topantispyware.com läßt sich nicht entfernen |
||
---|---|---|
#0
| ||
04.05.2005, 12:55
Ehrenmitglied
Beiträge: 29434 |
||
|
||
04.05.2005, 16:34
...neu hier
Beiträge: 3 |
#137
ich hoffe das ist so richtig:
"Silent Runners.vbs", revision 36, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS] "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "xojjwmr" = "c:\windows\chaemsf.exe" [file not found] "Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "ilmolaq" = "c:\windows\chaemsf.exe" [file not found] "buaabyu" = "c:\windows\chaemsf.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Agent Themes" = "C:\WINDOWS\system32\sdbiript.exe" [null data] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "D-Link AirPlus Xtreme G" = "C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" ["D-Link"] "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "grohqkzbcnjnh" = "C:\WINDOWS\System32\tkuoavpe.exe" [file not found] "SAcc" = "C:\Programme\SAcc\SAcc.exe" [file not found] "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"] "FlnCPY" = ""C:\Program Files\Common Files\Java\flncpy.exe"" [null data] "conscorr" = "C:\WINDOWS\conscorr.exe" [file not found] "arvVtanf" = "C:\WINDOWS\hapasjob.exe" [file not found] "ANIWZCSService" = "C:\Programme\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [file not found] "OESpamTest" = "C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE" ["Ashmanov & Partners"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {A749B4BC-7621-4a80-9220-D0A283367DD5}\(Default) = "FlashEnhancer Extnder" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Fln\fln.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" [file not found] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler" -> {CLSID}\InProcServer32\(Default) = "D:\OpenOffice.org1.1.4\program\shlxthdl.dll" ["Sun Microsystems, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" [file not found] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "Terminal Player" = "{67537D5D-D9A8-485F-A8EA-931AE56AA1F1}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msnsurl.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS] Enabled Wallpaper and Active Desktop: ------------------------------------- Active Desktop is enabled. HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Active Desktop web content: HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "FriendlyName" = "Security" "Source" = "C:\WINDOWS\Web\desktop.html" "SubscribedURL" = "C:\WINDOWS\Web\desktop.html" Startup items in "David Mohr" & "All Users" startup folders: ------------------------------------------------------------ C:\Dokumente und Einstellungen\David Mohr\Startmenü\Programme\Autostart "Trillian" -> shortcut to: "C:\Programme\Trillian\trillian.exe" ["Cerulean Studios"] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Kaspersky Anti-Hacker" -> shortcut to: "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe /silence" ["Kaspersky Labs"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\flsmngr.dll [null data], 01 - 02, 28 xfire_lsp_8742.dll [null data], 03 - 07, 13 %SystemRoot%\system32\mswsock.dll [MS], 08 - 10, 14 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 11 - 12 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {CLSID}\(Default) = "ICQ Toolbar" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {D3F7557B-BAB5-4D34-A7C1-8B19E6606695}\ "ButtonText" = "Microsoft AntiSpyware helper" "MenuText" = "Microsoft AntiSpyware helper" HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Crypkey License, Crypkey License, "crypserv.exe" [null data] kavsvc, kavsvc, ""C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe"" ["Kaspersky Lab"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A001-19D7 Verzeichnis von c:\windows\system32 02.05.2005 19:31 126.976 flsmngr.dll 1 Datei(en) 126.976 Bytes Verzeichnis von C:\Dokumente und Einstellungen\David Mohr\Desktop Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A001-19D7 Verzeichnis von c:\windows Verzeichnis von C:\Dokumente und Einstellungen\David Mohr\Desktop Scanned at: 18:19:06 on: 04.05.2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done! Dieser Beitrag wurde am 04.05.2005 um 18:20 Uhr von Tschobbl editiert.
|
|
|
||
04.05.2005, 19:54
...neu hier
Beiträge: 3 |
#138
Hi sabina!
