:Client-IRC.Win32.mIRC.16.
5: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP140\A0022402.exe => tagged:Garbage.Win32.CustomIcons.
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Sun Jun 19 19:37:46 2005 => Total Objects Scanned: 95896
Sun Jun 19 19:37:46 2005 => Total Virus(es) Found: 10
Sun Jun 19 19:37:46 2005 => Total Errors: 10
Sun Jun 19 19:37:46 2005 => Virus Database Date: 2005/06/17
Sun Jun 19 19:37:46 2005 => Virus Database Count: 135140
Sun Jun 19 19:46:17 2005 => Total Objects Scanned: 95896
Sun Jun 19 19:46:17 2005 => Total Virus(es) Found: 10
Sun Jun 19 19:46:18 2005 => Total Errors: 10
und von HIjackthis:
Logfile of HijackThis v1.99.0
Scan saved at 19:50:53, on 19.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cgnzekbmeheqzhp.com/hKQUmlkm ... Bf1tUy.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2816378468
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D758F3-5B21-4ABF-9376-3957336C37A9}: NameServer = 195.50.140.252 195.50.140.250
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InCD Helper - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Sun Jun 19 17:52:13 2005 => System found infected with BearShare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Sun Jun 19 18:29:58 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
2: Sun Jun 19 18:33:09 2005 => File C:\apachefriends\xampp\apache\bin\pv.exe tagged as not-a-virus:Tool.Win32.PrcView.3725. No Action Taken.
3: Sun Jun 19 18:43:55 2005 => Scanning File C:\MAGIX\Media_Manager_2004\Icons\Tagged Image File Format.ico [**]
4: Sun Jun 19 18:50:42 2005 => File C:\Programme\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
5: Sun Jun 19 19:07:40 2005 => File C:\Programme\mIRC\mirc 6.16+3.8\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
6: Sun Jun 19 19:09:25 2005 => File C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP140\A0022402.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
7: Sun Jun 19 19:16:37 2005 => File C:\WINDOWS\DitExp.exe tagged as not-a-virus:Garbage.Win32.CustomIcons. No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Sun Jun 19 17:48:46 2005 => ERROR!!! Invalid Entry Dit = Dit.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Sun Jun 19 17:53:50 2005 => Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
3: Sun Jun 19 17:53:56 2005 => Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
4: Sun Jun 19 17:53:58 2005 => Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
5: Sun Jun 19 17:54:01 2005 => Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
6: Sun Jun 19 17:54:02 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
7: Sun Jun 19 17:54:09 2005 => Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
8: Sun Jun 19 17:54:09 2005 => Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
9: Sun Jun 19 17:54:09 2005 => Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
10: Sun Jun 19 17:54:09 2005 => Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\WINDOWS\DitExp.exe => tagged:Garbage.Win32.CustomIcons.
2: C:\apachefriends\xampp\apache\bin\pv.exe => tagged:Tool.Win32.PrcView.3725.
3: C:\Programme\BitTorrent\uninstall.exe => tagged:Tool.Win32.Processor.1001.
4: C:\Programme\mIRC\mirc 6.16+3.8\mirc.exe => tagged:Client-IRC.Win32.mIRC.16.
5: C:\System Volume Information\_restore{FF42B368-3A1D-4F92-BAB5-3FE7E0D3F6B8}\RP140\A0022402.exe => tagged:Garbage.Win32.CustomIcons.
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Sun Jun 19 19:37:46 2005 => Total Objects Scanned: 95896
Sun Jun 19 19:37:46 2005 => Total Virus(es) Found: 10
Sun Jun 19 19:37:46 2005 => Total Errors: 10
Sun Jun 19 19:37:46 2005 => Virus Database Date: 2005/06/17
Sun Jun 19 19:37:46 2005 => Virus Database Count: 135140
Sun Jun 19 19:46:17 2005 => Total Objects Scanned: 95896
Sun Jun 19 19:46:17 2005 => Total Virus(es) Found: 10
Sun Jun 19 19:46:18 2005 => Total Errors: 10
und von HIjackthis:
Logfile of HijackThis v1.99.0
Scan saved at 19:50:53, on 19.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cgnzekbmeheqzhp.com/hKQUmlkm ... Bf1tUy.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2816378468
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D758F3-5B21-4ABF-9376-3957336C37A9}: NameServer = 195.50.140.252 195.50.140.250
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InCD Helper - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
- Phax
- Beiträge: 6
- Registriert: 19.06.2005, 11:14
von Nikita am 19.06.2005, 20:41
Fixe mit dem HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cgnzekbmeheqzhp.com/hKQUmlkm ... Bf1tUy.htm
neustarten
#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
+
poste das neue Log vom HijackThis
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cgnzekbmeheqzhp.com/hKQUmlkm ... Bf1tUy.htm
neustarten
#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
+
poste das neue Log vom HijackThis
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Phax am 19.06.2005, 21:17
bitte sehr sieht gut aus soll ich mal ad adware durchlaufen ect udn virsu software?
Logfile of HijackThis v1.99.0
Scan saved at 21:16:06, on 19.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2816378468
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D758F3-5B21-4ABF-9376-3957336C37A9}: NameServer = 195.50.140.252 195.50.140.250
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InCD Helper - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.0
Scan saved at 21:16:06, on 19.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Tristan\Desktop\hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2816378468
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D758F3-5B21-4ABF-9376-3957336C37A9}: NameServer = 195.50.140.252 195.50.140.250
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InCD Helper - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
- Phax
- Beiträge: 6
- Registriert: 19.06.2005, 11:14
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
12 Beiträge • Seite 1 von 1
Ähnliche Themen
| O4 - HKLM\..\Run: [Starting up] wvsvc.exe [WORM_RBOT.QZ] Forum: Online- und PC-Sicherheit Autor: Michi__! Antworten: |
mysearchnow/MessengerPlus3 Forum: Online- und PC-Sicherheit Autor: AnkeT Antworten: |
Nail.exe + O4 - HKLM\..\RunServices: [svchost] svhost.exe Forum: Online- und PC-Sicherheit Autor: Don Carlos Antworten: |
O4 - HKLM\..\Run: [snpstd] C:\WINNT\vsnpstd.exe Forum: Online- und PC-Sicherheit Autor: Nikita Antworten: |
O4 - HKLM\..\Run: [d3tg32.exe] C:\WINDOWS\d3tg32.exe Forum: Online- und PC-Sicherheit Autor: Dreikämpfer Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste