Trojanische Pferd TR/LowZones.A.2Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
28.09.2004, 14:20
...neu hier
Beiträge: 1 |
||
|
||
28.09.2004, 15:43
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo @blue-magic
HijackThis: http://www.wintotal.de/softw/?id=2022 Lade das Tool, scann, save und kopiere das Log ins Forum ________________________________________________________________ Ansonsten scanne mit deinem Antivirus im abgesicherten Modus, <gehe in den abgesicherten Modus http://www.bsi.de/av/texte/winsave.htm #deaktiviere vor dem Scannen die Wiederherstellung , falls du XP hast) http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 mfg Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 28.09.2004 um 15:52 Uhr von Sabina editiert.
|
|
|
||
21.10.2004, 05:07
...neu hier
Beiträge: 5 |
#3
hallo, ich habe auch dieses trojanische pferd könnt ihr mir bitte helfen dieses wegzubekommen, hier mein log:
Logfile of HijackThis v1.98.2 Scan saved at 04:43:26, on 21.10.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wmplayer612.exe C:\Program Files\Win Comm\WinComm.exe C:\Program Files\Win Comm\WinLock.exe C:\Programme\Web_Rebates\WebRebates1.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\Dokumente und Einstellungen\Juri\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [Windows Media Player 6.1.2] wmplayer612.exe O4 - HKLM\..\Run: [Start Upping] qtask.exe O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\RunServices: [Windows Media Player 6.1.2] wmplayer612.exe O4 - HKLM\..\RunServices: [Start Upping] qtask.exe O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOKUME~1\Juri\LOKALE~1\Temp\djtopr1150.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Windows Media Player 6.1.2] wmplayer612.exe O4 - HKCU\..\Run: [Start Upping] qtask.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3669f00b266159f9 1d5a5e5f7d6c7fe45a212eca0eb53d155f7f2d75349fd95cf44b264f2c38b3fa 227dc8071b2b0dfdd561eaa0398dd574e24fccdf5dd61755:e71668d3bfa7fc19043f7497194f6505 O17 - HKLM\System\CCS\Services\Tcpip\..\{1460C76E-FA91-42BC-B7FB-C8779880A5B8}: NameServer = 192.168.122.252,192.168.122.253 danke im voraus : mfG Cheers |
|
|
||
21.10.2004, 11:21
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo @Cheers
Sichere die Registry http://www.chip.de/artikel/c_artikelunterseite_8817258.html?tid1=&tid2= Gehe in die Registry Start<Ausfuehren<regedit Loesche diese Eintraege rechts in der Registry Creates value "Start Upping"="qtask.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". * Creates value "Start Upping"="qtask.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices". * Creates value "Start Upping"="qtask.exe" in key #Aendere die Werte: * Sets value "restrictanonymous"="" in key "HKLM\System\CurrentControlSet\Control\Lsa". wenn eine "1" dasteht, aendere in "0" * Sets value "restrictanonymoussam"="" in key "HKLM\System\CurrentControlSet\Control\Lsa". von "0 " in "1" Gib in die Suchfunktion der Registry (oben links ein)..loesche alles, was du findest rechts in der Registry zum Beispiel: HKLM\Software\Microsoft\Shared Tools\MSCOnfig\startupreg\ loeschen: <Windows SyncroAd <SyncroAd <wmplayer612 <WinComm <WebRebates <djtopr1150 <Elite Oeffne das HijackThis, hake an, was ich schreibe, <fix< und neustarten O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [Windows Media Player 6.1.2] wmplayer612.exe O4 - HKLM\..\Run: [Start Upping] qtask.exe O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\RunServices: [Windows Media Player 6.1.2] wmplayer612.exe O4 - HKLM\..\RunServices: [Start Upping] qtask.exe O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOKUME~1\Juri\LOKALE~1\Temp\djtopr1150.exe" O4 - HKCU\..\Run: [Windows Media Player 6.1.2] wmplayer612.exe O4 - HKCU\..\Run: [Start Upping] qtask.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=3669f00b266159f91d 5a5e5f7d6c7fe45a212eca0eb53d155f7f2d75349fd95cf44b264f2c3 PC neustarten #Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" Suchfunktion von Windows: 1. "Bevorzugte Einstellungen ändern | Datei- und Ordnersuchverhalten ändern | Erweitert [...] Empfohlen für fortgeschrittene Benutzer" 2. Über "OK" auf "Weitere Optionen" gehen und die folgenden Optionen auswählen: [x] Systemordner durchsuchen [x] Versteckte Elemente durchsuchen [x] Unterordner durchsuchen #Loesche: <C:\WINDOWS\SYSTEM\qtask.exe. [166815 bytes.] <C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll <C:\Program Files\Windows SyncroAd\SyncroAd.exe <C:\WINDOWS\System32\wmplayer612.exe <C:\Program Files\Win Comm\WinComm.exe <C:\Program Files\Win Comm\WinLock.exe <C:\Programme\Web_Rebates\WebRebates1.exe <C:\Programme\Web_Rebates\WebRebates0.exe Start<Ausfuehren < reinkopieren: %temp% loesche:djtopr1150.exe [C:\DOKUME~1\Juri\LOKALE~1\Temp\djtopr1150.exe] Datentraegerbereinigung: und Loeschen der Temporary-Dateien 1. Start<Ausfuehren<cleanmgr #Click Temporary Internet Files, O.K #Temporary Files #Deinstalliere fuer 15 Tage deinen Antivirus und lade: #Testversion "Antivirus Personal 5.0" http://www.kaspersky.com/trials #deaktiviere die Wiederherstellung und poste das Log noch mal. mfg Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 21.10.2004 um 11:33 Uhr von Sabina editiert.
