Wer kann mir helfen
16 Beiträge • Seite 1 von 2 • 1, 2
Wer kann mir helfen
von Mast3r am 20.11.2005, 14:24
Wer kann mir helfenBei mir auf dem Desktop erscheind immer das hier:
"Your system is infected with spyware. Windows recommends you to use a spyware removel tool to prevent loss of importent data and increase system preformance. Using this pc before having it cleand from spyware threats is highly discouraged."
Ich habe schon drei Spyware Programme durchlaufen lassen und habe die infizierten sachen gelöscht und es steht da immernoch!!!
Bitte helft mir schnell.
"Your system is infected with spyware. Windows recommends you to use a spyware removel tool to prevent loss of importent data and increase system preformance. Using this pc before having it cleand from spyware threats is highly discouraged."
Ich habe schon drei Spyware Programme durchlaufen lassen und habe die infizierten sachen gelöscht und es steht da immernoch!!!
Bitte helft mir schnell.
- Mast3r
- Beiträge: 468
- Registriert: 24.07.2005, 19:19
- Wohnort: egal
von Mast3r am 20.11.2005, 15:18
Als ich den Silent Runner laufen lassen habe kam eine Textdatei mit folgenem Inhalt:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"NCLaunch" = "C:\WINDOWS\NCLAUNCH.EXe" ["Northcode Inc."]
"Windows installer" = "C:\winstall.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"PCMService" = ""C:\Programme\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
"gcasServ" = ""C:\Programme\Microsoft AntiSpyware\gcasServ.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Ich hoffe ihr könnt damit etwas anfangen
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"NCLaunch" = "C:\WINDOWS\NCLAUNCH.EXe" ["Northcode Inc."]
"Windows installer" = "C:\winstall.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"PCMService" = ""C:\Programme\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
"gcasServ" = ""C:\Programme\Microsoft AntiSpyware\gcasServ.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
Ich hoffe ihr könnt damit etwas anfangen
- Mast3r
- Beiträge: 468
- Registriert: 24.07.2005, 19:19
- Wohnort: egal
von Nikita am 20.11.2005, 15:30
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.net/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
CCleaner
http://virus-protect.net/temp.html
lösche alle temp-Dateien
kopiere hier die 4 Textdateien
http://virus-protect.net/datfindbat.html
vom Silentrunner moechte ich gern das KOMPLETTE LOG sehen, wenn du von allem nur die Haelfte postest, kann ich nicht helfen...ich hab keine Glaskugel, in die ich schauen kann.
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.net/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
CCleaner
http://virus-protect.net/temp.html
lösche alle temp-Dateien
kopiere hier die 4 Textdateien
http://virus-protect.net/datfindbat.html
vom Silentrunner moechte ich gern das KOMPLETTE LOG sehen, wenn du von allem nur die Haelfte postest, kann ich nicht helfen...ich hab keine Glaskugel, in die ich schauen kann.
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Mast3r am 20.11.2005, 17:39
Logfile of HijackThis v1.99.1
Scan saved at 16:34:19, on 20.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Mixer.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\winstall.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\mozilla-1.7.12.de-AT.win32\mozilla\mozilla.exe
C:\Dokumente und Einstellungen\Mast3r\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Programme\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Silent Runner
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"NCLaunch" = "C:\WINDOWS\NCLAUNCH.EXe" ["Northcode Inc."]
"Windows installer" = "C:\winstall.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"PCMService" = ""C:\Programme\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
"gcasServ" = ""C:\Programme\Microsoft AntiSpyware\gcasServ.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
Group Policies [Description]:
-----------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001
[enables Active Desktop and prevents disabling it]
HIJACK WARNING! "Wallpaper" = "C:\WINDOWS\desktop.html"
[disables the Display Properties|Desktop (tab) (except the "Customize
Desktop..." button); selects wallpaper if Active Desktop is enabled]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop enabled via Group Policy.
Wallpaper selected via Group Policy.
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"SCRNSAVE.EXE" = "C:\WINDOWS\DRAEGE~1.SCR" (draeger_streifen_full.scr) [empty string]
Startup items in "Mast3r" & "All Users" startup folders:
--------------------------------------------------------
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
Missing lines (compared with English-language version):
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "MGINavigationCanceled" = (empty string)
HIJACK WARNING! "MGIWelcome" = (empty string)
HIJACK WARNING! "MGIOfflineInformation" = (empty string)
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 14 seconds, including 2 seconds for message boxes)
Was muss ich machen wenn ich die 4 Textdateien kopiert habe? Und den CCleaner habe ich schon benutzt!
