Home » Spyware & Browser Hijacker Support Forum » nicht entfernbare Icons auf dem Desktop » Themenansicht
nicht entfernbare Icons auf dem Desktop |
||
|---|---|---|
| #0
| ||
|
02.01.2005, 16:10
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
02.01.2005, 18:41
...neu hier
Beiträge: 8 |
#2
Hallo Michle,
helfen kann ich dir leider nich, hab aber das gleiche Problem  Bitte zu berücksichtigen, dass ich so gut wie keine Ahnung vom PC habe Möchte mich also einfach nur anschließen und hoffe auf HILFEEE Gruß Michaela Dieser Beitrag wurde am 02.01.2005 um 18:43 Uhr von hilflose editiert.
|
|
|
|
|
|
|
02.01.2005, 19:23
Member
Beiträge: 1132 |
#3
@michle43, @hilflose,
Damit Euch die Boardprofis helfen können müßt Ihr ein wenig Vorarbeit leisten. HijackThis herunterladen http://www.downloads.subratam.org/hijackthis.zip http://www.spywareinfo.com/~merijn/files/hijackthis.zip und dann Lade/entpacke HijackThis in einem eigenen Ordner (z.B. \hijackthis) Starte das Programm --> Scan klicken --> Save-Button anklicken--> Savelog -->es öffnet sich der Editor --> nun das komplette Log mit rechtem Mausklick abkopieren und ins Forum posten. Gruß Heron __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch Dieser Beitrag wurde am 02.01.2005 um 19:29 Uhr von Heron editiert.
|
|
|
|
|
|
|
02.01.2005, 20:00
...neu hier
Beiträge: 2 |
#4
Hallo Leute,
ich hab das selbe Problem, wie Michle43 und Hilflose. Mir ist jedoch aufgefallen dass diese Icons erst auftauchen wenn teile des Windows Explorers gestartet werden. Hier erst mal ein paar Angaben: Betriebssystem: Windows Xp(Sp2) Ich verwende auschließlich Firefox und Thunderbird. Antivir guard von Antivir Xp gibt keine meldungen. Bei spybot taucht nur der DSO Exploit Bug auf. Habe zusätzlich noch scans mit a² gefahren. Ebenso keine Meldungen Hijack log: Logfile of HijackThis v1.99.0 Scan saved at 19:57:14, on 02.01.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\System32\mqtgsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\DELLMMKB.EXE C:\Programme\Messenger Plus! 3\MsgPlus.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Netropa\OSD.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\BOINC\boinc_gui.exe C:\Programme\BOINC\projects\setiathome.berkeley.edu\setiathome_4.08_windows_intelx86.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Willow.AEON\Eigene Dateien\Eigene Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.csqdueqerq.com/LZK1T75Z4SRCq6O6GiduOAe2b62or4YDJ16jNU4IaEIHUzOVb7yvLkJrUzF/0Jcj.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vnayowpamejgejftggzvcrt.us/LZK1T75Z4SRy_KnmzcMRit8S6V8J0Rtm0QMynumaQuE.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6E9581C8-4B6C-0C27-5B9A-A66FE3BD460B} - C:\DOKUME~1\WILLOW~1.AEO\ANWEND~1\UPFIVE~1\ante logo.exe O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110404 Ser*hier nicht!*=DR12CEW-5861039-FWJ lang=DE O4 - HKLM\..\Run: [Road mess third glue] C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\corn base road mess\Ball Stop.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [3DNADesktop] "C:\Programme\3DNA\Resources\3dnasys.exe" -open O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\GEMEIN~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [SetiLog9x] C:\Programme\Log9x\log9x.exe O4 - HKCU\..\Run: [List Blue] C:\DOKUME~1\WILLOW~1.AEO\ANWEND~1\CORNTY~1\Clock else.exe O4 - HKCU\..\Run: [BoincLogX] C:\Programme\BoincLogX\boinclogx.exe O4 - Global Startup: BOINC.lnk = C:\Programme\BOINC\boinc_gui.exe O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.adultpark.de/vod/dmd/WMDownload.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe Ich nehme mal an die Ursache liegt wahrscheinlich in den Verweisen R0, R1 oder O16. Ich bin für jede Hilfe dankbar. Insbesondere für eure Bemühungen. Greets, Simon |
|
|
|
|
|
|
02.01.2005, 20:30
...neu hier
Beiträge: 8 |
#5
Da isses ;-)
Logfile of HijackThis v1.99.0 Scan saved at 20:31:18, on 02.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\mysql\bin\mysqld-nt.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Winamp\Winampa.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Messenger Plus! 3\MsgPlus.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\Internet Explorer\iexplore.exe D:\Webshots\WebshotsTray.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\ArcorOnline\Arcor.exe C:\Programme\Yahoo!\Messenger\YPager.exe C:\Programme\Internet Explorer\iexplore.exe D:\Programme\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otcizjywucskmzq.com/adQk_IGlo36OCSJ0Ymc0l7uVdOcd6vG9iVD8VwPVf_r5hUx3BOYNFlHUVUHsNXRD.jpg R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brazzoniradio.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {73AB3E90-1EEE-A543-96D2-78ADAEAD16A3} - C:\DOKUME~1\Andre\ANWEND~1\POKESH~1\second bags.exe O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TrustInstaller] G:\Setup.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [deafamokballmath] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Dead 16.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKCU\..\Run: [byte meta] C:\DOKUME~1\Mela\ANWEND~1\PLATFO~1\phonelies.exe O4 - HKCU\..\Run: [Printer Services] spool.exe O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Web Savings - file://C:\Programme\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Dateien Mela\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://212.129.168.37/kxhcm10.ocx O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F7} (Flatcast Viewer 4.10) - http://www.1mal1.com/flatcast/NpFv410.dll O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://80.61.30.131:3000/activex/AxisCamControl.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F66F456E-56B9-4D16-A21A-6E4E09007334}: NameServer = 213.20.54.76 193.189.244.205 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file) O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: C-DillaCdaC11BA - Unknown - C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing) O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: MySql - Unknown - C:\mysql\bin\mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE O23 - Service: AOpen NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe |
|
|
|
|
|
|
03.01.2005, 15:47
Ehrenmitglied
 Beiträge: 29434 |
#6
Hallo@simon_heim
Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 #Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.csqdueqerq.com/LZK1T75Z4SRCq6O6GiduOAe2b62or4YDJ16jNU4IaEIHUzOVb7yvLkJrUzF/0Jcj.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vnayowpamejgejftggzvcrt.us/LZK1T75Z4SRy_KnmzcMRit8S6V8J0Rtm0QMynumaQuE.html O2 - BHO: (no name) - {6E9581C8-4B6C-0C27-5B9A-A66FE3BD460B} - C:\DOKUME~1\WILLOW~1.AEO\ANWEND~1\UPFIVE~1\ante logo.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110404 Ser*hier nicht!*=DR12CEW-5861039-FWJ lang=DE O4 - HKLM\..\Run: [Road mess third glue] C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\corn base road mess\Ball Stop.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [List Blue] C:\DOKUME~1\WILLOW~1.AEO\ANWEND~1\CORNTY~1\Clock else.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.adultpark.de/vod/dmd/WMDownload.cab PC neustarten Deinstalliere: [MessengerPlus3] (der ist Schuld an der Verseuchung mit Lop.com) #eScan-Erkennungstool http://www.rokop-security.de/board/index.php?showtopic=3867 erstelle den Ordner c:\bases mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml Loesche: C:\DOKUME~1\WILLOW~1.AEO\ANWEND~1\UPFIVE~1\ante logo.exe C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\corn base road mess\Ball Stop.exe C:\DOKUME~1\WILLOW~1.AEO\ANWEND~1\CORNTY~1\Clock else.exe C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\corn base <loeschen temporaere Dateien C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\ und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. Gehe wieder in den Normalmodus ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein #Ad-aware SE Personal 1.05 Updated -->poste das Log vom Scann http://fileforum.betanews.com/detail/965718306/1 mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. und ganz unten steht die zusammenfassung, diese auch hier posten (danach loesche, was angezeigt wird) + Poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 03.01.2005 um 16:01 Uhr von Sabina editiert.
|
|
|
|
|
|
|
03.01.2005, 16:10
Ehrenmitglied
Beiträge: 29434 |
#7
Hallo@hilflose
EMPFEHLUNG: NEUFORMATION VON WINDOWS Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 #Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otcizjywucskmzq.com/adQk_IGlo36OCSJ0Ymc0l7uVdOcd6vG9iVD8VwPVf_r5hUx3BOYNFlHUVUHsNXRD.jpg O2 - BHO: (no name) - {73AB3E90-1EEE-A543-96D2-78ADAEAD16A3} - C:\DOKUME~1\Andre\ANWEND~1\POKESH~1\second bags.exe O3 - Toolbar: (no name) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - (no file) O4 - HKLM\..\Run: [TrustInstaller] G:\Setup.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [deafamokballmath] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Dead 16.exe O4 - HKCU\..\Run: [byte meta] C:\DOKUME~1\Mela\ANWEND~1\PLATFO~1\phonelies.exe O4 - HKCU\..\Run: [Printer Services] spool.exe --->W32/Rbot-RL O8 - Extra context menu item: Web Savings - file://C:\Programme\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.ht m O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://212.129.168.37/kxhcm10.ocx O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing) PC neustarten Deinstalliere: [MessengerPlus3] (der ist Schuld an der Verseuchung mit Lop.com)[/color] #eScan ftp://mwti.matrix.lv/download/tools/ erstelle den Ordner c:\bases mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml Loesche: <C:\DOKUME~1\Andre\ANWEND~1\POKESH~1\second bags.exe <G:\Setup.exe <C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Dead 16.exe <C:\DOKUME~1\Mela\ANWEND~1\PLATFO~1\phonelies.exe <spool.exe <C:\Programme\WebSavingsfromEbates\System\Temp\ebateswebsavings <loeschen temporaere Dateien C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\ #C:\Windows\Downloaded Programm Files\ -->löschen und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. Gehe wieder in den Normalmodus ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein #Trend-Micro (Online) http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php #Ad-aware SE Personal 1.05 Updated -->poste das Log vom Scann http://fileforum.betanews.com/detail/965718306/1 mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. und ganz unten steht die zusammenfassung, diese auch hier posten (danach loesche, was angezeigt wird) + Poste das neue Log vom HijackThis ------------------------------------------------------------------------------------------ W32/Rbot-RL # Ermöglicht Dritten den Zugriff auf den Computer # Lädt Code aus dem Internet herunter # Reduziert die Systemsicherheit # Speichert Tastenfolgen # Installiert sich in der Registrierung Verbreitungsweise * Netzwerkfreigaben !!!!!!!!!!!! W32/Rbot-RL kann über IRC-Kanäle von einem remoten Angreifer gesteuert werden. W32/Rbot-RL kann über IRC-Kanäle von einem remoten Angreifer gesteuert werden. Die Backdoor-Komponente von W32/Rbot-RL kann von einem remoten Anwender angewiesen werden, folgende Funktionen zu starten: Starten eines FTP-Servers Starten eines Proxyservers Starten eines Webservers Teilnehmen an Distributed-Denial-of-Service (DDoS)-Attacken Speichern von Tastenfolgen Erstellen von Bildschirm- und Webcam-Aufnahmen Packet-Sniffing Portscanning Herunterladen und Ausführen beliebiger Dateien Starten einer Remote-Shell (RLOGIN) Der Wurm kopiert sich in eine Datei namens spool.exe im Windows-Systemordner und erstellt die folgenden Registrierungseinträge: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Printer Services spool.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run Printer Services spool.exe HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Printer Services spool.exe Patches für die Betriebssystemschwachstellen, die von W32/Rbot-RL ausgenutzt werden, stehen von Microsoft zur Verfügung unter: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx http://www.microsoft.com/technet/security/bulletin/ms03-039.mspx http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx *********************************************************** http://www.sophos.de/virusinfo/analyses/w32rbotrl.html __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 03.01.2005 um 16:28 Uhr von Sabina editiert.
|
|
|
|
|
|
|
03.01.2005, 16:17
...neu hier
Beiträge: 8 |
#8
Oh überschnitten, danke Sabrina
aber ... wie gehe ich in den abgesicherten Modus? Gruß Ela hat sich gerade erledigt *gg wer lesen kann is klar im vorteil also nochmal danke dir Dieser Beitrag wurde am 03.01.2005 um 16:20 Uhr von hilflose editiert.
|
|
|
|
|
|
|
03.01.2005, 16:18
Ehrenmitglied
Beiträge: 29434 |
#9
druecke die Taste F8, wenn der PC hochfaehrt und melde dich als Administrator an (ist in dem Link erklaert, der unter der Anweisung steht)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.01.2005, 17:24
...neu hier
Beiträge: 8 |
#10
Folgendes finde ich nicht im abgesicherten Modus
<C:\DOKUME~1\Andre\ANWEND~1\POKESH~1\second bags.exe <C:\DOKUME~1\Mela\ANWEND~1\PLATFO~1\phonelies.exe <spool.exe G ist ein CD-ROM laufwerk, kann es sein, das da eine CD im Laufwerdk war, oder kann diese .exe trotzdem da sein .. wenn ja, dann find ich diese auch nicht. Gruß Ela |
|
|
|
|
|
|
03.01.2005, 21:32
...neu hier
Beiträge: 8 |
#11
Ad-Aware SE Build 1.05
Logfile Created on:Montag, 3. Januar 2005 20:53:42 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R24 29.12.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:8):7 total references Alexa(TAC index:5):11 total references AltnetBDE(TAC index:4):16 total references BlazeFind(TAC index:5):3 total references Claria(TAC index:7):15 total references Cydoor(TAC index:7):2 total references Dialer(TAC index:5):4 total references GlobalDialer(TAC index:5):3 total references IBIS Toolbar(TAC index:5):2 total references IBS-Dialer(TAC index:5):10 total references istbar.dotcomToolbar(TAC index:5):6 total references istbar(TAC index:6):21 total references iWon(TAC index:5):20 total references Lop(TAC index:7):8 total references MainPean Dialer(TAC index:5):24 total references MRU List(TAC index:0):39 total references StarInstall(MainPean)(TAC index:5):4 total references TopMoxie(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 03.01.2005 20:53:42 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\office\10.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\office\10.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\office\10.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent page list Description : list of recently used pages in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\mediaplayer\player\recenturllist Description : list of recently used web addresses in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1085031214-117609710-725345543-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Mela\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 676 ThreadCreationTime : 03.01.2005 19:18:01 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 724 ThreadCreationTime : 03.01.2005 19:18:15 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 748 ThreadCreationTime : 03.01.2005 19:18:16 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 792 ThreadCreationTime : 03.01.2005 19:18:16 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 804 ThreadCreationTime : 03.01.2005 19:18:16 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 988 ThreadCreationTime : 03.01.2005 19:18:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1068 ThreadCreationTime : 03.01.2005 19:18:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1172 ThreadCreationTime : 03.01.2005 19:18:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1264 ThreadCreationTime : 03.01.2005 19:18:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1464 ThreadCreationTime : 03.01.2005 19:18:18 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:11 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1484 ThreadCreationTime : 03.01.2005 19:18:18 BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:12 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1512 ThreadCreationTime : 03.01.2005 19:18:18 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1736 ThreadCreationTime : 03.01.2005 19:18:19 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1836 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:15 [aolacsd.exe] FilePath : C:\Programme\Gemeinsame Dateien\AOL\ACS\ ProcessID : 1848 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal #:16 [ccproxy.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1872 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:17 [ghosts~2.exe] FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\ ProcessID : 1944 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal FileVersion : 2003.789 ProductVersion : 2003.789 ProductName : Norton Ghost Start Service CompanyName : Symantec Corporation FileDescription : Norton Ghost Start InternalName : GhostStartService LegalCopyright : Copyright (C) 1998-2003 Symantec Corp. All rights reserved. OriginalFilename : GhostStartService.exe #:18 [mdm.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\ ProcessID : 1968 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:19 [mysqld-nt.exe] FilePath : C:\mysql\bin\ ProcessID : 240 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal #:20 [navapsvc.exe] FilePath : C:\Programme\Norton AntiVirus\ ProcessID : 280 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:21 [nprotect.exe] FilePath : C:\PROGRA~1\NORTON~1\NORTON~4\ ProcessID : 412 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal FileVersion : 17.0.0.82 ProductVersion : 17.0.0.82 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation. OriginalFilename : NPROTECT.EXE #:22 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 488 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal FileVersion : 6.13.10.3100 ProductVersion : 6.13.10.3100 ProductName : NVIDIA Driver Helper Service, Version 31.00 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 31.00 InternalName : NVSVC LegalCopyright : (c) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:23 [nopdb.exe] FilePath : C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\ ProcessID : 720 ThreadCreationTime : 03.01.2005 19:18:20 BasePriority : Normal FileVersion : 7.00.0.24 ProductVersion : 7.00.0.24 ProductName : Norton Speed Disk CompanyName : Symantec Corporation FileDescription : NOPDB InternalName : NOPDB LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation OriginalFilename : NOPDB.dll #:24 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1188 ThreadCreationTime : 03.01.2005 19:18:21 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:25 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1276 ThreadCreationTime : 03.01.2005 19:18:21 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:26 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2088 ThreadCreationTime : 03.01.2005 19:18:29 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:27 [winampa.exe] FilePath : C:\Programme\Winamp\ ProcessID : 2300 ThreadCreationTime : 03.01.2005 19:18:32 BasePriority : Normal #:28 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 2348 ThreadCreationTime : 03.01.2005 19:18:32 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:29 [hpwuschd2.exe] FilePath : C:\Programme\Hewlett-Packard\HP Software Update\ ProcessID : 2356 ThreadCreationTime : 03.01.2005 19:18:32 BasePriority : Normal FileVersion : 2, 0, 37, 0 ProductVersion : 2, 0, 37, 0 ProductName : Hewlett-Packard hpwuSchd CompanyName : Hewlett-Packard FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright © 2003 OriginalFilename : hpwuSchd2.exe #:30 [hpztsb08.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ProcessID : 2364 ThreadCreationTime : 03.01.2005 19:18:33 BasePriority : Normal FileVersion : 2,223,0,0 ProductVersion : 2,223,0,0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2003 #:31 [hpotdd01.exe] FilePath : C:\Programme\Hewlett-Packard\Digital Imaging\bin\ ProcessID : 2372 ThreadCreationTime : 03.01.2005 19:18:33 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Hewlett-Packard hpotdd01 CompanyName : Hewlett-Packard FileDescription : hpotdd01 InternalName : hpotdd01 LegalCopyright : Copyright © 2002 OriginalFilename : hpotdd01.exe #:32 [ghoststarttrayapp.exe] FilePath : C:\Programme\Norton SystemWorks\Norton Ghost\ ProcessID : 2428 ThreadCreationTime : 03.01.2005 19:18:33 BasePriority : Normal FileVersion : 2003.789 ProductVersion : 2003.789 ProductName : Norton Ghost Start CompanyName : Symantec Corporation FileDescription : Norton Ghost Start InternalName : GhostStartTrayApp LegalCopyright : Copyright (C) 1998-2003 Symantec Corp. All rights reserved. OriginalFilename : GhostStartTrayApp.exe #:33 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 2436 ThreadCreationTime : 03.01.2005 19:18:33 BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:34 [aoldial.exe] FilePath : C:\Programme\Gemeinsame Dateien\AOL\ACS\ ProcessID : 2556 ThreadCreationTime : 03.01.2005 19:18:35 BasePriority : Normal FileVersion : 2.6.6.3.DE.55 ProductVersion : 2.6.6.3.DE.55 ProductName : AOL Connectivity Service CompanyName : America Online, Inc FileDescription : AOL Connectivity Service Dialer LegalCopyright : Copyright © 2003 America Online, Inc. OriginalFilename : AOLDial.exe #:35 [webshotstray.exe] FilePath : D:\Webshots\ ProcessID : 2744 ThreadCreationTime : 03.01.2005 19:18:39 BasePriority : Normal FileVersion : 1.3.0.3826 ProductVersion : 1.3.0.3826 ProductName : Webshots Tray Application CompanyName : The Webshots Corporation FileDescription : Webshots Desktop Tray Application InternalName : WEBSHOTSTRAY LegalCopyright : Copyright (C) 1998 OriginalFilename : WEBSHOTSTRAY.EXE #:36 [savscan.exe] FilePath : C:\Programme\Norton AntiVirus\ ProcessID : 2856 ThreadCreationTime : 03.01.2005 19:18:40 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright (c) 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:37 [wmiprvse.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 3248 ThreadCreationTime : 03.01.2005 19:18:44 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:38 [arcor.exe] FilePath : C:\Programme\ArcorOnline\ ProcessID : 3520 ThreadCreationTime : 03.01.2005 19:18:49 BasePriority : Normal FileVersion : 5.00.0002 ProductVersion : 5.00.0002 ProductName : Arcor-Online Butler Version 5.002 CompanyName : Arcor AG & Co. KG FileDescription : Arcor-Online Butler Version 5.002 InternalName : Arcor LegalCopyright : © 2004 Arcor AG & Co. KG LegalTrademarks : Arcor AG & Co. KG OriginalFilename : Arcor.exe Comments : Ihr Arcor-Online Butler 5.002 für Modem, ISDN, DSL und LAN. #:39 [iexplore.exe] FilePath : C:\Programme\Internet Explorer\ ProcessID : 3328 ThreadCreationTime : 03.01.2005 19:19:10 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : IEXPLORE.EXE #:40 [ad-aware.exe] FilePath : D:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2784 ThreadCreationTime : 03.01.2005 19:52:44 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 39 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : did 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : duid 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : partner_id 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions\msbb Value : product_id 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions Alexa Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuText Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuStatusBar Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Script Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : clsid Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Icon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : HotIcon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : ButtonText AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet Value : ALTNET_DIR AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet Value : SharedMediaDir AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet Value : SharedMediaDir2 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet Value : aver AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet Value : SharedFilesDir AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe Value : AppID AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe Value : AppID Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMG Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : uets Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GEF Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMI Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : LastInstall Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : PAK Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : SSeq Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : SEvt Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\gator.com Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cydoor Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cydoor Value : AdwrCnt Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920} Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920} Value : Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : interface\{c60bc918-abba-0704-0b53-2c8830e9faec} Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : Cytainment Rootkey : HKEY_CLASSES_ROOT Object : interface\{c60bc918-abba-0704-0b53-2c8830e9faec} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1085031214-117609710-725345543-1004\software\btiein IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1085031214-117609710-725345543-1004\\software\btiein IBS-Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : Pre IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : PreNumber IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : DeviceName IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : Country IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : Language IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : Machine IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : InstallFlags IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : PassFlags IBS-Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\ibs highspeed Value : Password istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer Value : istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} Value : istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486} istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486} Value : istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486} istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486} Value : istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : version istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_name istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_url istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_url istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_url istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_initial_delay istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_count istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_count istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_version istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_count istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : account_id istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_date istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_interval istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_last istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_interval istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_last istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_interval istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_last iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239} iWon Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239} Value : iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9afb8248-617f-460d-9366-d71cdeda3179} iWon Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Value : iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} iWon Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} Value : iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} iWon Object Recognized! Type : RegValue Data : Category : Data Miner Comment : SmileyCentralPFSetup2.0.2.1 Rootkey : HKEY_CLASSES_ROOT Object : interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} Value : iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1085031214-117609710-725345543-1004\software\mywebsearch iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mywebsearch iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\focusinteractive iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\fun web products iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\fun web products iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\fun web products iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\fun web products iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1085031214-117609710-725345543-1004\software\fun web products iWon Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\fun web products iWon Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\fun web products Value : JpegConversionLib iWon Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\fun web products Value : CacheDir MainPean Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Pre MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : PreNumber MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : DeviceName MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Country MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Language MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Machine MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : InstallFlags MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : PassFlags MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Password MainPean Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Pre MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : PreNumber MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : DeviceName MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Country MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Language MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Machine MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : InstallFlags MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : PassFlags MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial Value : Password StarInstall(MainPean) Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b0ce21c5-6a79-45b7-ab9c-0008e75f2dbf} StarInstall(MainPean) Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b0ce21c5-6a79-45b7-ab9c-0008e75f2d |
|
|
|
|
|
|
03.01.2005, 21:47
...neu hier
Beiträge: 8 |
#12
Ich hoffe das war richtig so und nu mwav
=> File C:\DOKUME~1\ADMINI~1\ANWEND~1\PLATFO~1\trusthidepopfast.exe infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: File Deleted. => *** SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce has RunningProcess defined as C:\DOKUME~1\ADMINI~1\ANWEND~1\PLATFO~1\trusthidepopfast.exe (which is infected)! => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\upd670500436 deleted because it is infected by a Virus => File C:\WINDOWS\Downloaded Program Files\QDow.dll infected by "TrojanDownloader.Win32.QDown.a" Virus. Action Taken: File Deleted. => File C:\WINDOWS\internet.exe infected by "Trojan-Downloader.Win32.Small.or" Virus. Action Taken: File Deleted. => File C:\WINDOWS\system32\vbsys2.dll infected by "Trojan-Clicker.Win32.Agent.ac" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\balmhole.exe infected by "Trojan.Win32.Krepper.ab" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Bleh more.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Dead 16.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Encmfcd.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Less Locks.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. > File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\license roam.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Manager does.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\mpeg info.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\programjump.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\thelicense.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thebytedeafamok\Warn Frag.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\afvdzvyc.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\one 64 third.exe infected by "TrojanDownloader.Win32.Swizzor.cb" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\afvdzvyc.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\one 64 third.exe infected by "TrojanDownloader.Win32.Swizzor.cb" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\qhpwvpci.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\qryxiatl.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\rfwiqqyy.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\trusthidepopfast.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\platform win\xllgxwne.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\poke shim\second bags.exe infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted. File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-34e2b6fd-24322ac5.zip infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-53840fa2-696fb366.zip infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed. => File C:\Dokumente und Einstellungen\Andre\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-5c9ba4fb-5c3467f3.zip infected by "Trojan.Java.Femad" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\aea9e80c.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\aeaf9854.exe infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\aff35fe4.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Anwendungsdaten\poke shim\second bags.exe infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\10c9320.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\177742.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\19c99a.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\1b5be6.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\20d7c8.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\222620.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\2f33b.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\3b987c.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\4d698a.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\6ba717.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\75361b.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\aeb99f63.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\aed9a054.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\b2b26f.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temp\c58290.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temporary Internet Files\Content.IE5\HLO2OB9V\upAYB_unk[1].int infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: File Deleted. => Scanning File C:\Dokumente und Einstellungen\Mela\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TF3JD1CE\infected6xz[1].gif => File C:\Programme\Norton SystemWorks\Norton CleanSweep\Backup\SwDi5238.BUD infected by "TrojanDownloader.Win32.Small.eb" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00487089.exe infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490178.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490179.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490180.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490181.EXE infected by "TrojanDownloader.Win32.Swizzor.cb" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490182.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490184.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490185.EXE infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490186.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: File Deleted. => File C:\RECYCLER\NPROTECT\00490238.exe infected by "Trojan-Downloader.Win32.Swizzor.cg" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\09E37FE0 infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\0D102154 infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\180F3110 infected by "Trojan.Java.Femad" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\25480F25 infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\283A4C75 infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\28477467 infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\2AFD637F.dat infected by "Worm.P2P.Tanked.14" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\2C0F2A51.dat infected by "Worm.P2P.Tanked.14" Virus. Action Taken: File Deleted => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\2C12544D.dat infected by "Worm.P2P.Tanked.14" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\317103B6 infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\322E0F37 infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\32BE1612 infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\38620399 infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\4099099C.exe infected by "TrojanDownloader.Win32.Small.eg" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\4C0E73B2 infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\4C121DAE infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\5241530E.dat infected by "Worm.P2P.Tanked.14" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\52791CD1.dat infected by "Worm.P2P.Tanked.14" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\530E5E15 infected by "Trojan.Java.Femad" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\53120811 infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\54941C67 infected by "not-virus:Joke.Win32.Train" Virus. Action Taken: File Renamed. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\67E852EE.exe infected by "TrojanDownloader.Win32.Small.eg" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\718933DF.exe infected by "TrojanDownloader.Win32.Small.eg" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\71EC2B25 infected by "TrojanDownloader.Win32.IstBar.ag" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\729A2599 infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\733E7E0E infected by "Win32.HLLP.Hantaner.a" Virus. Action Taken: File Disinfected. => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\77562BCE infected by "TrojanDownloader.Win32.Small.eb" Virus. Action Taken: File Deleted => File D:\C-Dateien\Programme\Norton AntiVirus\Quarantine\7AF76D14.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed. => File D:\C-Dateien\Programme\Norton SystemWorks\Norton CleanSweep\Backup\SwDi5238.BUD infected by "TrojanDownloader.Win32.Small.eb" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\platform win\dsmtbhxl.exe infected by "Trojan.Win32.Krepper.ab" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\platform win\essainbv.exe infected by "TrojanDownloader.Win32.Swizzor.bq" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\platform win\lvlscnge.exe infected by "TrojanDownloader.Win32.Swizzor.bn" Virus. Action Taken: File Deleted => File D:\C-Dateien\Programme\platform win\nzbhdjuj.exe infected by "Trojan.Win32.Krepper.ab" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\platform win\one 64 third.exe infected by "TrojanDownloader.Win32.Swizzor.bm" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\platform win\pajyocwr.exe infected by "Trojan.Win32.Krepper.ab" Virus. Action Taken: File Deleted. => File D:\C-Dateien\Programme\poke shim\second bags.exe infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted. => File D:\Programme\hijackthis\backups\backup-20050103-163016-624.dll infected by "TrojanDownloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted. > File F:\Eigene Dateien\Eigene Videos\sexymodell.exe infected by "not-virus:Joke.Win32.Badgame" Virus. Action Taken: File Renamed. Mon Jan 03 20:15:50 2005 => ***** Checking for specific ITW Viruses ***** Mon Jan 03 20:15:50 2005 => Checking for Welchia Virus... Mon Jan 03 20:15:50 2005 => Checking for LovGate Virus... Mon Jan 03 20:15:50 2005 => Checking for CodeRed Virus... Mon Jan 03 20:15:50 2005 => Checking for OpaServ Virus... Mon Jan 03 20:15:50 2005 => Checking for Sobig.e Virus... Mon Jan 03 20:15:50 2005 => Checking for Winupie Virus... Mon Jan 03 20:15:50 2005 => Checking for Swen Virus... Mon Jan 03 20:15:50 2005 => Checking for JS.Fortnight Virus... Mon Jan 03 20:15:50 2005 => Checking for Novarg Virus... Mon Jan 03 20:15:50 2005 => ***** Scanning complete. ***** Mon Jan 03 20:15:50 2005 => Total Number of Files Scanned: 115229 Mon Jan 03 20:15:50 2005 => Total Number of Virus(es) Found: 178 Mon Jan 03 20:15:50 2005 => Total Number of Disinfected Files: 10 Mon Jan 03 20:15:50 2005 => Total Number of Files Renamed: 8 Mon Jan 03 20:15:50 2005 => Total Number of Deleted Files: 77 Mon Jan 03 20:15:50 2005 => Total Number of Errors: 3 Mon Jan 03 20:15:50 2005 => Time Elapsed: 02:20:04 Mon Jan 03 20:15:50 2005 => Virus Database Date: 2005/01/03 Mon Jan 03 20:15:50 2005 => Virus Database Count: 114611 Mon Jan 03 20:15:50 2005 => Scan Completed. Mon Jan 03 20:16:47 2005 => Virus Database Date: 2005/01/03 Mon Jan 03 20:16:47 2005 => Virus Database Count: 114611 Mon Jan 03 20:17:02 2005 => AV Library Unloaded (3)... Dieser Beitrag wurde am 03.01.2005 um 22:06 Uhr von hilflose editiert.
|
|
|
|
|
|
|
03.01.2005, 22:09
...neu hier
Beiträge: 8 |
#13
Ich hoffe das war wirklich alles nötig .... also weiter
Logfile of HijackThis v1.99.0 Scan saved at 22:09:34, on 03.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\mysql\bin\mysqld-nt.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Winamp\Winampa.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe D:\Webshots\WebshotsTray.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\ArcorOnline\Arcor.exe C:\Programme\Internet Explorer\iexplore.exe D:\Programme\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kibvfpuwqjlw.com/adQk_IGlo36OCSJ0Ymc0l7uVdOcd6vG9iVD8VwPVf_oxudtdpZVbxVHUVUHsNXRD.jpg R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brazzoniradio.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Dateien Mela\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F66F456E-56B9-4D16-A21A-6E4E09007334}: NameServer = 213.20.54.76 193.189.244.205 O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: MySql - Unknown - C:\mysql\bin\mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE O23 - Service: AOpen NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe |
|
|
|
|
|
|
04.01.2005, 12:28
Ehrenmitglied
Beiträge: 29434 |
#14
Hallo@Hilflose
Deaktivieren Wiederherstellung «XP http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 Fixe mit dem HijackThis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kibvfpuwqjlw.com/adQk_IGlo36OCSJ0Ymc0l7uVdOcd6vG9iVD8VwPVf_oxudtdpZVbxVHUVUHsNXRD.jpg O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab neustarten Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k --> Scanne noch mal mit AdAware und mit eScan (das Scanlog muesste nun sauber bleiben  ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 04.01.2005 um 12:37 Uhr von Sabina editiert.
|
|
|
|
|
|
|
05.01.2005, 00:12
...neu hier
Beiträge: 8 |
#15
DDDDAAANNNKKKEEEEEEEEEE
Logfile of HijackThis v1.99.0 Scan saved at 00:09:14, on 05.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\mysql\bin\mysqld-nt.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Winamp\Winampa.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe D:\Webshots\WebshotsTray.exe C:\Programme\Norton AntiVirus\SAVScan.exe D:\Programme\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brazzoniradio.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~3\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Dateien Mela\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: MySql - Unknown - C:\mysql\bin\mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE O23 - Service: AOpen NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe ein dickes fettes HURRRAAAAAAAA und danke dir Sabina |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Gruß Michael