Computerhilfen.de Logo
Forum
Tipps
News

Wie sieht das für euch aus?

Ich hab bei mir am PC grundsätzlich PeerGuardian laufen, neuerdings finde ich in den Logfiles einen HTTP-Block, der sich irgendwie nach Malware anhört.
Kann mir jemand sagen was das ist:
AtrivoHell.CWS.BS.Hijackers|Malware Network
Ich hab keine Ahnung was das ist  ???
Hier ist mal ein Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:44:50, on 15.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
G:\Programme\FRITZ!DSL\IGDCTRL.EXE
G:\WINDOWS\system32\cisvc.exe
G:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
G:\Programme\DAEMON Tools\daemon.exe
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\Programme\ICQLite\ICQLite.exe
G:\Programme\FRITZ!DSL\FwebProt.exe
G:\Programme\FRITZ!DSL\StCenter.exe
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\Dokumente und Einstellungen\Friedrich\Desktop\procexp.exe
G:\WINDOWS\system32\cidaemon.exe
G:\Programme\Mozilla Firefox\firefox.exe
G:\Programme\PeerGuardian2\pg2.exe
G:\Programme\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWare.exe
G:\Programme\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareControl.exe
G:\Programme\Winamp\winamp.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\WINDOWS\system32\notepad.exe
G:\WINDOWS\system32\NOTEPAD.EXE
P:\Neu\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {74BBF187-E339-4C60-83BB-5C12EBF8665B} - G:\WINDOWS\system32\mljgd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F2EB7525-D005-484A-A0AA-3A9B5C68CE4D} - G:\WINDOWS\system32\pmnnkij.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "G:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "G:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "G:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "G:\WINDOWS\system32\clqukwgx.dll",setvm
O4 - HKLM\..\Run: [MSConfig] G:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Ashampoo AntiSpyWare Guard] G:\Programme\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] G:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: FRITZ!DSL Protect.lnk = G:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = G:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with NetPumper - G:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - K:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - K:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {D3BFC6A3-52F5-4E98-93A8-51F23DC52163} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {D3BFC6A3-52F5-4E98-93A8-51F23DC52163} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Fritz
O17 - HKLM\Software\..\Telephony: DomainName = Fritz
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4EBCE33-ED75-4A8A-96EE-A18187C54F0E}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Fritz
O20 - Winlogon Notify: mljgd - G:\WINDOWS\system32\mljgd.dll
O20 - Winlogon Notify: pmnnkij - G:\WINDOWS\SYSTEM32\pmnnkij.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - G:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - G:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NBService - Nero AG - G:\Programme\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - G:\Programme\WinPcap\rpcapd.exe
____________________________________________________________

Könnt ihr mir sagen wie es um mein System steht?
Ist es noch zu Retten, oder ein TOTALSCHADEN?

Vielen Dank schon mal.
 



Antworten zu Wie sieht das für euch aus?:

Hallo,
nunja,....Totalschaden scheint mir übertrieben...
Aber eine umfassende generalüberholung ist dringend notwendig.Auch die Trennung von diverser Software ist in meinen Augen nötig... ::)
Beginne damit dir das  per Google zu suchen 

Zitat
Virtumundo Removal Tool v1.2 (oder höher):
Danach führst du das aus :http://www.trojaner-board.de/28388-anleitung-zur-swizzor-entfernung.html
Soweit es eben geht....
Dann postest du bitte ein neues Log .
Verwende dazu nicht die "Trend Micro Betaversion" von Hijackthis  ::)
Auch ein Durchlauf mit "Silentrunner" > Google fragen,solltest du veranlassen.
Lasse mich zu den verschiedenen Aufgaben,die Log`s sehen und berichte.
Sir Reklov

also silentrunner funktioniert nicht ???
"Der Zugriff auf den Windows Script Host wurde für diesen Computer deaktivert. Wenden sie sich an ihren Administrator....

Virtumundo Removal Tool v1.5 habe ich laufen lassen, hier der Log:

[03/15/2007, 20:37:56] - VirtumundoBeGone v1.5 ( "P:\Neu\Antivirus\VirtumundoBeGone.exe" )
[03/15/2007, 20:38:03] - Detected System Information:
[03/15/2007, 20:38:03] -  Windows Version: 5.1.2600, Service Pack 2
[03/15/2007, 20:38:03] -  Current Username: Friedrich (Admin)
[03/15/2007, 20:38:03] -  Windows is in NORMAL mode.
[03/15/2007, 20:38:03] - Searching for Browser Helper Objects:
[03/15/2007, 20:38:04] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/15/2007, 20:38:04] -  BHO 2: {74BBF187-E339-4C60-83BB-5C12EBF8665B} ()
[03/15/2007, 20:38:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2007, 20:38:04] -  Checking for HKLM\...\Winlogon\Notify\mljgd
[03/15/2007, 20:38:04] -  Found: HKLM\...\Winlogon\Notify\mljgd - This is probably Virtumundo.
[03/15/2007, 20:38:04] -  Assigning {74BBF187-E339-4C60-83BB-5C12EBF8665B} MSEvents Object
[03/15/2007, 20:38:04] - BHO list has been changed! Starting over...
[03/15/2007, 20:38:04] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/15/2007, 20:38:04] -  BHO 2: {74BBF187-E339-4C60-83BB-5C12EBF8665B} (MSEvents Object)
[03/15/2007, 20:38:04] - ALERT: Found MSEvents Object!
[03/15/2007, 20:38:04] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/15/2007, 20:38:04] -  BHO 4: {F2EB7525-D005-484A-A0AA-3A9B5C68CE4D} ()
[03/15/2007, 20:38:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/15/2007, 20:38:04] -  Checking for HKLM\...\Winlogon\Notify\pmnnkij
[03/15/2007, 20:38:04] -  Found: HKLM\...\Winlogon\Notify\pmnnkij - This is probably Virtumundo.
[03/15/2007, 20:38:04] -  Assigning {F2EB7525-D005-484A-A0AA-3A9B5C68CE4D} MSEvents Object
[03/15/2007, 20:38:04] - BHO list has been changed! Starting over...
[03/15/2007, 20:38:04] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/15/2007, 20:38:04] -  BHO 2: {74BBF187-E339-4C60-83BB-5C12EBF8665B} (MSEvents Object)
[03/15/2007, 20:38:04] - ALERT: Found MSEvents Object!
[03/15/2007, 20:38:04] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/15/2007, 20:38:04] -  BHO 4: {F2EB7525-D005-484A-A0AA-3A9B5C68CE4D} (MSEvents Object)
[03/15/2007, 20:38:04] - ALERT: Found MSEvents Object!
[03/15/2007, 20:38:04] - Finished Searching Browser Helper Objects
[03/15/2007, 20:38:04] - *** Detected MSEvents Object
[03/15/2007, 20:38:04] - Trying to remove MSEvents Object...
[03/15/2007, 20:38:05] -    Terminating Process: IEXPLORE.EXE
[03/15/2007, 20:38:06] -    Terminating Process: RUNDLL32.EXE
[03/15/2007, 20:38:06] -    Disabling Automatic Shell Restart
[03/15/2007, 20:38:06] -    Terminating Process: EXPLORER.EXE
[03/15/2007, 20:38:06] -    Suspending the NT Session Manager System Service
[03/15/2007, 20:38:06] -    Terminating Windows NT Logon/Logoff Manager
[03/15/2007, 20:38:53] -    Re-enabling Automatic Shell Restart
[03/15/2007, 20:38:53] -   File to disable: G:\WINDOWS\system32\mljgd.dll
[03/15/2007, 20:38:53] -  Renaming G:\WINDOWS\system32\mljgd.dll -> G:\WINDOWS\system32\mljgd.dll.vir
[03/15/2007, 20:38:53] - ! File rename was unsucessful.
[03/15/2007, 20:38:53] -  Attempting to Deny Access to G:\WINDOWS\system32\mljgd.dll
[03/15/2007, 20:38:54] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/15/2007, 20:38:54] -  ERROR: Zuordnungen von Kontennamen und Sicherheitskennungen wurden nicht durchgeführt.

[03/15/2007, 20:38:54] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/15/2007, 20:38:54] -   Removing HKLM\...\Browser Helper Objects\{74BBF187-E339-4C60-83BB-5C12EBF8665B}
[03/15/2007, 20:38:54] -   Removing HKCR\CLSID\{74BBF187-E339-4C60-83BB-5C12EBF8665B}
[03/15/2007, 20:38:54] -   Adding Kill Bit for ActiveX for GUID: {74BBF187-E339-4C60-83BB-5C12EBF8665B}
[03/15/2007, 20:38:54] -   Deleting ATLEvents/MSEvents Registry entries
[03/15/2007, 20:38:54] -   Removing HKLM\...\Winlogon\Notify\mljgd
[03/15/2007, 20:38:54] - Searching for Browser Helper Objects:
[03/15/2007, 20:38:54] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/15/2007, 20:38:54] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/15/2007, 20:38:54] -  BHO 3: {F2EB7525-D005-484A-A0AA-3A9B5C68CE4D} (MSEvents Object)
[03/15/2007, 20:38:54] - ALERT: Found MSEvents Object!
[03/15/2007, 20:38:54] - Finished Searching Browser Helper Objects
[03/15/2007, 20:38:54] - *** Detected MSEvents Object
[03/15/2007, 20:38:55] - Trying to remove MSEvents Object...
[03/15/2007, 20:38:56] -    Terminating Process: IEXPLORE.EXE
[03/15/2007, 20:38:56] -    Terminating Process: RUNDLL32.EXE

[03/15/2007, 20:40:23] - VirtumundoBeGone v1.5 ( "P:\Neu\Antivirus\VirtumundoBeGone.exe" )
[03/15/2007, 20:40:39] - Detected System Information:
[03/15/2007, 20:40:39] -  Windows Version: 5.1.2600, Service Pack 2
[03/15/2007, 20:40:39] -  Current Username: Friedrich (Admin)
[03/15/2007, 20:40:39] -  Windows is in NORMAL mode.
[03/15/2007, 20:40:39] - Searching for Browser Helper Objects:
[03/15/2007, 20:40:39] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/15/2007, 20:40:39] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/15/2007, 20:40:39] -  BHO 3: {F2EB7525-D005-484A-A0AA-3A9B5C68CE4D} (MSEvents Object)
[03/15/2007, 20:40:39] - ALERT: Found MSEvents Object!
[03/15/2007, 20:40:39] - Finished Searching Browser Helper Objects
[03/15/2007, 20:40:39] - *** Detected MSEvents Object
[03/15/2007, 20:40:39] - Trying to remove MSEvents Object...
[03/15/2007, 20:40:40] -    Terminating Process: IEXPLORE.EXE
[03/15/2007, 20:40:40] -    Terminating Process: RUNDLL32.EXE
[03/15/2007, 20:40:40] -    Disabling Automatic Shell Restart
[03/15/2007, 20:40:40] -    Terminating Process: EXPLORER.EXE
[03/15/2007, 20:40:41] -    Suspending the NT Session Manager System Service
[03/15/2007, 20:40:41] -    Terminating Windows NT Logon/Logoff Manager
[03/15/2007, 20:43:09] -    Re-enabling Automatic Shell Restart
[03/15/2007, 20:43:09] -   File to disable: G:\WINDOWS\system32\pmnnkij.dll
[03/15/2007, 20:43:09] -  Renaming G:\WINDOWS\system32\pmnnkij.dll -> G:\WINDOWS\system32\pmnnkij.dll.vir
[03/15/2007, 20:43:09] -  File successfully renamed!
[03/15/2007, 20:43:09] -   Removing HKLM\...\Browser Helper Objects\{F2EB7525-D005-484A-A0AA-3A9B5C68CE4D}
[03/15/2007, 20:43:09] -   Removing HKCR\CLSID\{F2EB7525-D005-484A-A0AA-3A9B5C68CE4D}
[03/15/2007, 20:43:09] -   Adding Kill Bit for ActiveX for GUID: {F2EB7525-D005-484A-A0AA-3A9B5C68CE4D}
[03/15/2007, 20:43:09] -   Deleting ATLEvents/MSEvents Registry entries
[03/15/2007, 20:43:09] -   Removing HKLM\...\Winlogon\Notify\pmnnkij
[03/15/2007, 20:43:09] - Searching for Browser Helper Objects:
[03/15/2007, 20:43:09] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/15/2007, 20:43:09] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/15/2007, 20:43:09] - Finished Searching Browser Helper Objects
[03/15/2007, 20:43:09] - Finishing up...
[03/15/2007, 20:43:09] - A restart is needed.
[03/15/2007, 20:45:23] - Attempting to Restart via STOP error (Blue Screen!)

Habe das Tool nach dem Restart noch einmal ausgeführt, dieses Mal wurde nix gefunden...

Muss noch einen Post verfassen weil ich über die 10k Zeichengrenze komme, wenn ich die ganzen Logs Poste

Jetzt noch ein Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 21:19:51, on 15.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
G:\Programme\FRITZ!DSL\IGDCTRL.EXE
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\cisvc.exe
G:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
G:\Programme\DAEMON Tools\daemon.exe
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\Programme\ICQLite\ICQLite.exe
G:\Programme\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
G:\Programme\FRITZ!DSL\FwebProt.exe
G:\Programme\FRITZ!DSL\StCenter.exe
G:\Programme\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareControl.exe
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\Programme\Winamp\winamp.exe
G:\Programme\Mozilla Firefox\firefox.exe
G:\Dokumente und Einstellungen\Friedrich\Desktop\procexp.exe
G:\WINDOWS\system32\cidaemon.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\WINDOWS\system32\NOTEPAD.EXE
C:\Wichtige Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVMixerTray] "G:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "G:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ICQ Lite] "G:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "G:\WINDOWS\system32\clqukwgx.dll",setvm
O4 - HKLM\..\Run: [Ashampoo AntiSpyWare Guard] G:\Programme\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] G:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: FRITZ!DSL Protect.lnk = G:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = G:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://G:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with NetPumper - G:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - K:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - K:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {D3BFC6A3-52F5-4E98-93A8-51F23DC52163} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {D3BFC6A3-52F5-4E98-93A8-51F23DC52163} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O10 - Unknown file in Winsock LSP: g:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: g:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: g:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: g:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: g:\programme\fritz!dsl\sarah.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Fritz
O17 - HKLM\Software\..\Telephony: DomainName = Fritz
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4EBCE33-ED75-4A8A-96EE-A18187C54F0E}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Fritz
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVM IGD CTRL Service - AVM Berlin - G:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - G:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NBService - Nero AG - G:\Programme\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


Das entfernen von swizzor war irgendwie nicht möglich, das keiner der in der Anleitung erklärtern Schritte Möglich war (Netpumper war schon deinstalliert, Tasks waren keine vorhanden...)


Könntest du mir vll noch sagen, was du damit meinst

Zitat
Auch die Trennung von diverser Software ist in meinen Augen nötig...

So ich hoffe ich hab nix vergessen   ;)

Danke

Fritz
 

Hallo,
 

Zitat
Der Zugriff auf den Windows Script Host wurde für diesen Computer deaktivert

Das kommt daher und wäre für mich persönlich die erste Software die "fliegt"... ;D

 
Zitat
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {D3BFC6A3-52F5-4E98-93A8-51F23DC52163} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {D3BFC6A3-52F5-4E98-93A8-51F23DC52163} - G:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
Das Programm verhindert den "Silentrunner" ::)
Wenn du es runterschubsen willst,vergiss auf keinen Fall vorher alles auf "den alten Zusatnd wiederherstellen" oder sinngemäß,zu stellen.Das Programm "haut sonst ab und läßt seine Registryänderungen da... 8)
Hier solltest du es finden :
Zitat
G:\Programme\xp-AntiSpy

Das hier fixen,damit du nicht mehr in Versuchung gerätst...
 
Zitat
O8 - Extra context menu item: Download with NetPumper - G:\Programme\NetPumper\AddUrl.htm

Über einen Eintrag muß ich mir erst noch im Klaren sein...

Aber ein aktiver Scanner ist genug,zwei finden nicht mehr sondern behindern sich gegenseitig bis zum Absturz >Zickenkrieg... ;D
Sir Reklov

Eigentlich finde ich xp-AntiSpy ganz nett, weil mich die Fehlerbericht erstatten Fenster nerven...
Hab einfach mal Windows Script Host wieder erlaubt, und silentrunner laufen lassen, das volle Programm mit Supplemantary search :)
Hier der Log:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
 

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "G:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"NVMixerTray" = ""G:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"]
"DAEMON Tools" = ""G:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"KernelFaultCheck" = "G:\WINDOWS\system32\dumprep 0 -k"
"ATICCC" = ""G:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"ICQ Lite" = ""G:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."]
"2chkdsk" = "rundll32.exe "G:\WINDOWS\system32\clqukwgx.dll",setvm" [MS]
"Ashampoo AntiSpyWare Guard" = "G:\Programme\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "G:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" [file not found]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "G:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "G:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "G:\Programme\WinRAR\rarext.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "G:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "G:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "G:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "G:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "G:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
  -> {HKLM...CLSID} = "SimpleShlExt Class"
                   \InProcServer32\(Default) = "G:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
  -> {HKLM...CLSID} = "Siemens Device"
                   \InProcServer32\(Default) = "G:\Programme\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string]
"{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
  -> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"
                   \InProcServer32\(Default) = "G:\Programme\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string]
"{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device PropertySheetHandlers"
  -> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"
                   \InProcServer32\(Default) = "G:\Programme\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
  -> {HKLM...CLSID} = "MCLiteShellExt Class"
                   \InProcServer32\(Default) = "G:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
  -> {HKLM...CLSID} = "a-squared Free Context Menu"
                   \InProcServer32\(Default) = "G:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                   \InProcServer32\(Default) = "G:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "G:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "G:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "G:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
  -> {HKLM...CLSID} = "MCLiteShellExt Class"
                   \InProcServer32\(Default) = "G:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "G:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "G:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
  -> {HKLM...CLSID} = "MCLiteShellExt Class"
                   \InProcServer32\(Default) = "G:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "G:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "G:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
  -> {HKLM...CLSID} = "a-squared Free Context Menu"
                   \InProcServer32\(Default) = "G:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "G:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "G:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
  -> {HKLM...CLSID} = "a-squared Free Context Menu"
                   \InProcServer32\(Default) = "G:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "G:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "G:\Dokumente und Einstellungen\Friedrich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "G:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Friedrich" & "All Users" startup folders:
-----------------------------------------------------------

G:\Dokumente und Einstellungen\Friedrich\Startmenü\Programme\Autostart
"FRITZ!DSL Protect" -> shortcut to: "G:\Programme\FRITZ!DSL\FwebProt.exe" ["AVM Berlin"]
"FRITZ!DSL Startcenter" -> shortcut to: "G:\Programme\FRITZ!DSL\StCenter.exe" ["AVM Berlin"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "G:\Programme\FRITZ!DSL\sarah.dll" ["AVM Berlin"]
000000000005\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
G:\Programme\FRITZ!DSL\sarah.dll ["AVM Berlin"], 01 - 03, 09
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 38
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9}"
  -> {HKLM...CLSID} = "Morpheus Toolbar"
                   \InProcServer32\(Default) = "G:\Programme\MorpheusBar\bar\1.bin\MORPHBAR.DLL" [file not found]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9}"
  -> {HKLM...CLSID} = "Morpheus Toolbar"
                   \InProcServer32\(Default) = "G:\Programme\MorpheusBar\bar\1.bin\MORPHBAR.DLL" [file not found]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{EEF9A392-5B23-4761-ADC0-E3D681707BBA}\(Default) = "Morpheus PopSwatter"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "G:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{D3BFC6A3-52F5-4E98-93A8-51F23DC52163}\
"ButtonText" = "Klicke hier um das Projekt xp-AntiSpy zu unterstützen"
"MenuText" = "Unterstützung für xp-AntiSpy"
"Exec" = "G:\Programme\xp-AntiSpy\sponsoring\sponsor.html" [null data]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                   \InProcServer32\(Default) = "G:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                   \InProcServer32\(Default) = "G:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "K:\Programme\PartyGaming\PartyPoker\RunApp.exe" [empty string]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "G:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "G:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Programme\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVM IGD CTRL Service, AVM IGD CTRL Service, "G:\Programme\FRITZ!DSL\IGDCTRL.EXE" ["AVM Berlin"]
Bluetooth Support Service, BthServ, "G:\WINDOWS\system32\svchost.exe -k bthsvcs" {"G:\WINDOWS\System32\bthserv.dll" [MS]}
Machine Debug Manager, MDM, ""G:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
CutePDF Writer Monitor\Driver = "cpwmon2k.dll" [null data]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 217 seconds.
---------- (total run time: 284 seconds)


Tut mir leid, dass ich spamme  :-[ aber die 10.000 Zeichen reichen einfach nicht ;)
Könntet ihr nicht 25.000 Zeichen erlauben?

Hallo,

google nach "alle Dateien sichtbar machen".
Du wirst eine Anleitung finden,folge ihr.
Google nach "wie man Dateien richtig sucht".
Auch dort wirst du eine Anleitung finden.
Diesem Eintrag spürst du nach :
 

Zitat
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "G:\WINDOWS\system32\clqukwgx.dll",setvm

Das ist der Pfad dorthin :
Zitat
G:\WINDOWS\system32
suche dort diese "clqukwgx" lösche alles was sich dazu findet.
Danach kontrolle durch >Start > suchen > gib ein  
Zitat
clqukwgx.dll",setvm
Sollte noch was gefunden werden-löschen.

Allgemein könnte deine Kiste etwas schneller laufen,wenn du nicht alles und jedes doppelt absicherst... ;D
Dein Router nach dem hoffentlich vorhanden Handbuch eingestellt,dazu einen Virenscanner (Avast und den Überschuß ins Datennirvana... 8)

 
Zitat
G:\Programme\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
 

Du hast den "Peer Guardian" am laufen ?
Wäre auch überflüssig...
Sir Reklov

Hallo,

das sieht gut aus.....
Mal was zu lesen :http://www.derfisch.de/warum-ich-xp-antispy-nicht-mag.html
 8)
Nach meinem Dafürhalten ist deine Kiste jetzt ok.
Das hier habe ich noch nicht gegoogelt,kennst du das ?weißt du wofür es gebraucht wird ?
Wenn ja, ist alles okidoki... ;D
 

Zitat
G:\Dokumente und Einstellungen\Friedrich\Desktop\procexp.exe
 
Sir Reklov

Da ich nicht editieren kann /darf.. ::)
Das ist von sysinernals der prozess Explorer,richtig ? ;D
Seeehr gut,weil brauchbar....
Wußte doch gleich das mir die Exe so bekannt vorkommt... 8)
Sir Reklov

ja der Prozess Explorer leistet mir gute Dienste  ;D
Hab clqukwgx.dll gekillt, war zwar etwas kompliziert habs aber geschafft.
Zuerst mit dem Prozess Explorer nach der Datei gesucht, wird vom explorer.exe ausgeführt.
Partition Magic gestartet mit dem FileBroser System32 geöffnet. Dann explorer.exe geschlossen und mit Partition Magic gelöscht.
Wenn ich den PC morgen wieder starte muss ich nachschaun ob die Datei wieder da ist. Wenn ja muss ich andere Seiten aufziehen ]:->

PeerGuardian läuft weil ich mir manchmal Simpsons Folgen als Torrent ziehe...

Der Ashampoo wird wieder gelöscht war nur shareware.

Vielen dank Reklow



 
Zitat
Der Ashampoo wird wieder gelöscht war nur shareware

Als Folge davon wird dir ein intensiver Kontakt mit Herrn Rainer Lesani ins Haus stehen... ;D

Er ist ganz begierig darauf,dir den anderen Ashampoo Schrott auch noch näher zu bringen... 8)
Sir Reklov

« Internet Explorer - Fehlermeldung - Geöffnete SexseitenGeneric Host for Win 32-Problem »
 

Schnelle Hilfe: Hier nach ähnlichen Fragen und passenden Tipps suchen!