|
|
|
||
14.03.2005, 20:00
...neu hier
Beiträge: 1 |
#5
Hi,
das Thema ist zwar schon was älter, aber handelt sich genau um den gleichen Trojaner (Version ist nur normal .A, nicht .A.2) und da ich mir nicht sicher bin, was ich alles löschen muss, poste ich hier lieber nochmal. Hab die Registry gesaved und mir HijackThis runtergeladen, hier das Log: Logfile of HijackThis v1.99.1 Scan saved at 19:38:19, on 15.03.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Programme\Antivir\AVGNT.EXE C:\Internet\ICQLite\ICQLite.exe C:\WINDOWS\System32\msmq2inst.exe C:\WINDOWS\System32\trmupdate.exe C:\Programme\Antivir\AVGUARD.EXE C:\Programme\Antivir\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Internet\Firefox\firefox.exe c:\supdatesp991.exe c:\supdate282.exe C:\Programme\Antivir\GUARDGUI.EXE C:\Programme\Antivir\GUARDGUI.EXE E:\Setup\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\Antivir\AVGNT.EXE" /min O4 - HKLM\..\Run: [ICQ Lite] C:\Internet\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Internet\ICQLite\ICQLite.exe -trayboot O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQLite\ICQLite.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110483061218 O17 - HKLM\System\CCS\Services\Tcpip\..\{E19C0642-6C59-4C7D-B368-47666F4B18A6}: NameServer = 217.237.151.225 217.237.150.225 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\Antivir\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivir\AVWUPSRV.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoft Sandra\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoft Sandra\RpcSandraSrv.exe --- Mir ist schon klar, dass c:\supdatesp991.exe c:\supdate282.exe die Dateien sind, die das Teil immer neu installieren, aber simples Löschen bringt natürlich nix und ich weiß eben auch nicht, was da noch anderes zugehört... Danke schonmal im Vorraus für eure Hilfe MfG zwirni Dieser Beitrag wurde am 14.03.2005 um 21:56 Uhr von zwirni editiert.
|
|
|
||
14.03.2005, 23:38
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@zwirni
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen http://virusscan.jotti.org/ Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten C:\WINDOWS\System32\nvraidservice.exe C:\WINDOWS\System32\msmq2inst.exe C:\WINDOWS\System32\trmupdate.exe C:\WINDOWS\System32\wbem\unsecapp.exe c:\supdatesp991.exe c:\supdate282.exe C:\UNMT.EXE #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE <--W32/Sdbot.worm O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe PC neustarten •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken C:\WINDOWS\System32\nvraidservice.exe (? selber installiert wegen meinem SATA Raid 0 (war beim Treiber dabei ????.C:\WINDOWS\System32\nvraidservice.exe gehört zu Nvidia NForce Chipsatz basierten Boards...dann nicht loeschen !!!) C:\WINDOWS\System32\msmq2inst.exe C:\WINDOWS\System32\trmupdate.exe c:\supdatesp991.exe c:\supdate282.exe C:\UNMT.EXE und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" PC neustarten DCOM RPC vulnerability -http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx WEBDAV vulnerability - http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx LSASS vulnerability - http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx Windows Worms Doors Cleaner erlaubt Ihnen die Dienste auf die die Würmer angewiesen sind, zu schließen http://www.firewallleaktester.com/wwdc.htm •Trend-Micro (Online) http://de.trendmicro-europe.com/consumer/products/housecall_launch.php http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php panda http://www.pandasoftware.com/activescan/com/activescan_principal.htm •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen -->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird--> silentrunners http://www.silentrunners.org/sr_download.html gehe auf: Click here to download a zip file. hier die Erklaerung: http://www.silentrunners.org/sr_scriptuse.html ** *** SDBOT WORM! http://vil.nai.com/vil/content/v_100454.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.03.2005, 11:38
Member
Beiträge: 12 |
#7
Hallo ich habe auch den Low Zones.A und brauch dringend Hilfe um
den loszuwerden. Kann mir jemand sagen, was genau dieser Trojaner eigentlich alles schädliches anstellt? ich habe bereits im abgesicherten Modus mit Antivir gescannt hier das Log: Logfile of HijackThis v1.99.1 Scan saved at 11:19:47, on 17.03.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ad_elmd.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\atiptaxx.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\HP\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Ahead\InCD\InCD.exe C:\WINDOWS\Dit.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\iTunes\iTunesHelper.exe C:\Programme\ISTsvc\istsvc.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\msmq2inst.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\System32\HPZipm12.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Besitzer\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.architekt-thomas-gross.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startseite.de/searchbar R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: WinSurferHelper - {C52CBAEC-D969-4635-9F50-426CC15CE463} - C:\WINDOWS\System32\42393730.dll O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [Power Scan] C:\Programme\Power Scan\powerscan.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ugmkhs.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]ú"ü‰üžiC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ugmkhs.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]ú"ü‰¸u0C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ugmkhs.exe O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]ú"ü‰üžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ugmkhs.exe O4 - HKLM\..\Run: [MS Unix Binary] msmq2inst.exe O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE O4 - HKLM\..\RunServices: [MS Unix Binary] msmq2inst.exe O4 - HKLM\..