Hallo erstmal!
Mein Antivir hat beim letzten suchlauf folgende viren gefunden:
Beginne mit der Suche in 'C:\'
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Dokumente und Einstellungen\Dima\Lokale Einstellungen\Temp\IXP000.TMP\DNA_SE~1.EXE
[FUND] Ist das Trojanische Pferd TR/Agent.1276102
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45e3d064.qua' verschoben!
C:\Dokumente und Einstellungen\Dima\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CH01KWJ4\test[1].htm
[FUND] Enthält Signatur des Java-Scriptvirus JS/Dldr.IstBar.N
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4615d18a.qua' verschoben!
C:\WINDOWS\system32\server.exe
[FUND] Ist das Trojanische Pferd TR/Agent.1276102
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4614d7f3.qua' verschoben!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\' <C:\>
Der zu durchsuchende Pfad D:\ konnte nicht gefunden werden!
Das Gerät ist nicht bereit.
Kann mir vielleicht jemand bei der beseitigung helfen?
Danke
Dee
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
bitte um hilfe bei trojaner
11 Beiträge • Seite 1 von 1
von Ariczzz am 09.01.2007, 18:28
also nach anti-vir sind die dateien jetzt in quarantäne..
erstelle bitte ein hijackthis-logfile(siehe signatur) und stelle es hier rein!
erstelle bitte ein hijackthis-logfile(siehe signatur) und stelle es hier rein!
- Ariczzz
- Mitarbeiter
- Beiträge: 1634
- Registriert: 06.09.2006, 16:23
- Wohnort: Niederndodeleben
von DeeKay am 10.01.2007, 15:27
Logfile of HijackThis v1.99.1
Scan saved at 14:29:24, on 10.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Desktop Sidebar\dsidebar.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
C:\WINDOWS\ISW\netcol.dsl\signup\Tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Dima\Desktop\Files\Other\Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetcologne.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von NetCologne
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Programme\Desktop Sidebar\dsidebar.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.internetcologne.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AC3A22F-8D07-458C-BF0B-7DE1BBE67A1B}: NameServer = 81.173.194.68 213.168.112.60
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
Scan saved at 14:29:24, on 10.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Desktop Sidebar\dsidebar.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
C:\WINDOWS\ISW\netcol.dsl\signup\Tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Dima\Desktop\Files\Other\Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetcologne.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von NetCologne
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Programme\Desktop Sidebar\dsidebar.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.internetcologne.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AC3A22F-8D07-458C-BF0B-7DE1BBE67A1B}: NameServer = 81.173.194.68 213.168.112.60
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
- DeeKay
- Beiträge: 40
- Registriert: 13.07.2006, 15:12
von DeeKay am 14.01.2007, 14:05
wird mir hier noch geholfen, oder muss ich mich woanders hinwenden um das problem zu beheben?
- DeeKay
- Beiträge: 40
- Registriert: 13.07.2006, 15:12
von d2k am 14.01.2007, 14:31
immer mit der ruhe.... 
zuerst:
stelle den CleanUp genauso ein, wie hier angegeben: (+ PC neustarten)
http://virus-protect.org/cleanup.html
und dann nochmal biite CleanUp laufen lassen und nochmal neustarten
Bist Du bei der NetCologne GmbH/ Ist das dein internetanbieter/benuttz du den als proxy?
Auf den Server wird dein internetverkehr umgeleitet..
Du hast ein bisschen spyware drauf..
Lade dir Adaware und spybot search&destroy, installiere es, mache Updates und scanne damit.
Poste jeweils die scanreports und lösche alles was gefunden wird!
adaware: http://www.chip.de/downloads/c1_downloads_13000824.html
spybot: http://www.spybot.info/en/
zuerst:
stelle den CleanUp genauso ein, wie hier angegeben: (+ PC neustarten)
http://virus-protect.org/cleanup.html
und dann nochmal biite CleanUp laufen lassen und nochmal neustarten
Bist Du bei der NetCologne GmbH/ Ist das dein internetanbieter/benuttz du den als proxy?
Auf den Server wird dein internetverkehr umgeleitet..
Du hast ein bisschen spyware drauf..
Lade dir Adaware und spybot search&destroy, installiere es, mache Updates und scanne damit.
Poste jeweils die scanreports und lösche alles was gefunden wird!
adaware: http://www.chip.de/downloads/c1_downloads_13000824.html
spybot: http://www.spybot.info/en/
- d2k
- Mitarbeiter a. D.
- Beiträge: 1399
- Registriert: 09.06.2006, 10:42
- Wohnort: 86316 Friedberg
von DeeKay am 14.01.2007, 20:11
Hallo,
Ja net cologne ist mein internetanbieter...leider weiss ich nciht was proxy ist und kann dir auf diese frage nicht antworten.
Wo finde ich denn das Logfile von Spybot wenn ich fertig mit scannen bin?
Ad-Aware SE Build 1.06r1
Logfile Created on:Sonntag, 14. Januar 2007 18:30:00
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R143 08.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):20 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
14.01.2007 18:30:00 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Dima\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 728
ThreadCreationTime : 14.01.2007 17:27:43
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 14.01.2007 17:27:44
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 14.01.2007 17:27:45
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 14.01.2007 17:27:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:5 [savedump.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 14.01.2007 17:27:46
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Programm zur Sicherung eines Abbilds
InternalName : savedump
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : savedump.exe
#:6 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 14.01.2007 17:27:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:7 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 14.01.2007 17:27:46
BasePriority : Normal
FileVersion : 6.14.10.4118
ProductVersion : 6.14.10.4118.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1348
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1588
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1816
ThreadCreationTime : 14.01.2007 17:27:48
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1980
ThreadCreationTime : 14.01.2007 17:27:48
BasePriority : Normal
FileVersion : 6.14.10.4118
ProductVersion : 6.14.10.4118.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 200
ThreadCreationTime : 14.01.2007 17:27:49
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
#:16 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0\bin\
ProcessID : 488
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
#:17 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 500
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 1, 0, 0, 18
ProductVersion : 1, 0, 0, 18
ProductName : Realtek HD Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek HD Audio Sound Manager
#:18 [alcwzrd.exe]
FilePath : C:\WINDOWS\
ProcessID : 508
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 1.1.0.24
ProductVersion : 1.1.0.24
ProductName : ALCWZRD
CompanyName : RealTek Semicoductor Corp.
FileDescription : RealTek AlcWzrd Application
InternalName : ALCWZRD.EXE
LegalCopyright : Copyright (C) 2003-2004 Realtek Semiconductor Corp.
OriginalFilename : ALCWZRD.EXE
Comments : 2005/07/26
#:19 [atiptaxx.exe]
FilePath : C:\Programme\ATI Technologies\ATI Control Panel\
ProcessID : 524
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 6.14.10.5160
ProductVersion : 6.14.10.5160
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2005 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:20 [datala~1.exe]
FilePath : C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\
ProcessID : 536
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 6, 41, 85, 8
ProductVersion : 6, 41
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright (c) 2004. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe
#:21 [avgnt.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 580
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
#:22 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:23 [dsidebar.exe]
FilePath : C:\Programme\Desktop Sidebar\
ProcessID : 608
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 1.05.116.0
ProductVersion : 1.05.116.0
ProductName : Desktop Sidebar
CompanyName : Idea2
FileDescription : Desktop Sidebar
InternalName : SIDEBAR
LegalCopyright : Copyright (C) 2006 Idea2. All rights reserved
OriginalFilename : DSIDEBAR.EXE
#:24 [servic~1.exe]
FilePath : C:\PROGRA~1\GEMEIN~1\PCSuite\Services\
ProcessID : 684
ThreadCreationTime : 14.01.2007 17:27:51
BasePriority : Normal
FileVersion : 6, 41, 20, 0
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2004 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe
#:25 [sched.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1324
ThreadCreationTime : 14.01.2007 17:27:57
BasePriority : Normal
#:26 [avguard.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1336
ThreadCreationTime : 14.01.2007 17:27:57
BasePriority : Normal
#:27 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 1548
ThreadCreationTime : 14.01.2007 17:28:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:28 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2448
ThreadCreationTime : 14.01.2007 17:28:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:29 [ad-aware.exe]
FilePath : C:\Programme\Ad-Aware SE Personal\
ProcessID : 3316
ThreadCreationTime : 14.01.2007 17:28:34
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:30 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3692
ThreadCreationTime : 14.01.2007 17:28:49
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe
#:31 [tray.exe]
FilePath : C:\WINDOWS\ISW\netcol.dsl\signup\
ProcessID : 2868
ThreadCreationTime : 14.01.2007 17:29:08
BasePriority : Normal
#:32 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3836
ThreadCreationTime : 14.01.2007 17:29:21
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@rambler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@rambler[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@statse.webtrendslive[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@tradedoubler[1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 26
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 26
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
18:34:23 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:22.766
Objects scanned:120480
Objects identified:6
Objects ignored:0
New critical objects:6
---------------------------------------------
Ja net cologne ist mein internetanbieter...leider weiss ich nciht was proxy ist und kann dir auf diese frage nicht antworten.
Wo finde ich denn das Logfile von Spybot wenn ich fertig mit scannen bin?
Ad-Aware SE Build 1.06r1
Logfile Created on:Sonntag, 14. Januar 2007 18:30:00
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R143 08.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):20 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
14.01.2007 18:30:00 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Dima\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1606980848-839522115-1801674531-1005\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 728
ThreadCreationTime : 14.01.2007 17:27:43
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 14.01.2007 17:27:44
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 14.01.2007 17:27:45
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 14.01.2007 17:27:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:5 [savedump.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 14.01.2007 17:27:46
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Programm zur Sicherung eines Abbilds
InternalName : savedump
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : savedump.exe
#:6 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 14.01.2007 17:27:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:7 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 14.01.2007 17:27:46
BasePriority : Normal
FileVersion : 6.14.10.4118
ProductVersion : 6.14.10.4118.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1348
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1588
ThreadCreationTime : 14.01.2007 17:27:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1816
ThreadCreationTime : 14.01.2007 17:27:48
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1980
ThreadCreationTime : 14.01.2007 17:27:48
BasePriority : Normal
FileVersion : 6.14.10.4118
ProductVersion : 6.14.10.4118.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 200
ThreadCreationTime : 14.01.2007 17:27:49
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
#:16 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0\bin\
ProcessID : 488
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
#:17 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 500
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 1, 0, 0, 18
ProductVersion : 1, 0, 0, 18
ProductName : Realtek HD Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek HD Audio Sound Manager
#:18 [alcwzrd.exe]
FilePath : C:\WINDOWS\
ProcessID : 508
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 1.1.0.24
ProductVersion : 1.1.0.24
ProductName : ALCWZRD
CompanyName : RealTek Semicoductor Corp.
FileDescription : RealTek AlcWzrd Application
InternalName : ALCWZRD.EXE
LegalCopyright : Copyright (C) 2003-2004 Realtek Semiconductor Corp.
OriginalFilename : ALCWZRD.EXE
Comments : 2005/07/26
#:19 [atiptaxx.exe]
FilePath : C:\Programme\ATI Technologies\ATI Control Panel\
ProcessID : 524
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 6.14.10.5160
ProductVersion : 6.14.10.5160
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2005 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:20 [datala~1.exe]
FilePath : C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\
ProcessID : 536
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 6, 41, 85, 8
ProductVersion : 6, 41
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright (c) 2004. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe
#:21 [avgnt.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 580
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
#:22 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:23 [dsidebar.exe]
FilePath : C:\Programme\Desktop Sidebar\
ProcessID : 608
ThreadCreationTime : 14.01.2007 17:27:50
BasePriority : Normal
FileVersion : 1.05.116.0
ProductVersion : 1.05.116.0
ProductName : Desktop Sidebar
CompanyName : Idea2
FileDescription : Desktop Sidebar
InternalName : SIDEBAR
LegalCopyright : Copyright (C) 2006 Idea2. All rights reserved
OriginalFilename : DSIDEBAR.EXE
#:24 [servic~1.exe]
FilePath : C:\PROGRA~1\GEMEIN~1\PCSuite\Services\
ProcessID : 684
ThreadCreationTime : 14.01.2007 17:27:51
BasePriority : Normal
FileVersion : 6, 41, 20, 0
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2004 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe
#:25 [sched.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1324
ThreadCreationTime : 14.01.2007 17:27:57
BasePriority : Normal
#:26 [avguard.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1336
ThreadCreationTime : 14.01.2007 17:27:57
BasePriority : Normal
#:27 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 1548
ThreadCreationTime : 14.01.2007 17:28:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:28 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2448
ThreadCreationTime : 14.01.2007 17:28:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:29 [ad-aware.exe]
FilePath : C:\Programme\Ad-Aware SE Personal\
ProcessID : 3316
ThreadCreationTime : 14.01.2007 17:28:34
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:30 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3692
ThreadCreationTime : 14.01.2007 17:28:49
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe
#:31 [tray.exe]
FilePath : C:\WINDOWS\ISW\netcol.dsl\signup\
ProcessID : 2868
ThreadCreationTime : 14.01.2007 17:29:08
BasePriority : Normal
#:32 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3836
ThreadCreationTime : 14.01.2007 17:29:21
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@rambler[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@rambler[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@statse.webtrendslive[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dima@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\Dima\Cookies\dima@tradedoubler[1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 26
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 26
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26
18:34:23 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:22.766
Objects scanned:120480
Objects identified:6
Objects ignored:0
New critical objects:6
---------------------------------------------
- DeeKay
- Beiträge: 40
- Registriert: 13.07.2006, 15:12
von d2k am 14.01.2007, 21:08
wenn dann da die Probleme stehen:
Rechtsklick auf weiße Fläche -> Ergebnisse in datei speichern
Dann kannst du dort den Scanreport speichern und dden Scanreport hierein kopieren
Adaware hat nichts bedrohliches gefunden, nur ein paar cookies, die aber CleanUp aufräumt
Rechtsklick auf weiße Fläche -> Ergebnisse in datei speichern
Dann kannst du dort den Scanreport speichern und dden Scanreport hierein kopieren
Adaware hat nichts bedrohliches gefunden, nur ein paar cookies, die aber CleanUp aufräumt
- d2k
- Mitarbeiter a. D.
- Beiträge: 1399
- Registriert: 09.06.2006, 10:42
- Wohnort: 86316 Friedberg
von DeeKay am 15.01.2007, 03:06
Es scheinen jetzt alle viren entfernt zu sein...das problem weswegen ich mich an euch gewebdet hab ist dadurch irgndwie trotzdem nicht behoben...
mein pc geht sehr oft einfach so aus und fährt wieder neu hoch und dann kann ich erstmal die ersten 5 minuten lang nicht mit dem internet verbinden weil der zugriff verweigert wird....das passiert meistens wenn irgendwelche internetseiten geladen werden...er ist aber auch schon durch einfaches verbinden mit dem internet ausgegangen...
kannst du mir vielleicht sagen was das sein könnte und wie ich es wegkriege?
danke
kann man einen trojaner bekommen wenn man einfach nur auf ne internetseite geht?
Hab die logs gefunden
hier sind die ersten reporte
14.01.2007 18:53:45 - ##### check started #####
14.01.2007 18:53:45 - ### Version: 1.4
14.01.2007 18:53:45 - ### Date: 14.01.2007 18:53:45
14.01.2007 18:53:45 - ##### checking bots #####
14.01.2007 18:55:00 - found: Freeze Programm-Verzeichnis
14.01.2007 18:55:00 - found: Freeze Daten
14.01.2007 18:55:00 - found: Freeze Verknüpfung
14.01.2007 18:55:00 - found: Freeze Daten
14.01.2007 18:55:00 - found: Freeze Verknüpfung
14.01.2007 18:55:00 - found: Freeze Daten
14.01.2007 18:55:00 - found: Freeze Verknüpfung
14.01.2007 18:55:03 - found: Microsoft.Windows.Security.InternetExplorer Einstellungen
14.01.2007 18:55:03 - found: Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify Einstellungen
14.01.2007 18:55:03 - found: Microsoft.WindowsSecurityCenter.FirewallDisableNotify Einstellungen
14.01.2007 18:55:49 - ##### check finished #####
--------------------
--- Report generated: 2007-01-14 18:55 ---
Systemdienst-Überprüfung.: Die Datei Services.sbs fehlt. Bitte benutzen Sie das Update, um sie zu erhalten. ()
Freeze: Programm-Verzeichnis (Verzeichnis, nothing done)
C:\Programme\Free Offers from Freeze.com\
Freeze: Daten (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\registryCleaner.ico
Freeze: Verknüpfung (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\registryCleaner.url
Freeze: Daten (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\wfallsaw.ico
Freeze: Verknüpfung (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\wfallsaw.url
Freeze: Daten (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\whalesico.ico
Freeze: Verknüpfung (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\whalesico.url
Microsoft.Windows.Security.InternetExplorer: Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-21-1606980848-839522115-1801674531-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Dialer.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
--- Report generated: 2007-01-14 19:09 ---
Freeze: Programm-Verzeichnis (Verzeichnis, fixed)
C:\Programme\Free Offers from Freeze.com\
Freeze: Daten (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\registryCleaner.ico
Freeze: Verknüpfung (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\registryCleaner.url
Freeze: Daten (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\wfallsaw.ico
Freeze: Verknüpfung (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\wfallsaw.url
Freeze: Daten (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\whalesico.ico
Freeze: Verknüpfung (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\whalesico.url
Microsoft.Windows.Security.InternetExplorer: Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_USERS\S-1-5-21-1606980848-839522115-1801674531-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Fake.Wget: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_USERS\S-1-5-21-1606980848-839522115-1801674531-1005\Software\Wget
Fake.Wget: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Wget
DoubleClick: Verfolgender Cookie (Internet Explorer: Dima) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-12 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-01-12 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-01-12 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-01-12 Includes\KeyloggersC.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-01-12 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2007-01-12 Includes\PUPSC.sbi (*)
2007-01-12 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-01-12 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2007-01-12 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2007-01-12 Includes\TrojansC.sbi (*)
mein pc geht sehr oft einfach so aus und fährt wieder neu hoch und dann kann ich erstmal die ersten 5 minuten lang nicht mit dem internet verbinden weil der zugriff verweigert wird....das passiert meistens wenn irgendwelche internetseiten geladen werden...er ist aber auch schon durch einfaches verbinden mit dem internet ausgegangen...
kannst du mir vielleicht sagen was das sein könnte und wie ich es wegkriege?
danke
kann man einen trojaner bekommen wenn man einfach nur auf ne internetseite geht?
Hab die logs gefunden
hier sind die ersten reporte
14.01.2007 18:53:45 - ##### check started #####
14.01.2007 18:53:45 - ### Version: 1.4
14.01.2007 18:53:45 - ### Date: 14.01.2007 18:53:45
14.01.2007 18:53:45 - ##### checking bots #####
14.01.2007 18:55:00 - found: Freeze Programm-Verzeichnis
14.01.2007 18:55:00 - found: Freeze Daten
14.01.2007 18:55:00 - found: Freeze Verknüpfung
14.01.2007 18:55:00 - found: Freeze Daten
14.01.2007 18:55:00 - found: Freeze Verknüpfung
14.01.2007 18:55:00 - found: Freeze Daten
14.01.2007 18:55:00 - found: Freeze Verknüpfung
14.01.2007 18:55:03 - found: Microsoft.Windows.Security.InternetExplorer Einstellungen
14.01.2007 18:55:03 - found: Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify Einstellungen
14.01.2007 18:55:03 - found: Microsoft.WindowsSecurityCenter.FirewallDisableNotify Einstellungen
14.01.2007 18:55:49 - ##### check finished #####
--------------------
--- Report generated: 2007-01-14 18:55 ---
Systemdienst-Überprüfung.: Die Datei Services.sbs fehlt. Bitte benutzen Sie das Update, um sie zu erhalten. ()
Freeze: Programm-Verzeichnis (Verzeichnis, nothing done)
C:\Programme\Free Offers from Freeze.com\
Freeze: Daten (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\registryCleaner.ico
Freeze: Verknüpfung (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\registryCleaner.url
Freeze: Daten (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\wfallsaw.ico
Freeze: Verknüpfung (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\wfallsaw.url
Freeze: Daten (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\whalesico.ico
Freeze: Verknüpfung (Datei, nothing done)
C:\Programme\Free Offers from Freeze.com\whalesico.url
Microsoft.Windows.Security.InternetExplorer: Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-21-1606980848-839522115-1801674531-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Dialer.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
--- Report generated: 2007-01-14 19:09 ---
Freeze: Programm-Verzeichnis (Verzeichnis, fixed)
C:\Programme\Free Offers from Freeze.com\
Freeze: Daten (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\registryCleaner.ico
Freeze: Verknüpfung (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\registryCleaner.url
Freeze: Daten (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\wfallsaw.ico
Freeze: Verknüpfung (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\wfallsaw.url
Freeze: Daten (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\whalesico.ico
Freeze: Verknüpfung (Datei, fixed)
C:\Programme\Free Offers from Freeze.com\whalesico.url
Microsoft.Windows.Security.InternetExplorer: Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_USERS\S-1-5-21-1606980848-839522115-1801674531-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Fake.Wget: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_USERS\S-1-5-21-1606980848-839522115-1801674531-1005\Software\Wget
Fake.Wget: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Wget
DoubleClick: Verfolgender Cookie (Internet Explorer: Dima) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-12 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-01-12 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-01-12 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-01-12 Includes\KeyloggersC.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-01-12 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2007-01-12 Includes\PUPSC.sbi (*)
2007-01-12 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-01-12 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2007-01-12 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2007-01-12 Includes\TrojansC.sbi (*)
- DeeKay
- Beiträge: 40
- Registriert: 13.07.2006, 15:12
von DeeKay am 21.01.2007, 10:17
hallo!
ich will eigentlich ja nicht nerven
, aber ich hätt schon ganz gern gewusst ob man mir hier nochmal helfen kann.
mfg dee
ich will eigentlich ja nicht nerven
, aber ich hätt schon ganz gern gewusst ob man mir hier nochmal helfen kann.
mfg dee
- DeeKay
- Beiträge: 40
- Registriert: 13.07.2006, 15:12
11 Beiträge • Seite 1 von 1
Ähnliche Themen
| HILFE ALLE MEINE ORDNERBERECHTIGUNG SIND WEG HILFE BITTE Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Hilfe zu SpamNet von Cloudmark Forum: Software-Hilfe Autor: Anonymous Antworten: |
HILFE, mein Laptop ist und bleibt im Standy-Modus! Forum: Hardware-Hilfe Autor: anitram Antworten: |
Bluescreen-Hilfe Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
brauche BITTE mal ganz dringend hilfe!!! Forum: Software-Hilfe Autor: blue-sky Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste