easy search startseite

#0
09.07.2004, 20:45
...neu hier

Beiträge: 4
#1 adware, spybot, spyware doctor, nortonIS - alles schon probiert - "easy search" geht immer wieder auf die startseite meines IE.

kann jemand helfen?

MfG
Wolfgang

Logfile of HijackThis v1.98.0
Scan saved at 20:42:28, on 09.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis_198.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F687BCAC-761B-452D-BB39-CD805D453928} - C:\WINDOWS\System32\mfplay.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Canon LBP-800 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://195.225.177.8/count/chm/cool.chm::/cool.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Filter: text/html - {EE219200-2288-4E9F-A22A-7D89136C5ECA} - C:\WINDOWS\System32\mfplay.dll
O18 - Filter: text/plain - {EE219200-2288-4E9F-A22A-7D89136C5ECA} - C:\WINDOWS\System32\mfplay.dll
O21 - SSODL: System - {0667452E-10DB-4F4F-B325-EFF3C243FEC4} - C:\WINDOWS\system32\system32.dll
Seitenanfang Seitenende
10.07.2004, 03:53
Member

Beiträge: 1095
#2 @Mark79

geh mal bitte nach dieser Anweisung vor
http://www.rokop-security.de/main/article.php?sid=746&mode=thread&order=0

Ausserdem Fixe bitte dieses in HiJackThis
O2 - BHO: (no name) - {F687BCAC-761B-452D-BB39-CD805D453928} - C:\WINDOWS\System32\mfplay.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://195.225.177.8/count/chm/cool.chm::/cool.exe
O18 - Filter: text/html - {EE219200-2288-4E9F-A22A-7D89136C5ECA} - C:\WINDOWS\System32\mfplay.dll
O18 - Filter: text/plain - {EE219200-2288-4E9F-A22A-7D89136C5ECA} - C:\WINDOWS\System32\mfplay.dll
O21 - SSODL: System - {0667452E-10DB-4F4F-B325-EFF3C243FEC4} - C:\WINDOWS\system32\system32.dll

Wenn das nicht klappt

Lade mwav.exe
http://www.rokop-security.de/board/index.php?showtopic=3867

Dann geh in den Safemode von XP
http://www.bsi.de/av/texte/winsave.htm

lösche C:\WINDOWS\system32\system32.dll
plus
C:\WINDOWS\System32\mfplay.dll
Diese Datei kann einen anderen Namen haben
Starte einfach HiJackThis und schau was bei O18 steht

scanne mit mwav.exe

Dann neustart und Logfile posten

Gruß paff
P.S. Bei Fragen einfach posten.
Halt uns bitte auf dem laufenden, interessiert uns ob's geklappt hat. ;)
__________
http://www.downclockers.com/ourforum/index.php?board=71.0 Reverse Engineering Malware
Dieser Beitrag wurde am 10.07.2004 um 04:15 Uhr von paff editiert.
Seitenanfang Seitenende
10.07.2004, 15:05
...neu hier

Themenstarter

Beiträge: 4
#3 Vielen dank!

Hab gelöscht:
C:\WINDOWS\system32\system32.dll
plus
C:\WINDOWS\System32\mfplay.dll

Dann mit mwav.exe im abgeicherten modus gescannt. Zumindest im moment ist die seite weg! ;)

Logfile of HijackThis v1.98.0
Scan saved at 15:02:53, on 10.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temp\Temporäres Verzeichnis 6 für hijackthis_198.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E85A8C09-952F-4BF1-A27F-FAC89A53EE76} - C:\WINDOWS\System32\mfplay.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Canon LBP-800 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Filter: text/html - {D4BDF97E-5009-4A1B-B269-56E7D66C207E} - C:\WINDOWS\System32\mfplay.dll
O18 - Filter: text/plain - {D4BDF97E-5009-4A1B-B269-56E7D66C207E} - C:\WINDOWS\System32\mfplay.dll

danke nochmal,
lg
Seitenanfang Seitenende
10.07.2004, 16:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 mark79

fixe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll (file missing)

