Ergebnis 1 bis 4 von 4

Thema: viren + trojaner + spyware

  1. 23.02.2005, 09:45 #1
    uriel
    uriel ist offline
    Einsteiger
    Registriert seit
    16.02.2005
    Beiträge
    18

    viren + trojaner + spyware

    hallo war vor kurzen auch hier habt mir super geholfen

    hier habe ich ein größeres problem jemand den ich kenne hat folgendes problem:

    bazokka scanner:

    Code:
    ****************************************
Bazooka Scanner v1.13.02
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
support@kephyr.com
Log created 21:13:47.
OS: Windows NT 5.1
Database version: 2.220000
Database format version: 1.020000
Database date: 20040806
Current date: 2005-02-22 21:13


****************************************
Result when scanning:

MS Media Player GUID 404.888.000 
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

ShopNav 692.218.240 {CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
http://www.kephyr.com/spywarescanner/library/shopnav/index.phtml

****************************************
Auto start entries:
    C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
    C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l
    C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
    C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l
    C:\Dokumente und Einstellungen\Startmenü\Programme\Autostart\desktop.ini
    C:\Dokumente und Einstellungen\Startmenü\Programme\Autostart\PowerReg Scheduler V3.exe
    C:\Dokumente und Einstellungen\Startmenü\Programme\Autostart\desktop.ini
    C:\Dokumente und Einstellungen\Startmenü\Programme\Autostart\PowerReg Scheduler V3.exe

    Go here to analyse the startup entries and the associated files:
    http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
    Comm Driver		C:\WINDOWS\System32\Commh32.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Comm Driver

    ODBC BackUp		C:\WINDOWS\Inf\Oxpll.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ODBC BackUp

    QuickTime Task		"C:\Programme\QuickTime\qttask.exe" -atboottime
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

    nwiz		nwiz.exe /install
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

    NvMediaCenter		RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter

    NvCplDaemon		RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

    Microsoft DirectX		wuamgrd.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft DirectX

    KernelFaultCheck		%systemroot%\system32\dumprep 0 -k
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KernelFaultCheck

    AVGCtrl		"C:\Programme\AVPersonal\AVGNT.EXE" /min
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVGCtrl

    WinampAgent		"C:\Programme\Winamp\Winampa.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinampAgent

    C-Media Mixer		Mixer.exe /startup
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\C-Media Mixer

    Zone Labs Client		"C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Zone Labs Client

    SpybotSnD		"C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\SpybotSnD

    Microsoft DirectX		wuamgrd.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft DirectX

    SysPilot		C:\WINDOWS\System32\Fdxxl.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\SysPilot

    ODBC BackUp		C:\WINDOWS\System32\Fdxxl.exe
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ODBC BackUp

    MsnMsgr		"C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr

    CTFMON.EXE		C:\WINDOWS\System32\ctfmon.exe
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE

    Mozilla Quick Launch		"C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Mozilla Quick Launch

    Civ3GoldSetup.exe		C:\DOKUME~1\Desktop\CIV3GO~1.EXE /r
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Civ3GoldSetup.exe

    D2ProphecySetup.exe		C:\DOKUME~1\Desktop\D2PROP~1.EXE /r
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\D2ProphecySetup.exe

    CivilizationIIIGoldSetup.exe		C:\DOKUME~1\Desktop\CIVILI~1.EXE /r
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CivilizationIIIGoldSetup.exe


    Go here to analyse the run entries and the associated files:
    http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}	not set	C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{28929718-A6C6-4B2A-84BC-9A699B8DD72B}		C:\WINDOWS\System32\Q361015.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28929718-A6C6-4B2A-84BC-9A699B8DD72B}

{53707962-6F74-2D53-2644-206D7942484F}	not set	C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

{9EC953B3-58C6-4BAA-A677-7E86D5B853C5}	not set	C:\WINDOWS\System32\badlfk.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EC953B3-58C6-4BAA-A677-7E86D5B853C5}

{CE7C3CF0-4B15-11D1-ABED-709549C10000}	not set	C:\WINDOWS\System32\f98er24s8u.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}


****************************************
Toolbars:

{BC6895ED-149D-44FF-919D-706B5E788F3B}	C:\WINDOWS\System32\Q361015.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{BC6895ED-149D-44FF-919D-706B5E788F3B}

{0E592E01-F96B-41F5-AA89-550AEBCED501}	C:\WINDOWS\System32\Q361015.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0E592E01-F96B-41F5-AA89-550AEBCED501}

{8E718888-423F-11D2-876E-00A0C9082467}	C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{01E04581-4EEE-11D0-BFE9-00AA005B4383}	C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}	Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32

System error message: Das System kann die angegebene Datei nicht finden.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

{0E592E01-F96B-41F5-AA89-550AEBCED501}	C:\WINDOWS\System32\Q361015.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E592E01-F96B-41F5-AA89-550AEBCED501}

{01E04581-4EEE-11D0-BFE9-00AA005B4383}	C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383}	C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{4D5C8C25-D075-11d0-B416-00C04FB90376}	C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{30D02401-6A81-11D0-8274-00C04FD5AE38}	C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478}	C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E}	C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E}	C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

    System
    smss.exe
    csrss.exe
    winlogon.exe
    services.exe
    lsass.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    LEXBCES.EXE
    spoolsv.exe
    LEXPPS.EXE
    explorer.exe
    qttask.exe
    rundll32.exe
    AVGNT.EXE
    winampa.exe
    mixer.exe
    ctfmon.exe
    Netscp.exe
    Msshll.exe
    Scnex.exe
    Ad-Aware.exe
    AVGUARD.EXE
    AVWUPSRV.EXE
    nvsvc32.exe
    spywarescanner.exe

    Go here to analyse the running processes:
    http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

    Search    http://www.new-search.info/search.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search

        C:\WINDOWS\_hp.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\

    Default_Page_URL    http://0ml.net/cat
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Default_Search_URL    http://0ml.net/cat
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

    Local Page    C:\WINDOWS\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

    Search Bar    http://0ml.net/searchasst.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

    Search Page    http://0ml.net/cat
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

    Start Page    http://0ml.net/cat
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

        C:\WINDOWS\_sp.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\

    SearchAssistant    http://0ml.net/searchasst.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

    CustomizeSearch    http://www.new-search.info/search.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

        http://
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

    www    http://
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

    Search    http://www.new-search.info/search.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search

        C:\WINDOWS\_hp.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

    provider    
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

    Default_Page_URL    http://www.new-search.info/search.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Default_Search_URL    http://0ml.net/cat
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

    Local Page    C:\WINDOWS\System32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

    Search Bar    http://0ml.net/searchasst.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

    Search Page    http://0ml.net/cat
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

    Start Page    http://0ml.net/cat
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

    Use Search Asst    no
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

        C:\WINDOWS\_sp.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\

    SearchAssistant    http://0ml.net/searchasst.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

    CustomizeSearch    http://www.new-search.info/search.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

    Use My Stylesheet    1
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles\Use My Stylesheet


****************************************
    und ganz wichtig hijack.this

    Code:
    Logfile of HijackThis v1.99.0
Scan saved at 21:11:18, on 22.02.2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Winamp\Winampa.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\Msshll.exe
C:\WINDOWS\System32\Scnex.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.new-search.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0ml.net/cat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://0ml.net/searchasst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://0ml.net/cat
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://0ml.net/cat
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.new-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://0ml.net/searchasst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.new-search.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R3 - URLSearchHook: (no name) - {4C41BD0D-3CE6-423B-8957-818524394C10} - C:\WINDOWS\System32\Q361015.dll (file missing)
R3 - URLSearchHook: Richfind - {F377AF60-A4E9-4697-A6AB-0725E7C4B303} - C:\WINDOWS\System32\Q361015.dll (file missing)
O1 - Hosts: lala.com 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {28929718-A6C6-4B2A-84BC-9A699B8DD72B} - C:\WINDOWS\System32\Q361015.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9EC953B3-58C6-4BAA-A677-7E86D5B853C5} - C:\WINDOWS\System32\badlfk.dll (file missing)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\f98er24s8u.dll
O3 - Toolbar: (no name) - {BC6895ED-149D-44FF-919D-706B5E788F3B} - C:\WINDOWS\System32\Q361015.dll (file missing)
O3 - Toolbar: Richfind - {0E592E01-F96B-41F5-AA89-550AEBCED501} - C:\WINDOWS\System32\Q361015.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Comm Driver] C:\WINDOWS\System32\Commh32.exe
O4 - HKLM\..\Run: [ODBC BackUp] C:\WINDOWS\Inf\Oxpll.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\RunServices: [SysPilot] C:\WINDOWS\System32\Fdxxl.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ODBC BackUp] C:\WINDOWS\System32\Fdxxl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Civ3GoldSetup.exe] C:\DOKUME~1\ivica\Desktop\CIV3GO~1.EXE /r
O4 - HKCU\..\Run: [D2ProphecySetup.exe] C:\DOKUME~1\ivica\Desktop\D2PROP~1.EXE /r
O4 - HKCU\..\Run: [CivilizationIIIGoldSetup.exe] C:\DOKUME~1\ivica\Desktop\CIVILI~1.EXE /r
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Richfind - {0E592E01-F96B-41F5-AA89-550AEBCED501} - C:\WINDOWS\System32\Q361015.dll (file missing)
O9 - Extra button: (no name) - {BC6895ED-149D-44FF-919D-706B5E788F3B} - C:\WINDOWS\System32\Q361015.dll (file missing)
O9 - Extra button: Weight+Loss -  - http://new-search.info/s.php?qq=Weight+Loss (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Weight+Loss -  - http://new-search.info/s.php?qq=Weight+Loss (file missing) (HKCU)
O9 - Extra button: *** Pictures - {0234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/***.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: *** Pictures - {0234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/***.html (file missing) (HKCU)
O9 - Extra button: Craps Online Tour - {1234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Craps (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Craps Online Tour - {1234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Craps (file missing) (HKCU)
O9 - Extra button: Online Pharmacy 24h - {2234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Online+Pharmacy (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Online Pharmacy 24h - {2234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Online+Pharmacy (file missing) (HKCU)
O9 - Extra button: Remover Spyware - {3234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Spyware (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Remover Spyware - {3234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Spyware (file missing) (HKCU)
O9 - Extra button: Cash Advance - {4234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Cash+Advance (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Cash Advance - {4234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Cash+Advance (file missing) (HKCU)
O9 - Extra button: New Strip Poker - {6234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Poker (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: New Strip Poker - {6234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Poker (file missing) (HKCU)
O9 - Extra button: Free Viagra Video - {7234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Viagra (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Free Viagra Video - {7234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Viagra (file missing) (HKCU)
O9 - Extra button: *** Drug Soma - {8234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Soma (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: *** Drug Soma - {8234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Soma (file missing) (HKCU)
O9 - Extra button: Hair Loss - {9234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Hire+Loss (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Hair Loss - {9234f700-cba3-4071-b251-47cb894244cd} - http://new-search.info/s.php?qq=Hire+Loss (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    derjenige hatte keine firewall habe sämtliche programme in der systemsteuerung wie z. b. money casch gelöscht....
    habe mit spybot 100 spyware entfernt mit adware 1000 (übertrieben) entfernt ganz zu shweigen von den ganzen viren ........
    Geändert von uriel (23.02.2005 um 10:40 Uhr)
  2. 23.02.2005, 12:21 #2
    Speedy
    Speedy ist offline
    Moderator (global) Team-Mitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.540

    AW: viren + trojaner + spyware

    hi uriel

    zuerst windows-update auf sp2 durchführen, sonst können wir reinigen, reinigen und nochmal reinigen.
    wenn sp2 am rechner, neues logfile erstellen und hier posten
    lg
    www.Speedyweb.at.tf
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche forum und keinesfalls über privatnachrichten oder email !!
  3. 23.02.2005, 12:39 #3
    uriel
    uriel ist offline
    Einsteiger
    Registriert seit
    16.02.2005
    Beiträge
    18

    AW: viren + trojaner + spyware

    lach

    genau das ist das problem er hat eine kopie von xp
    ich weiß bin auch nicht gerade begeistert aber er hat es nun mal
  4. 23.02.2005, 23:49 #4
    Speedy
    Speedy ist offline
    Moderator (global) Team-Mitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.540

    AW: viren + trojaner + spyware

    hi
    damit wird der support eingestellt und der thread geschlossen.
    sag deinem freund: ca 100 € für winxp home und 150 € für winxp prof. sollte er schon zur verfügung haben.
    den internetanschluss muss er ja auch bezahlen.
    lg
    www.Speedyweb.at.tf
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche forum und keinesfalls über privatnachrichten oder email !!
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. viren + trojaner + spyware
    Von uriel im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 22.02.2005, 21:53
  2. Zwei Trojaner, wie kriege ich sie weg?
    Von Unregistriert im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 20.02.2005, 13:16
  3. festplatte formatiert - jetzt hab ich haufen würmern trojaner
    Von vpc32.exe im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 05.01.2005, 21:46
  4. Unafspührbarer Trojaner Oder "die Lebende Maus"
    Von Cornflakes im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 17.08.2004, 09:43
  5. Habe Glaube Ich Viren, Trojaner Oder Sonstwas...
    Von Guest im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 03.08.2004, 21:23

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  

Foren-Regeln