Zugriff auf den Desktop als solches hab ich schon. Ich habnur keine Möglichkeit dieses Web Ding an zu wählen da nicht vorhanden. ichkann auch keinen Active Desktop auswählen oder nicht. Denn den bräucht ich wahrscheinlich um dieses Web Ding zu bekommen. Bitte nochmal um einne Tipp. danke Alex Halo noch mal! Ich habe anscheinend das letzte Mal was falsch verstanden, auf jeden Fall habe ich nn den gesamten Schlüssel 0 gelöscht und beim Neustart hat XP den Schlüssel wieder so wie er gehört hergestellt, da ja der Trojaner entfernt war. Du bist definitiv das einzige Genie, dass dieses Problem wirklich lösen kann, und ich habe eine Woche im Net gesucht, glaub es mir. Danke noch mal für die tolle Unterstützung Alex Dieser Beitrag wurde am 05.05.2005 um 09:50 Uhr von riddle2000 editiert.
|
|
|
||
05.05.2005, 13:36
Ehrenmitglied
Beiträge: 29434 |
#139
Hallo@Tschobbl
LSPfix.exe--> poste mir, welche dll du im Tool findest !!!!!!!! http://www.spychecker.com/program/lspfix.html <"I know what I'm doing" <--anhaken das waere zu loeschen--> also auf die rechte Seite bringen--> deleted (loeschen) flsmngr.dll C:\windows\system32\flsmngr.dll (ich weiss noch nicht, ob man das einfach so loeschen kann, denn es ist im Winsock und da muss man vorsichtig sein, du musst mir also mitteilen, ob du die dll in dem Tool findest oder nicht) -------------------------------------------------------------------- Gehe in die Registry Start-->Ausfuehren-->regedit HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0 loesche: "FriendlyName" = "Security" "Source" = "C:\WINDOWS\Web\desktop.html" "SubscribedURL" = "C:\WINDOWS\Web\desktop.html" •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" c:\windows\chaemsf.exe C:\Program Files\Common Files\Java\flncpy.exe C:\WINDOWS\system32\sdbiript.exe C:\WINDOWS\System32\tkuoavpe.exe C:\WINDOWS\conscorr.exe C:\WINDOWS\hapasjob.exe C:\WINDOWS\system32\msnsurl.dll PC neustarten CCleaner--> loesche alle *temp-Datein http://www.ccleaner.com/ccdownload.asp #RegCleaner (Deutsch) (Tip: Lade RegCleaner, stelle das Tool in Deutsch ein und saeubere ueber <Tools<Registry saeubern<alles durchfuehren < den PC (du kannst alles angezeigte Loeschen, denn es verbleibt eine Sicherung) http://www.chip.de/downloads/c_downloads_8830516.html dann scanne noch einmal mit silentrunner und poste auch das neue Log vom HijacktHis + C:\Programme\SAcc\SAcc.exe<--poste mir, was das fuer ein Programm ist. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.05.2005, 14:05
Ehrenmitglied
Beiträge: 29434 |
#140
Hallo@riddle2000
Active Desktop HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies erstelle rechts unter Default den Wert: ForceActiveDesktopOn und setze dann den Wert 1. Value Name: ForceActiveDesktopOn Data Type: REG_DWORD (DWORD Value) Value Data: (0 = default, 1 = aktiv ) -------------------------------------------- oder: HKey_Local_Maschine\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\Explorer Hier DWORD-Einträge eingefügen: NoSetActiveDesktop= 0 1 aktiviert/ 0 deaktiviert dann PC neustarten ------------------- silentrunners http://www.silentrunners.org/sr_download.html gehe auf: Zitat: Click here to download a zip file. hier die Erklaerung: http://www.silentrunners.org/sr_scriptuse.html klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor--> und poste alles, was angezeigt wird. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.05.2005, 13:52
...neu hier
Beiträge: 3 |
#141
so hier die logs :
Logfile of HijackThis v1.99.1 Scan saved at 13:50:32, on 06.05.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\David Mohr\Eigene Dateien\HijackThis.exe O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5E27F8CA-4F43-449A-8781-F0D2B2F8B02F}: NameServer = 145.253.2.11 O21 - SSODL: Terminal Player - {67537D5D-D9A8-485F-A8EA-931AE56AA1F1} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe "Silent Runners.vbs", revision 36, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS] "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "D-Link AirPlus Xtreme G" = "C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" ["D-Link"] "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"] "FlnCPY" = ""C:\Program Files\Common Files\Java\flncpy.exe"" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {A749B4BC-7621-4a80-9220-D0A283367DD5}\(Default) = "FlashEnhancer Extnder" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Fln\fln.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler" -> {CLSID}\InProcServer32\(Default) = "D:\OpenOffice.org1.1.4\program\shlxthdl.dll" ["Sun Microsystems, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft AntiSpyware\shellextension.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "Terminal Player" = "{67537D5D-D9A8-485F-A8EA-931AE56AA1F1}" -> {CLSID}\InProcServer32\(Default) = (value not set) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS] Enabled Wallpaper and Active Desktop: ------------------------------------- Active Desktop is disabled. HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\David Mohr\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "David Mohr" & "All Users" startup folders: ------------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Kaspersky Anti-Hacker" -> shortcut to: "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe /silence" ["Kaspersky Labs"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Crypkey License, Crypkey License, "crypserv.exe" [null data] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- achja und diese sachen finde ich nicht und krieg sie nicht in killbox: C:\WINDOWS\System32\tkuoavpe.exe C:\WINDOWS\conscorr.exe C:\WINDOWS\hapasjob.exe und dieses programm finde ich auch nicht und ich weiß auch nicht was es ist: C:\Programme\SAcc\SAcc.exe<--poste mir, was das fuer ein Programm ist. aber nochaml vielen dank für die freundliche hilfe |
|
|
||
06.05.2005, 14:45
Ehrenmitglied
Beiträge: 29434 |
#142
Hallo@Tschobbl
Gehe in die Registry Start-->Ausfuehren-->regedit HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ mit rechtsklick loeschen: {9EF34FF2-3396-4527-9D27-04C8C1C67806} KILLBOX: http://www.bleepingcomputer.com/files/killbox.php 2. Doppel-klicke auf Killbox.exe und lasse es offen 3. In Killbox klickeauf Delete on Reboot ( roter Kasten ) Fügen diese Datei oben in die Full Path of File to Delete Box (1) in dem man den u.g. Pfad dort eingibt (einfach reinkopieren c:\Program Files\Fln\fln.dll c:\windows\chaemsf.exe C:\Program Files\Common Files\Java\flncpy.exe C:\WINDOWS\system32\sdbiript.exe C:\WINDOWS\System32\tkuoavpe.exe C:\WINDOWS\conscorr.exe C:\WINDOWS\hapasjob.exe C:\WINDOWS\system32\msnsurl.dll 5. Klicke Yes beim Delete on Reboot Prompt. 6. Klicke No beim laufenden Prozesse Prompt 7. Klicke auf den Delete File Button (sieht aus wie ein Stopzeichen (3). 8. Klicke auf Yes beim Delete on Reboot Prompt. 9. Klicke auf Yes beim laufenden Prozesse Prompt, um den Computer neu zu starten. Lasse den Computer neustarten. 10. Sollte folgende Meldung erscheinen, dann führe einen manuellen Neustart durch. "PendingFileRenameOperations Registry Data has been Removed by External Process!" PC neustarten Start-->alle Programme-->Zubehoer-->Editor und kopiere folgenden Text rein: dir C:\WINDOWS\system32\w?crtupd.exe /a h > files.txt notepad files.txt <Speichern als: Findfile.bat <abspeichern unter : Dateityp: alle Dateien <speichere auf dem Desktop Locate FindFile.bat--> doopelklick auf die bat-Datei , der Editor oeffnet sich-->poste den Text .................................................................................................................. •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. •Gehe wieder in den Normalmodus: •mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du "infected" ein •jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. •und ganz unten steht die zusammenfassung, diese auch hier posten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2005, 00:14
...neu hier
Beiträge: 8 |
#143
Hallo @Sabina!!!
Ich habe damals ein Thema gepostet und du hast mir geantwortet. Erstmal Danke dafür:-) Ich habe aber nichts unternommen. Nun, ein paar Monate später und mit einigen Trojanern mehr am Rechner, habe ich beschlossen die Plage zu bekämpfen. Also den Hijack Log habe ich erstmal geschafft, aber auch nur dank http://virus-protect.org/hijackthis.html#Einleitung. Wirklich gute Arbeit, die Ihr da macht. So ich stelle nun das Log-Ergebnis rein und hoffe du, oder auch jemand anders hilft mir, wäre sehr dankbar, wenn mir einer helfen würde, kenne mich mit dieser Materie leider schlecht aus. Noch eins vorweg: Laut eTrust Antivirus habe ich so ca. 34 Trojaner, verschiedener Sorten. Hab mir vor kurzem einen afrikanischen Trojaner oder so, zumindest stand da im Warnfenster Nigeria als Standort, über Mozialla eingefangen über ein offenes Port (stand noch was von JAVA) eingefangen. Also bitte helft mir mal, hier das Log: Logfile of HijackThis v1.99.1 Scan saved at 23:38:45, on 06.05.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\HP\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\WinZip\WZQKPICK.EXE C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\FRITZ!DSL\fritzdsl.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Igor-J\Eigene Dateien\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvnfd.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hvnfd.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hvnfd.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvnfd.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hvnfd.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {99E674B1-BD1C-9AB8-9C0E-C4FB2608BBD6} - C:\WINDOWS\atlzo32.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {5CF0F1D2-1D22-499D-93A1-8126F28412F4} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.125.149 (HKLM) O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://start.online-dialer.com/xac.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12b59a1dbbc2c6658a05/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097566082250 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DDCE6A6B-B5A7-4139-B275-DA0721262015}: NameServer = 192.168.122.252,192.168.122.253 O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\ipff32.exe (file missing) Noch was: was bedeutet eigentlich SP2 hinter Windows XP zum Beispiel???? Habe hier http://virus-protect.org/hijackthis.html gelesen, dass man vorher Spybot oder-/und Ad-Aware laufen lassen sollte, habe es aber nicht gemacht, ist es schlimm??? MFG SPYKILLER Dieser Beitrag wurde am 07.05.2005 um 00:20 Uhr von SPYKILLER editiert.
|
|
|
||
07.05.2005, 16:05
Ehrenmitglied
Beiträge: 29434 |
#144
Hallo@SPYKILLER
An deiner Stelle wuerde ich formatieren, denn das System ist nicht mehr verauenswuerdig.Dein Name bedeutet wohl mehr das Gegenteil ...selten sieht man so einen verseuchten PC ...... Natuerlich kann man es einigermassen sauber bekommen, aber ........sicher wird es nie mehr sein. Was meinst du ? Nimm die XP-CD und formatiere . __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2005, 17:39
...neu hier
Beiträge: 8 |
#145
Hi @Sabina
Danke erstmal für deine Antwort. Ja mein Name ist zwar SPYKILLER, aber so richtig einer bin ich noch nicht.:-))) Was nicht ist kann aber noch werden, werde mich jetzt öfter in dem Thema weiterbilden, denn das ganze ist so umfangreich, dass man es mehrere Semester Studieren könnte. Jetzt zum Thema: Formatieren??? Habe mir schon gedacht dass es kommen würde, nur wenn ich es könnte, hätte ich es selber schon längst gemacht. Ich habe 3 Festplatten und nicht, dass ich das falsche formatiere und naher nichts mehr geht:-) Naja schaue gleich im Internet nach, wie man formatiert, wenn es nichts bringt rufe ich mal ein Freund an, sein kleiner Bruder formatiert alle 2 Tage, der wird sich bestens damit auskennen denke ich mal. Die Frage ist jetzt eigentlich, wie und womit können wir es in Zukunft das Formatieren verhindern?? Die meiste Seuche, habe ich mir mit dem IE reingeholt, benutze jetzt Firefox, ist zwar sicherer aber auch nicht perfekt, Java Zeugs muß ich abstellen wahrscheinlich. Was benutzt ihr denn so, für Browser, Virusprogramme oder Firewalls??? Bei mir ist alles an, Firewall, Virusscanner und bringt nicht so viel, wie man sieht. Gruß SPYKILLER |
|
|
||
07.05.2005, 19:10
Ehrenmitglied
Beiträge: 29434 |
#146
Hallo@SPYKILLER
http://virus-protect.org/seite1.html dort wird es erklaert und die komplette Seite , die dir bestimmt weiterhelfen wird (ohne einige Semester Studium findest du unten in meiner Signatur, __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.05.2005, 01:51
...neu hier
Beiträge: 2 |
#147
Sorry aber ich habe das gleiche prob. mit TopAntiSpyWare.com ... aber ich versteh hier leider nichts ich blick da nicht so durch ... ich hab hijackthis, spybot, Ad Aware SE, AOL antispy, Antivir drüberlaufen lassen ... und ich habe alle datein bei hijackthis die "böse" waren gefixt ... bei SpyBot Antivir Ad Aware SE AOL antispy alles gelöscht was se gefunden haben .... und hab immernoch das problem ... ich hab auf der ersten site die log gelesen ... und die hilfestellung darunter was man löschen soll und wann man neustarten soll ... aber ich blick da einfach nicht durch kann mir das nicht jemand lieberweise erklären? ich finde nichts im netz was mir da weiterhilft überall nur (für mich) unübersichtliche logs und unübersichtliche hilfestellung (ja ich weiß ich bin dumm, aber ich kenn mich net so aus) und bei google hab ich sobs nicht irgendein prog. gibt was es sofort löscht aber anscheint kann ich das nur so lösen wie es hier im forum steht ... Aber wie schon gesagt versteh ich das leider nicht ... Naja wenn ihr keine lust habt mir das zu erklären dann is oke ... will ja net nerven ... aber ich poste mal meine log zur sicherheit ....
Logfile of HijackThis v1.99.1 Scan saved at 00:54:02, on 13.05.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\0190_U~1\w0svc.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\MessengerPlus! 3\MsgPlus.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE C:\Programme\Logitech\ImageStudio\LogiTray.exe C:\PROGRA~1\0190_U~1\WARN0190.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Winamp\winampa.exe C:\Programme\VVSN\VVSN.exe C:\WINDOWS\System32\ctfmon.exe C:\programme\valve\steam\steam.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Skype\Phone\Skype.exe C:\windows\mmrjxjy.exe C:\windows\mmrjxjy.exe C:\windows\mmrjxjy.exe C:\windows\mmrjxjy.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\PROGRA~1\AOL9~1.0\waol.exe C:\PROGRA~1\AOL9~1.0\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\Programme\AVPersonal\AVWIN.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Chrisitophel\Desktop\Emscherkurve77\Mono für Alle\HijackThis1991.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wind-find4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wind-find4u.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wind-find4u.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wind-find4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://wind-find4u.com/index.htm R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {104B28D8-D895-E015-FE93-A2C7A10FB4A2} - C:\DOKUME~1\CHRISI~1\ANWEND~1\BAITCD~1\StartMemo.exe O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [0190/0900 Warner präsentiert von AOL] C:\PROGRA~1\0190_U~1\WARN0190.EXE O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [2 Gpl Warn Wait] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\License Hide 2 Gpl\64 media.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Steam] "c:\programme\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Delete Fast] C:\DOKUME~1\CHRISI~1\ANWEND~1\Rdrgrid\LIST AXIS.exe O4 - HKCU\..\Run: [ukftddb] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [ndlhaep] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [mgjaavt] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [jlfscrr] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [eslmgrt] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [gshruje] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [voxtuqr] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [pilaqwj] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [uqhhgbs] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [jfclsrk] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [favhvkh] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [yxlwwry] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [mrjkjnh] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [mesupeg] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [mbrurpe] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [nxwlwkg] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [potugfx] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [vunptxh] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [ngyfepa] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [wsdutec] c:\windows\mmrjxjy.exe O4 - HKCU\..\Run: [gfxthqx] c:\windows\drjuwbv.exe O4 - HKCU\..\Run: [jwetfqn] c:\windows\pyvxgki.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [nytmdha] c:\windows\drjuwbv.exe O4 - HKCU\..\Run: [sorbovn] c:\windows\pyvxgki.exe O4 - HKCU\..\Run: [jhwgnbj] c:\windows\drjuwbv.exe O4 - HKCU\..\Run: [pwukfxv] c:\windows\pyvxgki.exe O4 - HKCU\..\Run: [ijjhrpk] c:\windows\drjuwbv.exe O4 - HKCU\..\Run: [aviwmeq] c:\windows\pyvxgki.exe O4 - HKCU\..\Run: [lrheole] c:\windows\drjuwbv.exe O4 - HKCU\..\Run: [iulktit] c:\windows\pyvxgki.exe O4 - HKCU\..\Run: [spjgiaa] c:\windows\drjuwbv.exe O4 - HKCU\..\Run: [gnfotha] c:\windows\pyvxgki.exe O4 - HKCU\..\Run: [haqknmp] c:\windows\drjuwbv.exe O4 - HKCU\..\Run: [bthutko] c:\windows\pyvxgki.exe O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/zOOCjPnta53-vqwIDsw.chm::/on-line.exe O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\wx.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\wx.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0EEBC776-7AD2-4D36-ADEE-CDCBA08ACD52}: NameServer = 205.188.146.145 O18 - Protocol: bw+0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {F8885ECC-B121-46C9-A47A-7BC3D0E953BA} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Mirko Böer - C:\PROGRA~1\0190_U~1\w0svc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\\aolserv.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOKUME~1\CHRISI~1\LOKALE~1\TEMP\_VWUPSRV.EXE Hier Habe ich auch mal meine Ad-Aware Log-files: Ad-Aware SE Build 1.05 Logfile Created on:Freitag, 13. Mai 2005 13:54:32 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R44 10.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):28 total references Possible Browser Hijack attempt(TAC index:3):7 total references Tracking Cookie(TAC index:3):30 total references WhenU(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 13.05.2005 13:54:33 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Chrisitophel\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1229272821-1715567821-1801674531-1005\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 408 ThreadCreationTime : 13.05.2005 11:51:38 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 488 ThreadCreationTime : 13.05.2005 11:51:42 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 512 ThreadCreationTime : 13.05.2005 11:51:43 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 716 ThreadCreationTime : 13.05.2005 11:51:43 BasePriority : Normal FileVersion : 5.1.2600.1224 (xpsp2.030516-0318) ProductVersion : 5.1.2600.1224 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 728 ThreadCreationTime : 13.05.2005 11:51:43 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 904 ThreadCreationTime : 13.05.2005 11:51:44 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1092 ThreadCreationTime : 13.05.2005 11:51:44 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1252 ThreadCreationTime : 13.05.2005 11:51:45 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1324 ThreadCreationTime : 13.05.2005 11:51:45 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1484 ThreadCreationTime : 13.05.2005 11:51:46 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1812 ThreadCreationTime : 13.05.2005 11:51:52 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:12 [dragdiag.exe] FilePath : C:\Programme\Alcatel\SpeedTouch USB\ ProcessID : 2004 ThreadCreationTime : 13.05.2005 11:52:07 BasePriority : Normal FileVersion : 201.2.0.0 ProductVersion : 201.2.0.0 ProductName : SpeedTouch USB CompanyName : THOMSON multimedia FileDescription : SpeedTouch Statistics LegalCopyright : Copyright© THOMSON multimedia 1999-2002 #:13 [aoldial.exe] FilePath : C:\Programme\Gemeinsame Dateien\AOL\ACS\ ProcessID : 2028 ThreadCreationTime : 13.05.2005 11:52:07 BasePriority : Normal FileVersion : 2.6.6.3.DE.55 ProductVersion : 2.6.6.3.DE.55 ProductName : AOL Connectivity Service CompanyName : America Online, Inc FileDescription : AOL Connectivity Service Dialer LegalCopyright : Copyright © 2003 America Online, Inc. OriginalFilename : AOLDial.exe #:14 [msgplus.exe] FilePath : C:\Programme\MessengerPlus! 3\ ProcessID : 2036 ThreadCreationTime : 13.05.2005 11:52:07 BasePriority : Normal #:15 [icqlite.exe] FilePath : C:\Programme\ICQLite\ ProcessID : 2044 ThreadCreationTime : 13.05.2005 11:52:07 BasePriority : Normal FileVersion : 20, 32, 2315, 0 ProductVersion : 20, 32, 2315, 0 ProductName : ICQLite CompanyName : ICQ Ltd. FileDescription : ICQLite InternalName : ICQ Lite LegalCopyright : Copyright (C) 2002 OriginalFilename : ICQLite.exe #:16 [rundll32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 148 ThreadCreationTime : 13.05.2005 11:52:07 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:17 [lvcoms.exe] FilePath : C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\ ProcessID : 164 ThreadCreationTime : 13.05.2005 11:52:07 BasePriority : Normal FileVersion : 7.3.0.1113 ProductVersion : 7.3.0.1113 ProductName : Logitech ImageStudio CompanyName : Logitech Inc. FileDescription : LVCom Server InternalName : LVComS.exe LegalCopyright : (c) 1996-2002 Logitech. All rights reserved. OriginalFilename : LVComS.exe #:18 [logitray.exe] FilePath : C:\Programme\Logitech\ImageStudio\ ProcessID : 172 ThreadCreationTime : 13.05.2005 11:52:07 BasePriority : Normal FileVersion : 7.3.0.1113 ProductVersion : 7.3.0.1113 ProductName : Logitech ImageStudio CompanyName : Logitech Inc. FileDescription : ImageStudio Tray Application InternalName : LogiTray.exe LegalCopyright : (c) 1996-2002 Logitech. All rights reserved. OriginalFilename : LogiTray.exe #:19 [warn0190.exe] FilePath : C:\PROGRA~1\0190_U~1\ ProcessID : 136 ThreadCreationTime : 13.05.2005 11:52:07 BasePriority : Normal FileVersion : 4.3.0.219 ProductVersion : 4.03 ProductName : 0190 Warner / 0900 Warner CompanyName : Mirko Böer FileDescription : 0190 Warner / 0900 Warner LegalCopyright : Copyright © 2001 - 2004 Mirko Böer Comments : http://www.wt-rate.com/ #:20 [mpftray.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ProcessID : 196 ThreadCreationTime : 13.05.2005 11:52:08 BasePriority : Normal FileVersion : 4.5.3.30 ProductVersion : 4.5.3.30 ProductName : McAfee Personal Firewall (MPF) CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Tray Monitor InternalName : MpfTray LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc. OriginalFilename : MPFTRAY.EXE Comments : Tray Icon for McAfee Personal Firewall #:21 [msnappau.exe] FilePath : C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\ ProcessID : 184 ThreadCreationTime : 13.05.2005 11:52:08 BasePriority : Normal #:22 [aolsp scheduler.exe] FilePath : C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\ ProcessID : 220 ThreadCreationTime : 13.05.2005 11:52:09 BasePriority : Normal FileVersion : 1, 0, 0, 73 ProductVersion : 1, 0, 0, 73 ProductName : AOLSP Scheduler FileDescription : AOLSP Scheduler InternalName : AOLSP Scheduler LegalCopyright : Copyright (C) America Online, Inc. 2004 OriginalFilename : AOLSP Scheduler.exe #:23 [pdvdserv.exe] FilePath : C:\Programme\CyberLink\PowerDVD\ ProcessID : 240 ThreadCreationTime : 