O2 - BHO: (no name) - {E85A8C09-952F-4BF1-A27F-FAC89A53EE76} - C:\WINDOWS\System32\mfplay.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe

O18 - Filter: text/html - {D4BDF97E-5009-4A1B-B269-56E7D66C207E} - C:\WINDOWS\System32\mfplay.dll
O18 - Filter: text/plain - {D4BDF97E-5009-4A1B-B269-56E7D66C207E} - C:\WINDOWS\System32\mfplay.dll


neustarten


Deaktiviere kurz deinen Virenscanner

Lade Antivirus
http://www.free-av.de/
Konfiguriere
Antivirus-Einstellungen :

Automatischen Scan stoppen,
Internetupdate von Antivir starten,
Einstellungen hochschrauben (Suchen: ALLE DATEIN, Reperatur: OHNE RÜCKFRAGEN, Löschen bei fehlgeschlagener Reperatur: LÖSCHEN OHNE RÜCKFRAGEN, Unerwünschte Programme: ALLE ausser spiele, Heuristik: Win32 Heuristik Priorität hoch)

Gehe in den abgesicherten Modus
http://www.bsi.de/av/texte/winsave.htm

#Mache einen Vollscann

normal neustarten

#Loesche unter \InternetOptionen die Temporaryinternetfiles und stelle eine neue Startseie ein.

Dann post das Log noch mal.

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 10.07.2004 um 16:26 Uhr von Sabina editiert.
Seitenanfang Seitenende
10.07.2004, 17:53
...neu hier

Beiträge: 6
#5 Ich brauche ebenfalls HILFE. Bei mir hat sich ganz viel Schmutz in die Favoriten geschrieben.......


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Programme\AVPersonal\AVWIN.EXE
F:\Dateien von Jens\download\mo\mozilla-win32-1.8a1-de-AT\mozilla\mozilla.exe
F:\Dateien von Jens\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html
F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3473BC2E-BD34-4FE3-BDE2-69B84DD1F107}: NameServer = 195.50.140.250 145.253.2.203
Dieser Beitrag wurde am 10.07.2004 um 17:55 Uhr von Jens0123 editiert.
Seitenanfang Seitenende
10.07.2004, 18:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Jens0123

Fixe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html

F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe

O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe

ist das dein korrekter Servereintrag ???
O17 - HKLM\System\CCS\Services\Tcpip\..\{3473BC2E-BD34-4FE3-BDE2-69B84DD1F107}: NameServer = 195.50.140.250 145.253.2.203
wenn nicht, fixen und dann neu einstellen

neustarten und in den abgesicherten Modus gehen
http://www.bsi.de/av/texte/winsave.htm

Konfiguriere
Antivirus-Einstellungen :
Automatischen Scan stoppen,
Einstellungen hochschrauben (Suchen: ALLE DATEIN, Reperatur: OHNE RÜCKFRAGEN, Löschen bei fehlgeschlagener Reperatur: LÖSCHEN OHNE RÜCKFRAGEN, Unerwünschte Programme: ALLE ausser spiele, Heuristik: Win32 Heuristik Priorität hoch)

scanne mit deinem Antivirus

#gehe in die Registry
Start<Ausfuehren<regedit
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
loesche diesen Eintrag:http://weba.directwebsearch.
suche dann noch nach anderen Eintraegen vom Hijacker (siehe R1-Eintraege)

#Start<Systemsteuerung<Verwaltung<Dienste
sieh, ob sich bei den Diensten ein wmplayer.exe eingeschlichen hat ...und deaktiviere das, wenn es existiert

#loesche
C:\WINDOWS\system32\services\wmplayer.exe

normal neustarten

#Lade mwav.exe
scanne <alle Dateien<
http://www.mwti.net/antivirus/free_utilities.asp
Poste dann das Endlog vom Scann #loesche unter <InternetOptionen < die TemporaryInternetFiles , stelle eine neue Startseite ein und poste das Log noch mal.

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 10.07.2004 um 18:32 Uhr von Sabina editiert.
Seitenanfang Seitenende
10.07.2004, 18:48
...neu hier

Themenstarter

Beiträge: 4
#7 hallo!

hier das neue log:

Logfile of HijackThis v1.98.0
Scan saved at 18:44:56, on 10.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\htpatch.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temp\Temporäres Verzeichnis 9 für hijackthis_198.zip\HijackThis.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Canon LBP-800 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

;)
MfG
Wolfgang
Seitenanfang Seitenende
10.07.2004, 18:54
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 mark79

Wunderbar... ,)
Jetzt lade noch den Firefox als Alternativbrowser...stelle eine Startseite ein und surfe nur mit ihm.
http://www.firebird-browser.de/

und entscheide dich fuer einen Virenscanner...den anderen deaktiviere.

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 10.07.2004 um 18:55 Uhr von Sabina editiert.
Seitenanfang Seitenende
10.07.2004, 20:12
...neu hier

Themenstarter

Beiträge: 4
#9 besten dank nochmal!

ach ja, sorry, hätte da nochwas...

IE läuft da normal, spybot findet aber immer wieder u.a. DSO Exploit.

Logfile of HijackThis v1.98.0
Scan saved at 20:06:52, on 10.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programme\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\EinAus.exe
C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\Rar$EX00.969\HijackThis.exe

F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HP Lamp] "C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EinAus.lnk = C:\EinAus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://axis.retea.se/activex/AxisCamControl.ocx
O16 - DPF: {CAA9A7B8-5D54-4D74-B135-CAC498364EB4} (GIS2 WebGISLight Viewer) - http://www.austrianmap.at/bevportal/webgislight.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\msero.dll


MfG
Wolfgang
Seitenanfang Seitenende
10.07.2004, 21:43
...neu hier

Beiträge: 6
#10 Hi. Hier das Endlog vom Scann durch mwav.exe
habe schritt für schritt befolgt, trete aber irgentwie auf der stelle....


Sat Jul 10 21:35:19 2004 => **********************************************************
Sat Jul 10 21:35:19 2004 => eScan AntiVirus Toolkit Utility.
Sat Jul 10 21:35:19 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sat Jul 10 21:35:19 2004 => **********************************************************
Sat Jul 10 21:35:19 2004 => Version 4.2.6
Sat Jul 10 21:35:19 2004 => Log File: C:\DOKUME~1\Jens\LOKALE~1\Temp\mwav.log
Sat Jul 10 21:35:19 2004 => Latest Date of files inside MWAV: 09 Jul 2004 12:06:55.
Sat Jul 10 21:35:19 2004 => AV Library Loaded...
Sat Jul 10 21:35:19 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavss.exe
Sat Jul 10 21:35:19 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\Getvlist.exe
Sat Jul 10 21:35:19 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavss.dll
Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavssdi.dll
Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavssi.dll
Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavvlg.dll
Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\msvlclnt.dll
Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\ipc.dll
Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\main.avi
Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\virus.avi
Sat Jul 10 21:35:20 2004 => Virus Database Date: 2004/07/09
Sat Jul 10 21:35:20 2004 => Virus Database Count: 96426

Sat Jul 10 21:36:05 2004 => **********************************************************
Sat Jul 10 21:36:05 2004 => eScan AntiVirus Toolkit Utility.
Sat Jul 10 21:36:05 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sat Jul 10 21:36:05 2004 =>
Sat Jul 10 21:36:05 2004 => Support: support@mwti.net
Sat Jul 10 21:36:05 2004 => Web: http://www.mwti.net
Sat Jul 10 21:36:05 2004 => **********************************************************
Sat Jul 10 21:36:05 2004 => Version 4.2.6
Sat Jul 10 21:36:05 2004 => Log File: C:\DOKUME~1\Jens\LOKALE~1\Temp\mwav.log
Sat Jul 10 21:36:05 2004 => Latest Date of files inside MWAV: 09 Jul 2004 12:06:55.

Sat Jul 10 21:36:05 2004 => Options Selected by User:
Sat Jul 10 21:36:05 2004 => Memory Check: Enabled
Sat Jul 10 21:36:05 2004 => Registry Check: Enabled
Sat Jul 10 21:36:05 2004 => StartUp Folder Check: Enabled
Sat Jul 10 21:36:05 2004 => System Folder Check: Disabled
Sat Jul 10 21:36:05 2004 => System Area Check: Disabled
Sat Jul 10 21:36:05 2004 => Services Check: Enabled
Sat Jul 10 21:36:05 2004 => Drive Check Option Disabled
Sat Jul 10 21:36:05 2004 => Scanning Type: Scan And Clean
Sat Jul 10 21:36:05 2004 => Folder Check: Disabled

Sat Jul 10 21:36:05 2004 => ***** Scanning Memory Files *****
Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\system32\services.exe
Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\Explorer.EXE
Sat Jul 10 21:36:05 2004 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE
Sat Jul 10 21:36:05 2004 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE
Sat Jul 10 21:36:06 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe
Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\System32\RunDll32.exe
Sat Jul 10 21:36:06 2004 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\System32\sistray.EXE
Sat Jul 10 21:36:06 2004 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Sat Jul 10 21:36:06 2004 => Scanning File C:\Programme\Messenger\msmsgs.exe
Sat Jul 10 21:36:06 2004 => Scanning File F:\DATEIE~1\download\mo\MOZILL~1.8A1\mozilla\mozilla.exe
Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\regedit.exe
Sat Jul 10 21:36:07 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\mwavscan.com
Sat Jul 10 21:36:07 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavss.exe

Sat Jul 10 21:36:07 2004 => ***** Scanning Registry Files *****
Sat Jul 10 21:36:07 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\Explorer.exe
Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\system32\userinit.exe
Sat Jul 10 21:36:07 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\system32\RunDll32.exe
Sat Jul 10 21:36:07 2004 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\System32\sistray.EXE
Sat Jul 10 21:36:07 2004 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\System32\winupd.exe
Sat Jul 10 21:36:07 2004 => File C:\WINDOWS\System32\winupd.exe infected by "TrojanDropper.Win32.Small.ig" Virus. Action Taken: File Deleted.

Sat Jul 10 21:36:08 2004 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\Run has RunningProcess defined as C:\WINDOWS\System32\winupd.exe (which is infected)!
Sat Jul 10 21:36:08 2004 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupd deleted because it is infected by a Virus
Sat Jul 10 21:36:08 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sat Jul 10 21:36:08 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Sat Jul 10 21:36:08 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Sat Jul 10 21:36:08 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\Programme\Messenger\msmsgs.exe
Sat Jul 10 21:36:08 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sat Jul 10 21:36:08 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Sat Jul 10 21:36:08 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Sat Jul 10 21:36:08 2004 => Scanning HKCR\txtfile\shell\open\command
Sat Jul 10 21:36:08 2004 => Scanning HKCR\comfile\shell\open\command
Sat Jul 10 21:36:08 2004 => Scanning HKCR\exefile\shell\open\command
Sat Jul 10 21:36:08 2004 => Scanning HKCR\dllfile\shell\open\command
Sat Jul 10 21:36:08 2004 => Scanning HKCR\batfile\shell\open\command
Sat Jul 10 21:36:08 2004 => Scanning HKCR\piffile\shell\open\command
Sat Jul 10 21:36:08 2004 => Scanning HKCR\scrfile\shell\open\command
Sat Jul 10 21:36:08 2004 => Scanning HKCR\scrfile\shell\config\command
Sat Jul 10 21:36:08 2004 => Scanning HKCR\regfile\shell\open\command