\RunServices: [Virus Protect] vrsprtc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MS Unix Binary] msmq2inst.exe O4 - Startup: OnlineCounter 2002-Autostart.lnk = C:\Programme\OnlineCounter 2002\OnlineCounter-Autostart.exe O4 - Startup: MP3DownloadHQ.lnk = C:\WINDOWS\MP3DownloadHQ.exe O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe-Gamma-Lader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Trennen - {1FB507B3-841F-4ed4-BED8-E11F0E5E47A1} - C:\Programme\OnlineCounter 2002\OCHangUp.exe (file missing) (HKCU) O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: v3cab - http://searchmiracle.com/cab/5.cab O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_pop.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1036_EN_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21fde7b4e791577ec322/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111008775341 O16 - DPF: {6D15BD40-CCA6-11D2-A6A0-0060089A0EFF} (RWSO_IHB) - https://banking.rwso.de/sparkasse-rottweil/srwso1801.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{B2B0D8EF-901C-4008-A1FF-7AEBE9405F94}: NameServer = 213.73.108.140 212.59.141.38 O17 - HKLM\System\CCS\Services\Tcpip\..\{F325EFC9-6341-496F-8DA4-A6B8F1B4CBF2}: NameServer = 192.168.120.252,192.168.120.253 O23 - Service: Autodesk License Manager (AdLM) - Unknown owner - C:\WINDOWS\System32\ad_elmd.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Vielen Dank für alle Tipps schon mal im Voraus Gruß Engelbert |
|
|
||
17.03.2005, 12:02
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo@engelbert
Deaktivieren Wiederherstellung «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann aktiviere sie wieder) Laden (aber erst im abgesicherten Modus scannen) FxIstbar.exe http://bilder.informationsarchiv.net/Nikitas_Tools/ •Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs kopiere rein: u0Ô@ÔÁß]ú"ü‰üži Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) das machst du ebenfalls mit. {386A771C-E96A-421F-8BA7-32F1B706892F} {825CF5BD-8862-4430-B771-0C15C5CA8DEF} {C52CBAEC-D969-4635-9F50-426CC15CE463} {CFBFAE00-17A6-11D0-99CB-00C04FD64497} {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} {7C559105-9ECF-42B8-B3F7-832E75EDD959} #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startseite.de/searchbar R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: WinSurferHelper - {C52CBAEC-D969-4635-9F50-426CC15CE463} - C:\WINDOWS\System32\42393730.dll O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file) O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [Power Scan] C:\Programme\Power Scan\powerscan.exe O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ugmkhs.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]ú"ü‰üžiC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ugmkhs.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]ú"ü‰¸u0C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ugmkhs.exe O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]ú"ü‰üžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\ugmkhs.exe O4 - HKLM\..\Run: [MS Unix Binary] msmq2inst.exe O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE <--- SDBOT WORM! O4 - HKLM\..\RunServices: [MS Unix Binary] msmq2inst.exe O4 - HKLM\..\RunServices: [Virus Protect] vrsprtc.exe O4 - HKCU\..\Run: [MS Unix Binary] msmq2inst.exe O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_pop.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB PC neustarten •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\42393730.dll C:\Programme\ISTsvc\istsvc.exe C:\WINDOWS\Downloaded Program Files\ISTactivex.dll C:\WINDOWS\optimize.exe C:\program files\Internet Optimizer\update\optimize312.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm C:\Programme\Power Scan\powerscan.exe C:\WINDOWS\ugmkhs.exe C:\WINDOWS\System32\msmq2inst.exe C:\WINDOWS\System32\vrsprtc.exe C:\WINDOWS\Downloaded Program Files\internazionale_ver10.ocx C:\WINDOWS\System32\objsafe.tlb C:\Programme\SideFind\sidefind.dll C:\UNMT.EXE PC neustarten--> in den abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt) Loeschen temporaere Dateien --> loesche die Dateien in den Ordnern, nicht die ordner selbst C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\ C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat) C:\Program Files\Internet Optimizer<--loeschen C:\Programme\Web_Rebates<--loeschen C:\Programme\Power Scan<--loeschen C:\Programme\SideFind <--loeschen scanne mit: Adware.Istbar Removal Tool GEhe wieder in den normalmodus. •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen -->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird--> dann alles "infected" mit der Killbox oder manuell loeschen #ClaerProg..lade die neuste Version <1.4.1 http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein Windows Worms Doors Cleaner erlaubt Ihnen die Dienste auf die die Würmer angewiesen sind, zu schließen http://www.firewallleaktester.com/wwdc.htm DCOM RPC vulnerability -http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx WEBDAV vulnerability - http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx LSASS vulnerability - http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx + poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.03.2005, 14:08
Member
Beiträge: 12 |
#9
Vielen Dank für die superschnelle Antwort
hier die RegSrch Ergebnisse die erste Suche war ohne Ergebnis, die anderen kommen hier: REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{386A771C-E96A-421F-8BA7-32F1B706892F}" 17.03.2005 13:58:58 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\Control] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\MiscStatus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\MiscStatus\1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ISTactivex.Installer\CLSID] @="{386A771C-E96A-421f-8BA7-32F1B706892F}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ISTactivex.Installer.2\CLSID] @="{386A771C-E96A-421f-8BA7-32F1B706892F}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{386A771C-E96A-421F-8BA7-32F1B706892F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{386A771C-E96A-421F-8BA7-32F1B706892F}\Contains] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{386A771C-E96A-421F-8BA7-32F1B706892F}\Contains\Files] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{386A771C-E96A-421F-8BA7-32F1B706892F}\DownloadInformation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{386A771C-E96A-421F-8BA7-32F1B706892F}\InstalledVersion] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll] ".Owner"="{386A771C-E96A-421F-8BA7-32F1B706892F}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll] "{386A771C-E96A-421F-8BA7-32F1B706892F}"="" |
|
|
||
18.03.2005, 12:51
Ehrenmitglied
Beiträge: 29434 |
||
|
||
18.03.2005, 17:02
Member
Beiträge: 12 |
#11
Hallo Sabina
vielen Dank für den Hinweis. Ich hatte keine Ahnung wie lange die ganze Prozedur dauern wird. Hier das neue Log vom HijackThis und vom Ad-aware SE 1.05. Bin ich den Trojaner jetzt los? Logfile of HijackThis v1.99.1 Scan saved at 16:53:38, on 18.03.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\ad_elmd.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\Userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\atiptaxx.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\HP\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Ahead\InCD\InCD.exe C:\WINDOWS\Dit.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\msmq2inst.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\msmq2inst.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\DitExp.exe C:\Programme\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\rundll32.exe C:\Dokumente und Einstellungen\Besitzer\Desktop\AntiVirTools\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.architekt-thomas-gross.de/ F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [MS Unix Binary] msmq2inst.exe O4 - HKLM\..\RunServices: [MS Unix Binary] msmq2inst.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MS Unix Binary] msmq2inst.exe O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe-Gamma-Lader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Trennen - {1FB507B3-841F-4ed4-BED8-E11F0E5E47A1} - C:\Programme\OnlineCounter 2002\OCHangUp.exe (file missing) (HKCU) O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: v3cab - http://searchmiracle.com/cab/5.cab O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1036_EN_XP.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21fde7b4e791577ec322/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111008775341 O16 - DPF: {6D15BD40-CCA6-11D2-A6A0-0060089A0EFF} (RWSO_IHB) - https://banking.rwso.de/sparkasse-rottweil/srwso1801.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F325EFC9-6341-496F-8DA4-A6B8F1B4CBF2}: NameServer = 192.168.120.252,192.168.120.253 O23 - Service: Autodesk License Manager (AdLM) - Unknown owner - C:\WINDOWS\System32\ad_elmd.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe Ad-Aware SE Build 1.05 Logfile Created on:Freitag, 18. März 2005 15:00:04 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R33 16.03.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):13 total references Alexa(TAC index:5):11 total references BroadCastPC(TAC index:7):4 total references Claria(TAC index:7):19 total references ClickSpring(TAC index:6):8 total references Crontel Ltd(TAC index:5):2 total references Dialer(TAC index:5):4 total references DialPass(TAC index:5):4 total references DyFuCA(TAC index:3):6 total references eAcceleration(TAC index:7):7 total references EGroup Dialer(TAC index:5):18 total references Elitum.ElitebarBHO(TAC index:5):7 total references istbar.dotcomToolbar(TAC index:5):5 total references MagicControl(TAC index:7):36 total references MainPean Dialer(TAC index:5):11 total references MediaCharger(TAC index:5):2 total references MRU List(TAC index:0):43 total references Possible Browser Hijack attempt(TAC index:3):4 total references Search Miracle(TAC index:5):7 total references StarInstall(MainPean)(TAC index:5):4 total references TopMoxie(TAC index:3):3 total references Tracking Cookie(TAC index:3):5 total references TS Cash(TAC index:5):10 total references WhenU(TAC index:3):2 total references Win32.Wintrim.Trojan.B(TAC index:7):9 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 18.03.2005 15:00:04 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\office\9.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\mediaplayer\player\settings Description : last save as directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\ahead\cover designer\recent file list Description : list of recently used files in ahead cover designer MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\ntbackup\log files Description : list of recent logfiles in microsoft backup MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\office\9.0\powerpoint\recent typeface list Description : list of recently used typefaces in microsoft powerpoint MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-3588590466-2801439982-1300003180-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Besitzer\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 400 ThreadCreationTime : 18.03.2005 13:54:21 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 548 ThreadCreationTime : 18.03.2005 13:54:23 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 572 ThreadCreationTime : 18.03.2005 13:54:24 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 616 ThreadCreationTime : 18.03.2005 13:54:25 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 628 ThreadCreationTime : 18.03.2005 13:54:25 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 796 ThreadCreationTime : 18.03.2005 13:54:26 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 820 ThreadCreationTime : 18.03.2005 13:54:27 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [incdsrv.exe] FilePath : C:\Programme\Ahead\InCD\ ProcessID : 836 ThreadCreationTime : 18.03.2005 13:54:27 BasePriority : Normal FileVersion : 4, 2, 2, 1 ProductVersion : 4, 2, 2, 1 ProductName : Ahead Software AG incdsrv CompanyName : Ahead Software AG FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Ahead Software AG OriginalFilename : incdsrv.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 988 ThreadCreationTime : 18.03.2005 13:54:28 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1012 ThreadCreationTime : 18.03.2005 13:54:28 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1160 ThreadCreationTime : 18.03.2005 13:54:29 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [ad_elmd.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1264 ThreadCreationTime : 18.03.2005 13:54:29 BasePriority : Normal #:13 [avwupsrv.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 1380 ThreadCreationTime : 18.03.2005 13:54:30 BasePriority : Normal #:14 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1480 ThreadCreationTime : 18.03.2005 13:54:30 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:15 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1520 ThreadCreationTime : 18.03.2005 13:54:30 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:16 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1712 ThreadCreationTime : 18.03.2005 13:55:17 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:17 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 252 ThreadCreationTime : 18.03.2005 13:59:21 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:18 [atiptaxx.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 384 ThreadCreationTime : 18.03.2005 13:59:22 BasePriority : Normal FileVersion : 6.13.2519 ProductVersion : 6.13.2519 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright (C) 1998-2001 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:19 [fpassist.exe] FilePath : C:\Programme\FreePDF_XP\ ProcessID : 428 ThreadCreationTime : 18.03.2005 13:59:22 BasePriority : Normal FileVersion : 3.00.0148 ProductVersion : 3.00.0148 ProductName : FreePDF_Assistant CompanyName : shbox.de FileDescription : FreePDF Assistent für FreePDF3 InternalName : fpAssist LegalCopyright : Stefan Heinz - shbox.de LegalTrademarks : FreePDF OriginalFilename : fpAssist.exe #:20 [hpwuschd.exe] FilePath : C:\Programme\HP\HP Software Update\ ProcessID : 436 ThreadCreationTime : 18.03.2005 13:59:22 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : Hewlett-Packard hpwuSchd CompanyName : Hewlett-Packard FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright © 2003 OriginalFilename : hpwuSchd.exe #:21 [hpcmpmgr.exe] FilePath : C:\Programme\HP\hpcoretech\ ProcessID : 444 ThreadCreationTime : 18.03.2005 13:59:22 BasePriority : Normal FileVersion : 2.1.1.0 ProductVersion : 2.1.4 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003 OriginalFilename : HpCmpMgr.exe #:22 [incd.exe] FilePath : C:\Programme\Ahead\InCD\ ProcessID : 468 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal FileVersion : 4, 2, 2, 1 ProductVersion : 4, 2, 2, 1 ProductName : Ahead Software AG InCD CompanyName : Ahead Software AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Ahead Software AG OriginalFilename : InCD.exe #:23 [dit.exe] FilePath : C:\WINDOWS\ ProcessID : 476 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal #:24 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 484 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:25 [avsched32.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 492 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal FileVersion : 6.30.00.00 ProductVersion : 6.30.00.00 ProductName : AVSched32 CompanyName : H+BEDV Datentechnik GmbH FileDescription : AVSched32 InternalName : AVSched32 LegalCopyright : Copyright © 1998-2005 H+BEDV Datentechnik GmbH. All rights reserved. LegalTrademarks : AntiVir® is a registered trademark of H+BEDV Datentechnik GmbH, Germany OriginalFilename : AVSched32.exe #:26 [ituneshelper.exe] FilePath : C:\Programme\iTunes\ ProcessID : 500 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:27 [realsched.exe] FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\ ProcessID : 508 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal FileVersion : 0.1.0.3208 ProductVersion : 0.1.0.3208 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:28 [point32.exe] FilePath : C:\Programme\Microsoft IntelliPoint\ ProcessID : 372 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal #:29 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 536 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:30 [msmq2inst.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 532 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal #:31 [wkcalrem.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\ ProcessID : 348 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal FileVersion : 6.00.1911.0 ProductVersion : 6.00.1911.0 ProductName : Microsoft® Works 6.0 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Calendar Reminder Service InternalName : WkCalRem LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved. OriginalFilename : WKCALREM.EXE #:32 [hpqtra08.exe] FilePath : C:\Programme\HP\Digital Imaging\bin\ ProcessID : 868 ThreadCreationTime : 18.03.2005 13:59:23 BasePriority : Normal FileVersion : 5.35.0.035 ProductVersion : 005.035.000.035 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor (CUE) InternalName : HPQTRA00 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor (CUE) #:33 [ipodservice.exe] FilePath : C:\Programme\iPod\bin\ ProcessID : 1100 ThreadCreationTime : 18.03.2005 13:59:25 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:34 [ditexp.exe] FilePath : C:\WINDOWS\ ProcessID : 2120 ThreadCreationTime : 18.03.2005 13:59:30 BasePriority : Normal #:35 [hpzipm12.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2468 ThreadCreationTime : 18.03.2005 13:59:37 BasePriority : Normal FileVersion : 7, 0, 0, 0 ProductVersion : 7, 0, 0, 0 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv.exe #:36 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2576 ThreadCreationTime : 18.03.2005 13:59:50 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 43 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\app management\arpcache\ncase 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\app management\arpcache\ncase Value : SlowInfoCache 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\app management\arpcache\ncase Value : Changed 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : did 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : duid 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : partner_id 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : product_id 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : boom 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions Alexa Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuText Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuStatusBar Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Script Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : clsid Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Icon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : HotIcon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : ButtonText ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mediaticketsinstaller.mediaticketsinstallerctrl.1 ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mediaticketsinstaller.mediaticketsinstallerctrl.1 Value : ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e4c3e0b-6bbe-4c94-86ca-6f055a989693} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e4c3e0b-6bbe-4c94-86ca-6f055a989693} Value : ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef} Value : ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{81eb72d7-3949-450f-b035-de599959814f} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{81eb72d7-3949-450f-b035-de599959814f} Value : Crontel Ltd Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\diallerprogram Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Proclaim Telcom Rootkey : HKEY_CLASSES_ROOT Object : interface\{da9a0b1f-9b7b-11d3-b8a4-00c04f79641c} Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Proclaim Telcom Rootkey : HKEY_CLASSES_ROOT Object : interface\{da9a0b1f-9b7b-11d3-b8a4-00c04f79641c} Value : DialPass Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : egauth.egegauth.1 DialPass Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : egauth.egegauth.1 Value : DialPass Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : egauth.egegauth DialPass Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : egauth.egegauth Value : eAcceleration Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f073d8a5-c4ac-4ddc-9204-b1c032b4bd72} eAcceleration Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f073d8a5-c4ac-4ddc-9204-b1c032b4bd72} Value : eAcceleration Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : mseaid.gd\glsid eAcceleration Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : mseaid.gd\glsid Value : EGroup Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{2f668a6d-2ec7-4e3a-a485-819e210738d6} EGroup Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{2f668a6d-2ec7-4e3a-a485-819e210738d6} Value : EGroup Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3588590466-2801439982-1300003180-1004\software\egdhtml EGroup Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822} EGroup Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822} Value : SystemComponent EGroup Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822} Value : Installer Elitum.ElitebarBHO Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar Value : UninstallString Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar Value : DisplayName Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar Value : DisplayIcon istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{19068197-6f58-4e8a-8007-7155a68ca967} MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{19068197-6f58-4e8a-8007-7155a68ca967} Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{75a603e7-8bb7-4272-abbe-9846ff1241c1} MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{75a603e7-8bb7-4272-abbe-9846ff1241c1} Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{d7a82a12-05f5-42d8-b30d-6ef995075d2d} MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{d7a82a12-05f5-42d8-b30d-6ef995075d2d} Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1ef28cc5-8d97-4310-b71b-ca34ee15b897} MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1ef28cc5-8d97-4310-b71b-ca34ee15b897} Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{43cdad65-aa0d-4701-8108-117f86613b69} MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{43cdad65-aa0d-4701-8108-117f86613b69} Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6d3f48f4-b40a-4c3f-a95c-85e23c3a8a91} MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6d3f48f4-b40a-4c3f-a95c-85e23c3a8a91} Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : magiccontrol.magiccomponent MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : magiccontrol.magiccomponent Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : magiccontrol.magiccomponent.1 MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : magiccontrol.magiccomponent.1 Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : plugin_mc.mcplugin MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : plugin_mc.mcplugin Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : plugin_mc.mcplugin.1 MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : plugin_mc.mcplugin.1 Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : component.mc.1 MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : component.mc.1 Value : MagicControl Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : component.mc MagicControl Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : component.mc Value : MainPean Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Pre MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : PreNumber MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : DeviceName MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Country MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Language MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Machine MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : InstallFlags MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : PassFlags MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Password MediaCharger Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3588590466-2801439982-1300003180-1004\software\mediacharger MediaCharger Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3588590466-2801439982-1300003180-1004\\software\mediacharger Search Miracle Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{02c20140-76f8-4763-83d5-b660107babcd} Search Miracle Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{02c20140-76f8-4763-83d5-b660107babcd} Value : StarInstall(MainPean) Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b0ce21c5-6a79-45b7-ab9c-0008e75f2dbf} StarInstall(MainPean) Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b0ce21c5-6a79-45b7-ab9c-0008e75f2dbf} Value : StarInstall(MainPean) Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{cd6b926c-903f-46a4-9c7d-f3839f081788} StarInstall(MainPean) Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{cd6b926c-903f-46a4-9c7d-f3839f081788} Value : TS Cash Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c8ff3068-13d5-4f20-add0-ec149a3b3417} TS Cash Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c8ff3068-13d5-4f20-add0-ec149a3b3417} Value : TS Cash Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : winad2.advertiser TS Cash Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : winad2.advertiser Value : Win32.Wintrim.Trojan.B Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c13fa88a-d264-4bc8-92ed-52eb8181e209}\proxystubclsid32 Win32.Wintrim.Trojan.B Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c13fa88a-d264-4bc8-92ed-52eb8181e209}\proxystubclsid32 Value : Win32.Wintrim.Trojan.B Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c13fa88a-d264-4bc8-92ed-52eb8181e209}\typelib Win32.Wintrim.Trojan.B Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c13fa88a-d264-4bc8-92ed-52eb8181e209}\typelib Value : Win32.Wintrim.Trojan.B Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c13fa88a-d264-4bc8-92ed-52eb8181e209}\typelib Value : Version Win32.Wintrim.Trojan.B Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c13fa88a-d264-4bc8-92ed-52eb8181e209} Win32.Wintrim.Trojan.B Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c13fa88a-d264-4bc8-92ed-52eb8181e209} Value : Win32.Wintrim.Trojan.B Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c13fa88a-d264-4bc8-92ed-52eb8181e209}\proxystubclsid Win32.Wintrim.Trojan.B Object Recognized! Type : RegValue Data : Category |
|
|
||
18.03.2005, 18:59
Ehrenmitglied
Beiträge: 29434 |
#12
Hallo@engelbert
Das ist ein Backdoor, der uneingeschraenkten Zugang zu deinem PC hat...und zu allen Daten.... W32/Rbot-YF Allows others to access the computer Reduces system security Installs itself in the Registry W32/Rbot-YF is a worm which attempts to spread to remote network shares. It also contains backdoor functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process. W32/Rbot-YF moves itself to the Windows system folder as msmq2inst.exe and creates entries in the registry to run on system startup. http://www.sophos.com/virusinfo/analyses/w32rbotyf.html Gehe in die Registry Start-Ausfuehren<regedit Bearbeiten--> suchen v3cab <--loeschen SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab "SystemComponent" SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab "Installer" #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O4 - HKLM\..\Run: [MS Unix Binary] msmq2inst.exe O4 - HKLM\..\RunServices: [MS Unix Binary] msmq2inst.exe O4 - HKCU\..\Run: [MS Unix Binary] msmq2inst.exe O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: v3cab - http://searchmiracle.com/cab/5.cab PC neustarten loeschen: C:\WINDOWS\System32\msmq2inst.exe C:\WINDOWS\Downloaded Program Files\v3.dll ------------------------------------------------------------------------- •Online-Scann (Panda) http://www.pandasoftware.com/activescan/com/activescan_principal.htm •Trend-Micro (Online) http://de.trendmicro-europe.com/consumer/products/housecall_launch.php http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php -->>berichte bitte von den Onlinscanns !!! ---------------------------------------------------------------------------- download the trial version of[color=blue] tds-3 anti trojan[/color] from here: http://www.diamondcs.com.au/tds/downloads/tds3setup.exe install it, but do not launch it yet update it: right click the link below, select "save as" http://www.diamondcs.com.au/tds/radius.td3 save it to the directory where you installed tds-3, overwriting the previous radius.td3. then launch tds-3. in the top bar of tds window click system testing> full system scan. detections will appear in the lower pane of tds window. after the scan is finished ( it'll take a while ) right click the list> select save as txt. save it and post the contents of the scandump.txt here After posting the scanlog go ahead and right click the list again, this time select delete! Delete everything labelled positive identification -------------------------------------------------------------------------- •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen -->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird--> __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2005, 10:15
Member
Beiträge: 12 |
#13
hallo sabina
hier der scandump.txt Scan Control Dumped @ 10:10:23 19-03-05 Positive identification: DDoS.RAT.rBot.bgy File: c:\windows\system32\msmq2inst.exe Live trojan found (in process memory): DCOM RPC Exploit File: C:\WINDOWS\System32\msmq2inst.exe RegVal Trace: DDoS.RAT.rBot: HKEY_CURRENT_USER File: Software\Microsoft\Windows\CurrentVersion\Run [MS Unix Binary=msmq2inst.exe] RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE File: Software\Microsoft\Windows\CurrentVersion\Run [MS Unix Binary=msmq2inst.exe] RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE File: Software\Microsoft\Windows\CurrentVersion\RunServices [MS Unix Binary=msmq2inst.exe] Positive identification: DDoS.RAT.rBot.bgy File: c:\windows\system32\msmq2inst.exe Positive identification: DDoS.RAT.rBot.bjt File: c:\windows\system32\trmupdate.exe Positive identification: DDoS.RAT.rBot.bgy File: c:\system volume information\_restore{525c47e3-beec-48d1-9d1a-801a5e50ccb0}\rp1\a0000009.exe Suspicious Filename: Dual extensions File: c:\projekte\schwartzkopff\doc-xls\datenauszug aus dokument 'architekturbüro ...'.shs Positive identification: DDoS.RAT.rBot.bjt File: c:\!submit\trmupdate.exe Positive identification (DLL): Adware.ToolBar.EliteBar.s1 (dll) File: c:\!submit\v3.dll Positive identification (DLL): Adware.MediaTickets.d (dll) File: c:\!submit\mediaticketsinstaller.ocx Positive identification (DLL): Adware.ToolBar.EliteBar.z (dll) File: c:\!submit\elitetoolbar version 59.dll Positive identification (DLL): Adware.ToolBar.EliteBar.z1 (dll) File: c:\!submit\elitesidebar 08.dll Positive identification (DLL): TrojanDownloader.Win32.IstBar.hz (dll) File: c:\!submit\backup-20050317-160357-853.dll Positive identification (DLL): TrojanDownloader.Win32.IstBar.hz (dll) File: c:\!submit\backup-20050317-160358-108.dll Positive identification: Adware.Gator.5017.a File: c:\!submit\gmt.exe Positive identification: Adware.Gator.4126 File: c:\!submit\cmesys.exe Positive identification: DDoS.RAT.rBot.bgy File: c:\!submit\a0000064.exe Positive identification (DLL): Adware.ToolBar.SideFind.a (dll) File: c:\!submit\a0000066.dll Positive identification: Adware.WebRebates.c File: c:\!submit\a0000085.exe Positive identification: Adware.WebRebates.d1 File: c:\!submit\a0000086.exe Positive identification: DDoS.RAT.rBot.bgy File: c:\!submit\msmq2inst.exe Positive identification <Adv>: Possible keylogger File: c:\adlm\ipx\winadmin.exe Positive identification <Adv>: Possible keylogger File: c:\adlm\ipx\wincntrl.exe Positive identification <Adv>: Possible keylogger File: c:\adlm\ipx\winquery.exe MFG engelbert |
|
|
||
19.03.2005, 15:47
Ehrenmitglied
Beiträge: 29434 |
#14
Hallo@engelbert
Start<Ausfuehren--> regedit Bearbeiten--> suchen-->msmq2inst loesche alles mit rechtsklick, was du findest •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\msmq2inst.exe c:\windows\system32\trmupdate.exe c:\system volume information\_restore{525c47e3-beec-48d1-9d1a-801a5e50ccb0}\rp1\a0000009.exe c:\!submit\trmupdate.exe c:\!submit\v3.dll c:\!submit\mediaticketsinstaller.ocx c:\!submit\elitetoolbar version 59.dll c:\!submit\elitesidebar 08.dll c:\!submit\backup-20050317-160357-853.dll c:\!submit\backup-20050317-160358-108.dll c:\!submit\gmt.exe c:\!submit\cmesys.exe c:\!submit\a0000064.exe c:\!submit\a0000066.dll c:\!submit\a0000085.exe c:\!submit\a0000086.exe c:\!submit\msmq2inst.exe c:\adlm\ipx\winadmin.exe c:\adlm\ipx\wincntrl.exe c:\adlm\ipx\winquery.exe neustarten #ClaerProg..lade die neuste Version <1.4.1 http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner scanne noch mal mit dem Tool tds-3 anti trojan Windows Worms Doors Cleaner erlaubt Ihnen die Dienste auf die die Würmer angewiesen sind, zu schließen http://www.firewallleaktester.com/wwdc.htm und dann poste das neue Log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.03.2005, 15:38
Member
Beiträge: 14 |
#15
Hallo Sabina!
ich hab ein ähnliche problem wie die leute hier. mein antivir zeigt mir auch den TR/Lowzones.A an. allerdings will er dateien in archiven nicht löschen und reparieren. hab hier oben das allesmal gelesen. komme damit aber nicht so ganz klar. bin bei sowas total unerfahren. ich hab mir mal das hijackthis programm geladen was du hier angefüht hattest und hab das system gescannt und gesaved. dabei kam das hier im normalen win xp modus heraus: Logfile of HijackThis v1.99.1 Scan saved at 15:35:06, on 20.03.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\S3hotkey.exe C:\WINDOWS\System32\S3tray2.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\FRITZ!DSL\Awatch.exe C:\WINDOWS\System32\msnupdate.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\PROGRA~1\AIM95\aim.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\TelWell\TelWell.exe C:\Programme\Yahoo!\Messenger\ypager.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\slserv.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\Tim Schorsch\Lokale Einstellungen\Temp\Temporäres Verzeichnis 3 für hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://de.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/us/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/us/*http://www.yahoo.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.rd.yahoo.com/customize/ie/defaults/stp/ymsgr6/us/*http://www.yahoo.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/us/*http://www.yahoo.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://de.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/us/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/ymsgr6/us/*http://www.yahoo.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.rd.yahoo.com/customize/ie/defaults/stp/ymsgr6/us/*http://www.yahoo.de R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/us/*http://www.yahoo.de R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aol.de/ O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe O4 - HKLM\..\Run: [MS Unix Binary] msnupdate.exe O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\RunServices: [MS Unix Binary] msnupdate.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [TelWell] C:\Programme\TelWell\TelWell.exe starttray O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MS Unix Binary] msnupdate.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O17 - HKLM\System\CCS\Services\Tcpip\..\{BADD00AB-523A-45C3-BACB-FD84B4AAEC9E}: NameServer = 192.168.122.252,192.168.122.253 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe ich bin sowas ein totaler anfänger. wäre super lieb wenn du mir schritt für schritt und Idoit beschreiben könntest was ich tun muss bis ich das blöde ding endlich los bin. hab noch ne frage: ich habe auch dauernd das problem das ich zwar ins internet komme aber sich die seiten nicht aufbauen. meine messenger sind dann zwar online, aber es baut sich keien seite auf. hängt das auch damit zusammen? manchmal komme ich auch gar nicht online. dank dir shcon mal im voraus. liebe grüsse... |
|
|
||
kann mir jemand sagen wie ich den los werde??