Scan saved at 16:34:19, on 20.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Mixer.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\winstall.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\mozilla-1.7.12.de-AT.win32\mozilla\mozilla.exe
C:\Dokumente und Einstellungen\Mast3r\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Programme\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Silent Runner
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"NCLaunch" = "C:\WINDOWS\NCLAUNCH.EXe" ["Northcode Inc."]
"Windows installer" = "C:\winstall.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"PCMService" = ""C:\Programme\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data]
"gcasServ" = ""C:\Programme\Microsoft AntiSpyware\gcasServ.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
Group Policies [Description]:
-----------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001
[enables Active Desktop and prevents disabling it]
HIJACK WARNING! "Wallpaper" = "C:\WINDOWS\desktop.html"
[disables the Display Properties|Desktop (tab) (except the "Customize
Desktop..." button); selects wallpaper if Active Desktop is enabled]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop enabled via Group Policy.
Wallpaper selected via Group Policy.
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"SCRNSAVE.EXE" = "C:\WINDOWS\DRAEGE~1.SCR" (draeger_streifen_full.scr) [empty string]
Startup items in "Mast3r" & "All Users" startup folders:
--------------------------------------------------------
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
Missing lines (compared with English-language version):
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "MGINavigationCanceled" = (empty string)
HIJACK WARNING! "MGIWelcome" = (empty string)
HIJACK WARNING! "MGIOfflineInformation" = (empty string)
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 14 seconds, including 2 seconds for message boxes)
Was muss ich machen wenn ich die 4 Textdateien kopiert habe? Und den CCleaner habe ich schon benutzt!
- Mast3r
- Beiträge: 468
- Registriert: 24.07.2005, 19:19
- Wohnort: egal
von Holy Marcell am 20.11.2005, 19:16
Die 4 Text-Dateien musst du hier einfügen. Bitte schaue auf das Datum und kopiere nur die Einträge die nicht älter als 3 Monate sind.
- Holy Marcell
von Mast3r am 20.11.2005, 19:23
Hier noch die datfindbat datei:
Verzeichnis von C:\WINDOWS\system32
20.11.2005 18:16 664 d3d9caps.dat
20.11.2005 18:16 39.008 nvapps.xml
20.11.2005 16:27 13.646 wpa.dbl
02.11.2005 10:49 2.377.568 MRT.exe
30.10.2005 10:14 39.992 perfc009.dat
30.10.2005 10:14 311.604 perfh009.dat
30.10.2005 10:14 316.594 perfh007.dat
30.10.2005 10:14 48.156 perfc007.dat
30.10.2005 10:14 723.744 PerfStringBackup.INI
23.10.2005 21:47 228.000 FNTCACHE.DAT
16.10.2005 18:36 34.064 lhacm.acm
14.10.2005 16:31 43.520 CmdLineExt03.dll
10.10.2005 21:13 180.224 nvudisp.exe
10.10.2005 21:13 180.224 NVUNINST.EXE
10.10.2005 20:49 163.840 nvwrszhc.dll
10.10.2005 20:49 303.104 nvwrstr.dll
10.10.2005 20:49 294.912 nvwrssv.dll
10.10.2005 20:49 303.104 nvwrssl.dll
10.10.2005 20:49 299.008 nvwrssk.dll
10.10.2005 20:49 315.392 nvwrsru.dll
10.10.2005 20:49 319.488 nvwrsptb.dll
10.10.2005 20:49 323.584 nvwrspt.dll
10.10.2005 20:49 294.912 nvwrspl.dll
10.10.2005 20:49 299.008 nvwrsno.dll
10.10.2005 20:49 319.488 nvwrsnl.dll
10.10.2005 20:49 196.608 nvwrsko.dll
10.10.2005 20:49 212.992 nvwrsja.dll
10.10.2005 20:49 323.584 nvwrsit.dll
10.10.2005 20:49 167.936 nvwrszht.dll
10.10.2005 20:49 278.528 nvwrshe.dll
10.10.2005 20:49 327.680 nvwrsfr.dll
10.10.2005 20:49 303.104 nvwrsfi.dll
10.10.2005 20:49 327.680 nvwrsesm.dll
10.10.2005 20:49 335.872 nvwrses.dll
10.10.2005 20:49 286.720 nvwrseng.dll
10.10.2005 20:49 3.921.024 nv4_disp.dll
10.10.2005 20:49 335.872 nvwrsel.dll
10.10.2005 20:49 311.296 nvwrsde.dll
10.10.2005 20:49 294.912 nvwrsda.dll
10.10.2005 20:49 286.720 nvwrscs.dll
10.10.2005 20:49 282.624 nvwrsar.dll
10.10.2005 20:49 1.019.904 nvwimg.dll
10.10.2005 20:49 1.662.976 nvwdmcpl.dll
10.10.2005 20:49 81.920 nvwddi.dll
10.10.2005 20:49 315.392 nvwrshu.dll
10.10.2005 20:49 425.984 keystone.exe
10.10.2005 20:49 73.728 nvtuicpl.cpl
10.10.2005 20:49 131.139 nvsvc32.exe
10.10.2005 20:49 466.944 nvshell.dll
10.10.2005 20:49 118.784 nvrszht.dll
10.10.2005 20:49 217.088 nvrszhc.dll
10.10.2005 20:49 249.856 nvrstr.dll
10.10.2005 20:49 245.760 nvrssv.dll
10.10.2005 20:49 249.856 nvrssl.dll
10.10.2005 20:49 249.856 nvrssk.dll
10.10.2005 20:49 262.144 nvrsru.dll
10.10.2005 20:49 262.144 nvrsptb.dll
10.10.2005 20:49 266.240 nvrspt.dll
10.10.2005 20:49 249.856 nvrspl.dll
10.10.2005 20:49 249.856 nvrsno.dll
10.10.2005 20:49 266.240 nvrsnl.dll
10.10.2005 20:49 253.952 nvrsko.dll
10.10.2005 20:49 258.048 nvrsja.dll
10.10.2005 20:49 274.432 nvrsit.dll
10.10.2005 20:49 253.952 nvrshu.dll
10.10.2005 20:49 319.488 nvrshe.dll
10.10.2005 20:49 278.528 nvrsfr.dll
10.10.2005 20:49 241.664 nvrsfi.dll
10.10.2005 20:49 266.240 nvrsesm.dll
10.10.2005 20:49 274.432 nvrses.dll
10.10.2005 20:49 241.664 nvrseng.dll
10.10.2005 20:49 274.432 nvrsel.dll
10.10.2005 20:49 270.336 nvrsde.dll
10.10.2005 20:49 245.760 nvrsda.dll
10.10.2005 20:49 241.664 nvrscs.dll
10.10.2005 20:49 319.488 nvrsar.dll
10.10.2005 20:49 5.378.048 nvoglnt.dll
10.10.2005 20:49 286.720 nvnt4cpl.dll
10.10.2005 20:49 86.016 nvmctray.dll
10.10.2005 20:49 45.056 nvmccsrs.dll
10.10.2005 20:49 229.376 nvmccs.dll
10.10.2005 20:49 1.466.368 nview.dll
10.10.2005 20:49 573.440 nvhwvid.dll
10.10.2005 20:49 1.339.392 nvdspsch.exe
10.10.2005 20:49 15.868 nvdisp.nvu
10.10.2005 20:49 7.286.784 nvcpl.dll
10.10.2005 20:49 147.456 nvcolor.exe
10.10.2005 20:49 34.304 nvcodins.dll
10.10.2005 20:49 34.304 nvcod.dll
10.10.2005 20:49 1.519.616 nwiz.exe
10.10.2005 20:49 442.368 nvappbar.exe
10.10.2005 20:49 45.056 nvapi.dll
28.09.2005 22:29 693.248 DivX.dll
28.09.2005 22:29 688.128 divx_xx07.dll
28.09.2005 22:29 688.128 divx_xx0c.dll
28.09.2005 22:29 671.744 divx_xx11.dll
16.09.2005 21:17 733.184 divxdec.ax
08.09.2005 15:49 86.016 dpl100.dll
08.09.2005 15:49 589.824 dpuGUI11.dll
08.09.2005 15:49 200.704 dtu100.dll
08.09.2005 15:49 315.392 dpus11.dll
08.09.2005 15:49 57.344 dpv11.dll
08.09.2005 15:49 253.952 dpu11.dll
Verzeichnis von C:\WINDOWS\system32
20.11.2005 18:16 664 d3d9caps.dat
20.11.2005 18:16 39.008 nvapps.xml
20.11.2005 16:27 13.646 wpa.dbl
02.11.2005 10:49 2.377.568 MRT.exe
30.10.2005 10:14 39.992 perfc009.dat
30.10.2005 10:14 311.604 perfh009.dat
30.10.2005 10:14 316.594 perfh007.dat
30.10.2005 10:14 48.156 perfc007.dat
30.10.2005 10:14 723.744 PerfStringBackup.INI
23.10.2005 21:47 228.000 FNTCACHE.DAT
16.10.2005 18:36 34.064 lhacm.acm
14.10.2005 16:31 43.520 CmdLineExt03.dll
10.10.2005 21:13 180.224 nvudisp.exe
10.10.2005 21:13 180.224 NVUNINST.EXE
10.10.2005 20:49 163.840 nvwrszhc.dll
10.10.2005 20:49 303.104 nvwrstr.dll
10.10.2005 20:49 294.912 nvwrssv.dll
10.10.2005 20:49 303.104 nvwrssl.dll
10.10.2005 20:49 299.008 nvwrssk.dll
10.10.2005 20:49 315.392 nvwrsru.dll
10.10.2005 20:49 319.488 nvwrsptb.dll
10.10.2005 20:49 323.584 nvwrspt.dll
10.10.2005 20:49 294.912 nvwrspl.dll
10.10.2005 20:49 299.008 nvwrsno.dll
10.10.2005 20:49 319.488 nvwrsnl.dll
10.10.2005 20:49 196.608 nvwrsko.dll
10.10.2005 20:49 212.992 nvwrsja.dll
10.10.2005 20:49 323.584 nvwrsit.dll
10.10.2005 20:49 167.936 nvwrszht.dll
10.10.2005 20:49 278.528 nvwrshe.dll
10.10.2005 20:49 327.680 nvwrsfr.dll
10.10.2005 20:49 303.104 nvwrsfi.dll
10.10.2005 20:49 327.680 nvwrsesm.dll
10.10.2005 20:49 335.872 nvwrses.dll
10.10.2005 20:49 286.720 nvwrseng.dll
10.10.2005 20:49 3.921.024 nv4_disp.dll
10.10.2005 20:49 335.872 nvwrsel.dll
10.10.2005 20:49 311.296 nvwrsde.dll
10.10.2005 20:49 294.912 nvwrsda.dll
10.10.2005 20:49 286.720 nvwrscs.dll
10.10.2005 20:49 282.624 nvwrsar.dll
10.10.2005 20:49 1.019.904 nvwimg.dll
10.10.2005 20:49 1.662.976 nvwdmcpl.dll
10.10.2005 20:49 81.920 nvwddi.dll
10.10.2005 20:49 315.392 nvwrshu.dll
10.10.2005 20:49 425.984 keystone.exe
10.10.2005 20:49 73.728 nvtuicpl.cpl
10.10.2005 20:49 131.139 nvsvc32.exe
10.10.2005 20:49 466.944 nvshell.dll
10.10.2005 20:49 118.784 nvrszht.dll
10.10.2005 20:49 217.088 nvrszhc.dll
10.10.2005 20:49 249.856 nvrstr.dll
10.10.2005 20:49 245.760 nvrssv.dll
10.10.2005 20:49 249.856 nvrssl.dll
10.10.2005 20:49 249.856 nvrssk.dll
10.10.2005 20:49 262.144 nvrsru.dll
10.10.2005 20:49 262.144 nvrsptb.dll
10.10.2005 20:49 266.240 nvrspt.dll
10.10.2005 20:49 249.856 nvrspl.dll
10.10.2005 20:49 249.856 nvrsno.dll
10.10.2005 20:49 266.240 nvrsnl.dll
10.10.2005 20:49 253.952 nvrsko.dll
10.10.2005 20:49 258.048 nvrsja.dll
10.10.2005 20:49 274.432 nvrsit.dll
10.10.2005 20:49 253.952 nvrshu.dll
10.10.2005 20:49 319.488 nvrshe.dll
10.10.2005 20:49 278.528 nvrsfr.dll
10.10.2005 20:49 241.664 nvrsfi.dll
10.10.2005 20:49 266.240 nvrsesm.dll
10.10.2005 20:49 274.432 nvrses.dll
10.10.2005 20:49 241.664 nvrseng.dll
10.10.2005 20:49 274.432 nvrsel.dll
10.10.2005 20:49 270.336 nvrsde.dll
10.10.2005 20:49 245.760 nvrsda.dll
10.10.2005 20:49 241.664 nvrscs.dll
10.10.2005 20:49 319.488 nvrsar.dll
10.10.2005 20:49 5.378.048 nvoglnt.dll
10.10.2005 20:49 286.720 nvnt4cpl.dll
10.10.2005 20:49 86.016 nvmctray.dll
10.10.2005 20:49 45.056 nvmccsrs.dll
10.10.2005 20:49 229.376 nvmccs.dll
10.10.2005 20:49 1.466.368 nview.dll
10.10.2005 20:49 573.440 nvhwvid.dll
10.10.2005 20:49 1.339.392 nvdspsch.exe
10.10.2005 20:49 15.868 nvdisp.nvu
10.10.2005 20:49 7.286.784 nvcpl.dll
10.10.2005 20:49 147.456 nvcolor.exe
10.10.2005 20:49 34.304 nvcodins.dll
10.10.2005 20:49 34.304 nvcod.dll
10.10.2005 20:49 1.519.616 nwiz.exe
10.10.2005 20:49 442.368 nvappbar.exe
10.10.2005 20:49 45.056 nvapi.dll
28.09.2005 22:29 693.248 DivX.dll
28.09.2005 22:29 688.128 divx_xx07.dll
28.09.2005 22:29 688.128 divx_xx0c.dll
28.09.2005 22:29 671.744 divx_xx11.dll
16.09.2005 21:17 733.184 divxdec.ax
08.09.2005 15:49 86.016 dpl100.dll
08.09.2005 15:49 589.824 dpuGUI11.dll
08.09.2005 15:49 200.704 dtu100.dll
08.09.2005 15:49 315.392 dpus11.dll
08.09.2005 15:49 57.344 dpv11.dll
08.09.2005 15:49 253.952 dpu11.dll
- Mast3r
- Beiträge: 468
- Registriert: 24.07.2005, 19:19
- Wohnort: egal
von Holy Marcell am 20.11.2005, 19:31
Es sind 4 (in worten: vier) Textdateien. Führe DatFindBat nocheinmal aus.
- Holy Marcell
von Mast3r am 20.11.2005, 19:38
20.11.2005 18:34 16.384 ~DF9515.tmp
20.11.2005 18:34 16.384 ~DF94FA.tmp
20.11.2005 18:34 512 ~DF9522.tmp
20.11.2005 18:34 16.384 ~DF94C1.tmp
20.11.2005 18:34 512 ~DF94D1.tmp
20.11.2005 18:34 16.384 ~DF94DF.tmp
20.11.2005 18:34 512 ~DF94EC.tmp
20.11.2005 18:34 512 ~DF9507.tmp
20.11.2005 18:17 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}5168.html
20.11.2005 18:17 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}1190.html
20.11.2005 18:17 16.384 ~DFB99B.tmp
20.11.2005 18:17 16.384 ~DFB2C4.tmp
20.11.2005 18:17 512 ~DFB2D1.tmp
20.11.2005 18:16 32.768 ~DF76C2.tmp
20.11.2005 18:16 32.768 ~DFCADD.tmp
20.11.2005 16:41 16.384 ~DFB6CC.tmp
20.11.2005 16:41 16.384 ~DFAE2D.tmp
20.11.2005 16:28 32.768 ~DFD75C.tmp
20.11.2005 16:28 32.768 ~DFBF33.tmp
Verzeichnis von C:\WINDOWS
20.11.2005 18:17 787 setupapi.log
20.11.2005 18:16 0 0.log
20.11.2005 18:16 50 wiaservc.log
20.11.2005 18:16 159 wiadebug.log
20.11.2005 18:16 2.048 bootstat.dat
20.11.2005 17:24 32.622 SchedLgU.Txt
20.11.2005 11:28 192 winamp.ini
20.11.2005 11:03 2.033 hosts
20.11.2005 11:03 1.999 desktop.html
20.11.2005 11:03 28.672 tool2.exe
20.11.2005 11:03 66.064 kl.exe
20.11.2005 11:03 0 uniq
19.11.2005 11:58 34 cdplayer.ini
01.11.2005 16:54 45.056 NCUNINST.EXe
01.11.2005 16:54 649.691 draeger_streifen_full.scr
01.11.2005 16:53 40.960 NCLAUNCH.EXe
30.10.2005 13:30 26 neosetup.INI
28.10.2005 11:44 240 cod2demo.ini
25.10.2005 15:36 1.410.028 setupapi.log.0.old
29.09.2005 17:09 335 nsreg.dat
15.09.2005 17:43 18 xkal3Free.dat
06.09.2005 16:21 25 mixerdef.ini
Ist das jetzt das richtige???
20.11.2005 18:34 16.384 ~DF94FA.tmp
20.11.2005 18:34 512 ~DF9522.tmp
20.11.2005 18:34 16.384 ~DF94C1.tmp
20.11.2005 18:34 512 ~DF94D1.tmp
20.11.2005 18:34 16.384 ~DF94DF.tmp
20.11.2005 18:34 512 ~DF94EC.tmp
20.11.2005 18:34 512 ~DF9507.tmp
20.11.2005 18:17 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}5168.html
20.11.2005 18:17 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}1190.html
20.11.2005 18:17 16.384 ~DFB99B.tmp
20.11.2005 18:17 16.384 ~DFB2C4.tmp
20.11.2005 18:17 512 ~DFB2D1.tmp
20.11.2005 18:16 32.768 ~DF76C2.tmp
20.11.2005 18:16 32.768 ~DFCADD.tmp
20.11.2005 16:41 16.384 ~DFB6CC.tmp
20.11.2005 16:41 16.384 ~DFAE2D.tmp
20.11.2005 16:28 32.768 ~DFD75C.tmp
20.11.2005 16:28 32.768 ~DFBF33.tmp
Verzeichnis von C:\WINDOWS
20.11.2005 18:17 787 setupapi.log
20.11.2005 18:16 0 0.log
20.11.2005 18:16 50 wiaservc.log
20.11.2005 18:16 159 wiadebug.log
20.11.2005 18:16 2.048 bootstat.dat
20.11.2005 17:24 32.622 SchedLgU.Txt
20.11.2005 11:28 192 winamp.ini
20.11.2005 11:03 2.033 hosts
20.11.2005 11:03 1.999 desktop.html
20.11.2005 11:03 28.672 tool2.exe
20.11.2005 11:03 66.064 kl.exe
20.11.2005 11:03 0 uniq
19.11.2005 11:58 34 cdplayer.ini
01.11.2005 16:54 45.056 NCUNINST.EXe
01.11.2005 16:54 649.691 draeger_streifen_full.scr
01.11.2005 16:53 40.960 NCLAUNCH.EXe
30.10.2005 13:30 26 neosetup.INI
28.10.2005 11:44 240 cod2demo.ini
25.10.2005 15:36 1.410.028 setupapi.log.0.old
29.09.2005 17:09 335 nsreg.dat
15.09.2005 17:43 18 xkal3Free.dat
06.09.2005 16:21 25 mixerdef.ini
Ist das jetzt das richtige???
- Mast3r
- Beiträge: 468
- Registriert: 24.07.2005, 19:19
- Wohnort: egal
von Holy Marcell am 20.11.2005, 19:47
Bitte editiere deinen letzten Post nocmal:
Ich brauche alle 4 Logfiles.
Ich brauche alle 4 Logfiles.
- Holy Marcell
von Mast3r am 20.11.2005, 19:49
Verzeichnis von C:\
20.11.2005 18:49 0 sys.txt
20.11.2005 18:49 4.183 system.txt
20.11.2005 18:49 881 systemtemp.txt
20.11.2005 18:49 95.599 system32.txt
20.11.2005 18:16 1.610.612.736 pagefile.sys
20.11.2005 11:03 28.672 winstall.exe
17.09.2005 12:50 13.030 PDOXUSRS.NET
08.09.2005 17:26 192 Delapp.bat
20.11.2005 18:49 0 sys.txt
20.11.2005 18:49 4.183 system.txt
20.11.2005 18:49 881 systemtemp.txt
20.11.2005 18:49 95.599 system32.txt
20.11.2005 18:16 1.610.612.736 pagefile.sys
20.11.2005 11:03 28.672 winstall.exe
17.09.2005 12:50 13.030 PDOXUSRS.NET
08.09.2005 17:26 192 Delapp.bat
- Mast3r
- Beiträge: 468
- Registriert: 24.07.2005, 19:19
- Wohnort: egal
von Nikita am 20.11.2005, 20:19
Hallo@Mast3r
Information:
http://virus-protect.net/artikel/spyware/secure_32.html
---------------------------------------------------------------------------------------
Gehe in die registry
Start-->ausfuehren--> regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"Wallpaper" = "C:\WINDOWS\desktop.html" ---loeschen
-----------------------------------------------------------------------------------------------------------
KILLBOX - Pocket KillBox
http://virus-protect.net/killbox.html
Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
C:\winstall.exe
C:\WINDOWS\hosts
C:\WINDOWS\desktop.html
C:\WINDOWS\tool2.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\uniq
C:\WINDOWS\system32\lhacm.acm
PC neustarten
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
PC neustarten
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fix.reg" auf dem Desktop doppelklicken.
scanne mit Panda und poste den Scanreport
http://virus-protect.net/onlinescan.html
Information:
http://virus-protect.net/artikel/spyware/secure_32.html
---------------------------------------------------------------------------------------
Gehe in die registry
Start-->ausfuehren--> regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"Wallpaper" = "C:\WINDOWS\desktop.html" ---loeschen
-----------------------------------------------------------------------------------------------------------
KILLBOX - Pocket KillBox
http://virus-protect.net/killbox.html
Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
C:\winstall.exe
C:\WINDOWS\hosts
C:\WINDOWS\desktop.html
C:\WINDOWS\tool2.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\uniq
C:\WINDOWS\system32\lhacm.acm
PC neustarten
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
PC neustarten
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoViewContextMenu"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoViewContextMenu"=-
"NoActiveDesktop"=-
"ForceActiveDesktopOn"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
"NoComponents"=-
"NoAddingComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoHTMLWallpaper"=-
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fix.reg" auf dem Desktop doppelklicken.
scanne mit Panda und poste den Scanreport
http://virus-protect.net/onlinescan.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Mast3r am 20.11.2005, 21:44
Hier der Scanreport:
Incident Status Location
Adware:Adware/SpySheriff No disinfected C:\!KillBox\desktop.html
Adware:Adware/SpySheriff No disinfected C:\Program Files\SpySheriff\Uninstall.exe
Danke du hast mir sehr geholfen! Ist denn alles jetzt wieder in Ordnung?
Incident Status Location
Adware:Adware/SpySheriff No disinfected C:\!KillBox\desktop.html
Adware:Adware/SpySheriff No disinfected C:\Program Files\SpySheriff\Uninstall.exe
Danke du hast mir sehr geholfen! Ist denn alles jetzt wieder in Ordnung?
- Mast3r
- Beiträge: 468
- Registriert: 24.07.2005, 19:19
- Wohnort: egal
von Nikita am 20.11.2005, 21:57
loesche:
C:\!KillBox
C:\Program Files\SpySheriff
dann ist wieder alle o.k.
C:\!KillBox
C:\Program Files\SpySheriff
dann ist wieder alle o.k.
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Schwede am 06.03.2008, 16:52
Bei mir tritt das Problem auch auf.
Da ich noch nicht so erfahren mit dem Computer bin habe ich den oberen Ablauf nicht ganz verfolgen können
Kann mir bitte jemand helfen?
Da ich noch nicht so erfahren mit dem Computer bin habe ich den oberen Ablauf nicht ganz verfolgen können
Kann mir bitte jemand helfen?
- Schwede
- Beiträge: 6
- Registriert: 06.03.2008, 16:45
16 Beiträge • Seite 1 von 2 • 1, 2
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste