-
General
Ist jetzt leider nen Doppelpost, aber egal.
Hier die HJT Logfile:
Running processes:
C
WINDOWS\System32\smss.exe
CWINDOWS\system32\winlogon.exe
CWINDOWS\system32\services.exe
CWINDOWS\system32\lsass.exe
CWINDOWS\system32\nvsvc32.exe
CWINDOWS\system32\svchost.exe
cProgramme\Microsoft Security Essentials\MsMpEng.exe
CWINDOWS\System32\svchost.exe
CWINDOWS\Explorer.EXE
CWINDOWS\system32\spoolsv.exe
CProgramme\Avira\AntiVir Desktop\sched.exe
CProgramme\VIA\VIAudioi\HDADeck\HDeck.exe
CProgramme\Avira\AntiVir Desktop\avgnt.exe
CProgramme\Java\jre6\bin\jusched.exe
CProgramme\Microsoft Security Essentials\msseces.exe
CWINDOWS\system32\RUNDLL32.EXE
CWINDOWS\system32\ctfmon.exe
CProgramme\Avira\AntiVir Desktop\avguard.exe
CProgramme\ICQ6Toolbar\ICQ Service.exe
CProgramme\Java\jre6\bin\jqs.exe
CProgramme\CDBurnerXP\NMSAccessU.exe
CWINDOWS\system32\wbem\wmiapsrv.exe
CWINDOWS\system32\msiexec.exe
CProgramme\Avira\AntiVir Desktop\avscan.exe
CProgramme\Mozilla Firefox\firefox.exe
CProgramme\Internet Explorer\IEXPLORE.EXE
CProgramme\Internet Explorer\IEXPLORE.EXE
cprogramme\avira\antivir desktop\avcenter.exe
CProgramme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - CProgramme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - CProgramme\Gemeinsame Dateien\Adobe\Acrobat\Active
AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - CProgramme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - CProgramme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - CProgramme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - CProgramme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - CProgramme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - CProgramme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HDAudDeck] CProgramme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avgnt] "CProgramme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "CProgramme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "CProgramme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "cProgramme\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE CWINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE CWINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] CWINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "CProgramme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] CWINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - CWINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - CWINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - CProgramme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - CProgramme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgramme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgramme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1257155555718
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - CProgramme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - CProgramme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ICQ Service - Unknown owner - CProgramme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - CProgramme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - CProgramme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - CProgramme\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - CWINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - CWINDOWS\system32\nvsvc32.exe
--
End of file - 6288 bytes
Im Netz stand, dass man Deliao und SearchSettings einfach per Software entfernen - Hab ich gemacht, aber beim Scan von AntiVir kommt immer noch die nervig piepsende Meldung.
Hoffe man kann den Mist ohne neu aufspielen wegballern, wär sonst echt ziemlich scheiße, auf gut deutsch. -.-
-
General
Der Mist ist bekannt unter SearchSettings.exe und Delio Toolbar Virus. Jetzt, nach'm Neustart, hat nix gepiept oder so, die Toolbar ist auch entfernt, jedoch weiß ich nicht, ob das Programm noch aktiv ist, daher hier nochmal ein Hijack This Logfile:
Running processes:
CWINDOWS\System32\smss.exe
CWINDOWS\system32\winlogon.exe
CWINDOWS\system32\services.exe
CWINDOWS\system32\lsass.exe
CWINDOWS\system32\nvsvc32.exe
CWINDOWS\system32\svchost.exe
cProgramme\Microsoft Security Essentials\MsMpEng.exe
CWINDOWS\System32\svchost.exe
CWINDOWS\system32\spoolsv.exe
CProgramme\Avira\AntiVir Desktop\sched.exe
CWINDOWS\Explorer.EXE
CProgramme\VIA\VIAudioi\HDADeck\HDeck.exe
CProgramme\Avira\AntiVir Desktop\avgnt.exe
CProgramme\Java\jre6\bin\jusched.exe
CProgramme\Microsoft Security Essentials\msseces.exe
CWINDOWS\system32\RUNDLL32.EXE
CWINDOWS\system32\ctfmon.exe
CProgramme\Messenger\msmsgs.exe
CProgramme\Avira\AntiVir Desktop\avguard.exe
CProgramme\ICQ6Toolbar\ICQ Service.exe
CProgramme\Java\jre6\bin\jqs.exe
CProgramme\CDBurnerXP\NMSAccessU.exe
CWINDOWS\system32\wuauclt.exe
CWINDOWS\system32\wbem\wmiapsrv.exe
CProgramme\Mozilla Firefox\firefox.exe
CProgramme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - CProgramme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - CProgramme\Gemeinsame Dateien\Adobe\Acrobat\ActiveAcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - CProgramme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - CProgramme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - CProgramme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - CProgramme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - CProgramme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - CProgramme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HDAudDeck] CProgramme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avgnt] "CProgramme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "CProgramme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "CProgramme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "cProgramme\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE CWINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE CWINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] CWINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "CProgramme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] CWINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - CWINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - CWINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - CProgramme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - CProgramme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgramme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgramme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1257155555718
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - CProgramme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - CProgramme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ICQ Service - Unknown owner - CProgramme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - CProgramme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - CProgramme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - CProgramme\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - CWINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - CWINDOWS\system32\nvsvc32.exe
--
End of file - 6034 bytes
:/
Berechtigungen
- Neue Themen erstellen: Nein
- Themen beantworten: Nein
- Anhänge hochladen: Nein
- Beiträge bearbeiten: Nein
-
Foren-Regeln
Zitieren