Sat Jul 10 21:36:08 2004 => ***** Scanning StartUp Folders *****

Sat Jul 10 21:36:08 2004 => ***** Scanning C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\Zubehör\Autostart Folder *****
Sat Jul 10 21:36:08 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\Zubehör\Autostart\*.*
Sat Jul 10 21:36:08 2004 => Scanning File C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\Zubehör\Autostart\desktop.ini

Sat Jul 10 21:36:08 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Sat Jul 10 21:36:08 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Sat Jul 10 21:36:08 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Sat Jul 10 21:36:08 2004 => ***** Scanning Service Files *****
Sat Jul 10 21:36:08 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Sat Jul 10 21:36:08 2004 => Scanning File C:\PROGRAMME\AVPERSONAL\AVGNTDD.SYS
Sat Jul 10 21:36:08 2004 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\drivers\cmuda.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\DISDN\capi20.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\DISDN\dimaint.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\DISDN\Diwan.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\system32\services.exe
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\imapi.exe
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:11 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\drivers\msmpu401.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\system32\services.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\locator.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ser*hier nicht!*.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sisgrp.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\SISAGPX.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\drivers\srvkp.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sisnic.sys
Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\ups.exe
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbohci.sys
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbscan.sys
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\SYSTEM32\VSDATANT.SYS
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe

Sat Jul 10 21:36:16 2004 => ***** Scanning Important System Files *****
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\winsock.dll
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\ws2help.dll
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\ws2_32.dll
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\wscript.exe
Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\wsecedit.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshatm.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshcon.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshde.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshext.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wship6.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshisn.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshnetbs.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshom.ocx
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\WshRm.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wsnmp32.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wsock32.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wstdecod.dll
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\dl.html [**]
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\dlm.html [**]
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\explorer.exe
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\explorer.scf
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\notepad.exe
Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\cmd.exe
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\kernel32.dll
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\ntoskrnl.exe
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\ntkrnlpa.exe
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\hal.dll
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\win32k.sys
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\ntdll.dll
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\user32.dll
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\gdi32.dll
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll
Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\command.com

Sat Jul 10 21:36:19 2004 => ***** Checking for specific ITW Viruses *****
Sat Jul 10 21:36:19 2004 => Checking for Welchia Virus...
Sat Jul 10 21:36:19 2004 => Checking for LovGate Virus...
Sat Jul 10 21:36:19 2004 => Checking for CodeRed Virus...
Sat Jul 10 21:36:19 2004 => Checking for OpaServ Virus...
Sat Jul 10 21:36:19 2004 => Checking for Sobig.e Virus...
Sat Jul 10 21:36:19 2004 => Checking for Winupie Virus...
Sat Jul 10 21:36:19 2004 => Checking for Swen Virus...
Sat Jul 10 21:36:19 2004 => Checking for JS.Fortnight Virus...
Sat Jul 10 21:36:19 2004 => Checking for Novarg Virus...
Sat Jul 10 21:36:19 2004 => Checking for Pagabot Virus...

Sat Jul 10 21:36:19 2004 => ***** Scanning complete. *****

Sat Jul 10 21:36:19 2004 => Total Number of Files Scanned: 238
Sat Jul 10 21:36:19 2004 => Total Number of Virus(es) Found: 1
Sat Jul 10 21:36:19 2004 => Total Number of Disinfected Files: 0
Sat Jul 10 21:36:19 2004 => Total Number of Files Renamed: 0
Sat Jul 10 21:36:19 2004 => Total Number of Deleted Files: 1
Sat Jul 10 21:36:19 2004 => Total Number of Errors: 0
Sat Jul 10 21:36:19 2004 => Time Elapsed: 00:00:13
Sat Jul 10 21:36:19 2004 => Virus Database Date: 2004/07/09
Sat Jul 10 21:36:19 2004 => Virus Database Count: 96426

Sat Jul 10 21:36:19 2004 => Scan Completed.

Sat Jul 10 21:40:08 2004 => Virus Database Date: 2004/07/09
Sat Jul 10 21:40:08 2004 => Virus Database Count: 96426
Seitenanfang Seitenende
11.07.2004, 14:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 mark79
die Exploids von Spybot sind ein Bug...ein Fehler...also keine Sorgen machen.
MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 11.07.2004 um 14:42 Uhr von Sabina editiert.
Seitenanfang Seitenende
11.07.2004, 14:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 @Jens0123

Logfile of HijackThis v1.97.7
Scan saved at 21:46:42, on 10.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
F:\Dateien von Jens\download\mo\mozilla-win32-1.8a1-de-AT\mozilla\mozilla.exe
C:\WINDOWS\regedit.exe
C:\DOKUME~1\Jens\LOKALE~1\Temp\mwavscan.com
C:\DOKUME~1\Jens\LOKALE~1\Temp\kavss.exe
F:\Dateien von Jens\download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html
F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll

und nu?

........................................................................................................................................

Jens0123

o.k. , ein Virus ist schon raus...jetzt mache folgendes

Fixe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html

F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe


NEUSTARTEN UND IN DEN ABGESICHERTEN MODUS GEHEN
http://www.bsi.de/av/texte/winsave.htm

#Konfiguriere
Antivirus-Einstellungen :
Automatischen Scan stoppen,
Einstellungen hochschrauben (Suchen: ALLE DATEIN, Reperatur: OHNE RÜCKFRAGEN, Löschen bei fehlgeschlagener Reperatur: LÖSCHEN OHNE RÜCKFRAGEN, Unerwünschte Programme: ALLE ausser spiele, Heuristik: Win32 Heuristik Priorität hoch)

scanne mit deinem Antivirus !!!!!

#loesche C:\WINDOWS\system32\services\wmplayer.exe


#gehe in die Registry
Start<Ausfuehren<regedit
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
loesche diesen Eintrag:http://weba.directwebsearch.
suche dann noch nach anderen Eintraegen vom Hijacker (siehe R1-Eintraege)

neustarten

#Loesche unter InternetOptionen die TemporaryInternetfiles und stelle eine neue Startseite ein.
Dann poste das Log noch mal.
MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 11.07.2004 um 15:10 Uhr von Sabina editiert.
Seitenanfang Seitenende
11.07.2004, 21:14
...neu hier

Beiträge: 6
#13 Aktuell:

Logfile of HijackThis v1.97.7
Scan saved at 21:13:06, on 11.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
F:\Dateien von Jens\download\HijackThis.exe

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programme\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programme\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Run DAP (HKLM)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38179.1470717593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Seitenanfang Seitenende
11.07.2004, 23:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 Jens0123
Auch wenn du im IE keine Startseite eingestellt hast...denke ich, dass nun alles sauber ist.

#der Antivirus hat einen Guard
C:\Programme\AVPersonal\AVGUARD.EXE
unter \Optionen \einstellen und dann muss der \aufgespannte Regenschirm \in der Tasklieiste erscheinen .
#aktualisiere den IE auf IE 6 SP1
http://www.microsoft.com/windows/ie_intl/de/ie6sp1.mspx
#mache die WindowsUpdates, wenigstens alle bis auf Systempack 1 ......falls du das nicht kannst .....
#Lade Firefox als Alternetivbrowser...ist sicherer
http://www.firebird-browser.de/
Gruss
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 11.07.2004 um 23:16 Uhr von Sabina editiert.
Seitenanfang Seitenende
12.07.2004, 19:45
...neu hier

Beiträge: 6
#15 Sabina, wenn ich Windows starte, will mein Rechner automatisch Verbindung zum Internet herstellen.

Logfile of HijackThis v1.97.7
Scan saved at 19:41:58, on 12.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
F:\Dateien von Jens\download\mo\mozilla-win32-1.8a1-de-AT\mozilla\mozilla.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
F:\Dateien von Jens\download\HijackThis.exe

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programme\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programme\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Run DAP (HKLM)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38179.1470717593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3473BC2E-BD34-4FE3-BDE2-69B84DD1F107}: NameServer = 195.50.140.250 145.253.2.203
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: