Hilfe
Neues Thema
Antworten
hallo, bei mir findet mwav ein spyware. ich kann aber damit nicht diese löschen. wer kennt eine andere die auch gut ist und die löschmöglichkeit auch hat? danke im voraus.
Seite 1 von 1
Mwav
#1
rusi 
geschrieben 23. Mai 2005 - 19:16
Nach oben
#2
flo
- Gruppe: aktive Mitglieder
- Beiträge: 7.955
- Beigetreten: 14. November 04
- Reputation: 1
- Geschlecht:Männlich
geschrieben 23. Mai 2005 - 19:19
Hallo
poste doch mal das ergebnis !
hast du mal Hijackthis versucht?
poste doch mal das ergebnis !
hast du mal Hijackthis versucht?
#3
rusi
geschrieben 23. Mai 2005 - 20:55
diese meldungen kriege ich:
Mon May 23 21:29:11 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon May 23 21:29:21 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.
Mon May 23 21:29:22 2005 => Entry "HKCR\CLSID\{00FAE562-DACA-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:22 2005 => Entry "HKCR\CLSID\{00FAE568-DACA-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{08CE60DE-D425-11D3-891E-00104B9876B8}" refers to invalid object "C:\WINDOWS\system32\KODAKO~1.DLL". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{09101CAF-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{09101CB7-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{09101CBA-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{09101CBE-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:25 2005 => Entry "HKCR\CLSID\{1DD02726-012D-48e7-80E1-BA8E00A20ECB}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Mon May 23 21:29:25 2005 => Entry "HKCR\CLSID\{1FD8D838-74A9-4DF8-936F-0D87ED49AD3C}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\frcom-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:26 2005 => Entry "HKCR\CLSID\{2A426D47-51C3-4A79-B064-95FD87DAB5D1}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\frcom-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:27 2005 => Entry "HKCR\CLSID\{341EE246-3B05-4C23-B21A-17F2D4831FC0}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\frext-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:28 2005 => Entry "HKCR\CLSID\{3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:29 2005 => Entry "HKCR\CLSID\{45137563-F598-4574-A987-A25867AB7068}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\bwclext.dll". Action Taken: No Action Taken.
Mon May 23 21:29:32 2005 => Entry "HKCR\CLSID\{6100E360-BB4A-4025-95FB-69CA629E4180}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\vbfrext-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:35 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Mon May 23 21:29:36 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Mon May 23 21:29:36 2005 => Entry "HKCR\CLSID\{8DBFE843-D7DF-4cfc-B62C-05A6899139E2}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\BWTargetInf.dll". Action Taken: No Action Taken.
Mon May 23 21:29:37 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Mon May 23 21:29:40 2005 => Entry "HKCR\CLSID\{BB7CDE7C-5FB0-46E5-A3F4-EF118FACE08B}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:42 2005 => Entry "HKCR\CLSID\{CAEF9D56-0816-4984-BE91-B1B2ED801BE5}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\BWCHelpr-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:42 2005 => Entry "HKCR\CLSID\{CC3D0210-9655-11d3-BA86-0000F80855E6}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Mon May 23 21:29:42 2005 => Entry "HKCR\CLSID\{CF6067D7-D10C-4767-B04C-148E6EBB1574}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:43 2005 => Entry "HKCR\CLSID\{D058BFC5-55D4-11D3-9A62-00C04F8EFB70}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Mon May 23 21:29:43 2005 => Entry "HKCR\CLSID\{D058BFC9-55D4-11D3-9A62-00C04F8EFB70}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Mon May 23 21:29:47 2005 => Entry "HKCR\CLSID\{FC2AAD0F-D03A-453b-91A6-77CADEE26282}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmpvis.dll". Action Taken: No Action Taken.
Mon May 23 21:29:51 2005 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Mon May 23 21:29:51 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Mon May 23 21:29:51 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Mon May 23 21:29:53 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Mon May 23 21:29:53 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Mon May 23 21:30:00 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Mon May 23 21:30:00 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Mon May 23 21:30:00 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Mon May 23 21:30:06 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Mon May 23 21:30:06 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Mon May 23 21:30:12 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Mon May 23 21:30:12 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Mon May 23 21:30:15 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Mon May 23 21:30:18 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Mon May 23 21:30:18 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Mon May 23 21:29:11 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon May 23 21:29:21 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.
Mon May 23 21:29:22 2005 => Entry "HKCR\CLSID\{00FAE562-DACA-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:22 2005 => Entry "HKCR\CLSID\{00FAE568-DACA-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{08CE60DE-D425-11D3-891E-00104B9876B8}" refers to invalid object "C:\WINDOWS\system32\KODAKO~1.DLL". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{09101CAF-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{09101CB7-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{09101CBA-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:23 2005 => Entry "HKCR\CLSID\{09101CBE-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:25 2005 => Entry "HKCR\CLSID\{1DD02726-012D-48e7-80E1-BA8E00A20ECB}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Mon May 23 21:29:25 2005 => Entry "HKCR\CLSID\{1FD8D838-74A9-4DF8-936F-0D87ED49AD3C}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\frcom-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:26 2005 => Entry "HKCR\CLSID\{2A426D47-51C3-4A79-B064-95FD87DAB5D1}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\frcom-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:27 2005 => Entry "HKCR\CLSID\{341EE246-3B05-4C23-B21A-17F2D4831FC0}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\frext-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:28 2005 => Entry "HKCR\CLSID\{3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}" refers to invalid object "C:\Programme\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Mon May 23 21:29:29 2005 => Entry "HKCR\CLSID\{45137563-F598-4574-A987-A25867AB7068}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\bwclext.dll". Action Taken: No Action Taken.
Mon May 23 21:29:32 2005 => Entry "HKCR\CLSID\{6100E360-BB4A-4025-95FB-69CA629E4180}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\vbfrext-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:35 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Mon May 23 21:29:36 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Mon May 23 21:29:36 2005 => Entry "HKCR\CLSID\{8DBFE843-D7DF-4cfc-B62C-05A6899139E2}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\BWTargetInf.dll". Action Taken: No Action Taken.
Mon May 23 21:29:37 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Mon May 23 21:29:40 2005 => Entry "HKCR\CLSID\{BB7CDE7C-5FB0-46E5-A3F4-EF118FACE08B}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:42 2005 => Entry "HKCR\CLSID\{CAEF9D56-0816-4984-BE91-B1B2ED801BE5}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\BWCHelpr-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:42 2005 => Entry "HKCR\CLSID\{CC3D0210-9655-11d3-BA86-0000F80855E6}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Mon May 23 21:29:42 2005 => Entry "HKCR\CLSID\{CF6067D7-D10C-4767-B04C-148E6EBB1574}" refers to invalid object "C:\Programme\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll". Action Taken: No Action Taken.
Mon May 23 21:29:43 2005 => Entry "HKCR\CLSID\{D058BFC5-55D4-11D3-9A62-00C04F8EFB70}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Mon May 23 21:29:43 2005 => Entry "HKCR\CLSID\{D058BFC9-55D4-11D3-9A62-00C04F8EFB70}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmplayer.exe". Action Taken: No Action Taken.
Mon May 23 21:29:47 2005 => Entry "HKCR\CLSID\{FC2AAD0F-D03A-453b-91A6-77CADEE26282}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmpvis.dll". Action Taken: No Action Taken.
Mon May 23 21:29:51 2005 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Mon May 23 21:29:51 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Mon May 23 21:29:51 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Mon May 23 21:29:53 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Mon May 23 21:29:53 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Mon May 23 21:30:00 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Mon May 23 21:30:00 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Mon May 23 21:30:00 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Mon May 23 21:30:06 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Mon May 23 21:30:06 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Mon May 23 21:30:12 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Mon May 23 21:30:12 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Mon May 23 21:30:15 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Mon May 23 21:30:18 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Mon May 23 21:30:18 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
#4
rusi
geschrieben 26. Mai 2005 - 18:39
hallo, ich habe im google geschaut. altnet hat etwas mit filesharing zu tun. ich habe aber nie soetwas gemacht, ich habe auch nicht die programme dafür. wie kann ich das "altnet" von meinem computer löschen, oder meint ihr daß es nicht so böse ist? danke
#5
flo
- Gruppe: aktive Mitglieder
- Beiträge: 7.955
- Beigetreten: 14. November 04
- Reputation: 1
- Geschlecht:Männlich
geschrieben 26. Mai 2005 - 18:44
poste doch bitte mal ein Hijackthis.log!
hijackthis bekommst du auf hijackthis.de
hijackthis bekommst du auf hijackthis.de
#6
rusi
geschrieben 26. Mai 2005 - 21:40
danke für die auswertung:
Logfile of HijackThis v1.99.1
Scan saved at 22:38:00, on 26.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Virtual CD v4 SDK\system\vcssecs.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\eScan\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chello.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programme\Virtual CD v4 SDK\system\vcssecs.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:38:00, on 26.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Virtual CD v4 SDK\system\vcssecs.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\eScan\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chello.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programme\Virtual CD v4 SDK\system\vcssecs.exe
#7
flo
- Gruppe: aktive Mitglieder
- Beiträge: 7.955
- Beigetreten: 14. November 04
- Reputation: 1
- Geschlecht:Männlich
geschrieben 26. Mai 2005 - 21:57
kennst du ein programm was so heißt
C:\apps\ABoard\ABoard.exe
weil in dem Logfile kann ich nichts von spy oder adware erkennen
C:\apps\ABoard\ABoard.exe
weil in dem Logfile kann ich nichts von spy oder adware erkennen
Dieser Beitrag wurde von Flo bearbeitet: 26. Mai 2005 - 21:58
#8
rusi
geschrieben 27. Mai 2005 - 11:21
hallo, mein computer ist von packard bell ( nec ), und das sind wahrscheinlich von dieser firma. ich habe etwas gefunden die das bestätigt.
the file aboard.exe is the Packard Bell ActiveBoard
multimedia keyboard manager. Required if you use the additional keys and
want to see the status of the Num Lock, Caps Lock, Scroll Lock keys. The
file aosd.exe manages the onscreen display for the active keyboard controls.
also die (altnet), die (mwav) findet ist nicht böse?
kann sein daß ( mwav ) falsche sachen findet?
mfG, danke
the file aboard.exe is the Packard Bell ActiveBoard
multimedia keyboard manager. Required if you use the additional keys and
want to see the status of the Num Lock, Caps Lock, Scroll Lock keys. The
file aosd.exe manages the onscreen display for the active keyboard controls.
also die (altnet), die (mwav) findet ist nicht böse?
kann sein daß ( mwav ) falsche sachen findet?
mfG, danke
#9
flo
- Gruppe: aktive Mitglieder
- Beiträge: 7.955
- Beigetreten: 14. November 04
- Reputation: 1
- Geschlecht:Männlich
geschrieben 27. Mai 2005 - 11:23
na ja ist schon komisch, weil da keine Pfadangabe steht, deswegen weiß man nicht in welcher datei der escan das gefunden hat!
meiner meinung nach ist dein system sauber
meiner meinung nach ist dein system sauber
Thema verteilen:
Seite 1 von 1