13.05.2005 11:52:09 BasePriority : Normal FileVersion : 6.00.1027 ProductVersion : 6.00.1027 ProductName : PowerDVD CompanyName : Cyberlink Corp. FileDescription : PowerDVD RC Service InternalName : PowerDVD RC Service LegalCopyright : Copyright (c) CyberLink Corp. 1997-2004 OriginalFilename : PDVDSERV.EXE #:24 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 256 ThreadCreationTime : 13.05.2005 11:52:09 BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:25 [winampa.exe] FilePath : C:\Programme\Winamp\ ProcessID : 264 ThreadCreationTime : 13.05.2005 11:52:09 BasePriority : Normal #:26 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 332 ThreadCreationTime : 13.05.2005 11:52:10 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:27 [steam.exe] FilePath : C:\programme\valve\steam\ ProcessID : 348 ThreadCreationTime : 13.05.2005 11:52:10 BasePriority : Normal FileVersion : 1.0.0.0 ProductVersion : 1.0.0.0 ProductName : Steam CompanyName : Valve Corporation FileDescription : Steam LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved. OriginalFilename : Steam.exe #:28 [logitechdesktopmessenger.exe] FilePath : C:\Programme\Logitech\Desktop Messenger\8876480\Program\ ProcessID : 356 ThreadCreationTime : 13.05.2005 11:52:10 BasePriority : Normal FileVersion : 2.1.2.0 ProductVersion : 2.1.2.0 ProductName : Logitech Desktop Messenger CompanyName : Logitech FileDescription : Logitech Desktop Messenger InternalName : Logitech BackWeb Runner LegalCopyright : Copyright (C) Logitech 2000-2004. All rights reserved OriginalFilename : backweb-8876480.exe Comments : www.logitech.com/ldm #:29 [skype.exe] FilePath : C:\Programme\Skype\Phone\ ProcessID : 364 ThreadCreationTime : 13.05.2005 11:52:10 BasePriority : Normal #:30 [mmrjxjy.exe] FilePath : C:\windows\ ProcessID : 292 ThreadCreationTime : 13.05.2005 11:52:11 BasePriority : Normal #:31 [w0svc.exe] FilePath : C:\PROGRA~1\0190_U~1\ ProcessID : 676 ThreadCreationTime : 13.05.2005 11:52:12 BasePriority : Normal FileVersion : 4.0.0.22 ProductVersion : 4.0 ProductName : 0190/0900 Warner CompanyName : Mirko Böer FileDescription : 0190/0900 Warner Service InternalName : w0svc LegalCopyright : Copyright © 2003-2004 Mirko Böer OriginalFilename : w0svc.exe #:32 [teatimer.exe] FilePath : C:\Programme\Spybot - Search & Destroy\ ProcessID : 1192 ThreadCreationTime : 13.05.2005 11:52:13 BasePriority : Idle FileVersion : 1, 3, 0, 12 ProductVersion : 1, 3, 0, 12 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. #:33 [aolacsd.exe] FilePath : C:\Programme\Gemeinsame Dateien\AOL\ACS\ ProcessID : 1368 ThreadCreationTime : 13.05.2005 11:52:14 BasePriority : Normal #:34 [iexplore.exe] FilePath : C:\Programme\Internet Explorer\ ProcessID : 1576 ThreadCreationTime : 13.05.2005 11:52:14 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : IEXPLORE.EXE #:35 [avwupsrv.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 1672 ThreadCreationTime : 13.05.2005 11:52:15 BasePriority : Normal #:36 [mpfagent.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ProcessID : 1752 ThreadCreationTime : 13.05.2005 11:52:15 BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee Personal Firewall (MPF) CompanyName : McAfee Security FileDescription : McAfee Personal Firewall Agent Interface InternalName : MpfAgent LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc. OriginalFilename : MPFAGENT.EXE Comments : McAfee Personal Firewall Security Center Module #:37 [mpfservice.exe] FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\ ProcessID : 1796 ThreadCreationTime : 13.05.2005 11:52:16 BasePriority : Normal FileVersion : 4.1.0.1 ProductVersion : 4.1.0.1 ProductName : McAfee.com Personal Firewall CompanyName : McAfee.com Corporation FileDescription : McAfee.com Personal Firewall Service InternalName : MPFService LegalCopyright : Copyright © 2000,2001 OriginalFilename : MpfService.exe Comments : McAfee.com Personal Firewall Service #:38 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1860 ThreadCreationTime : 13.05.2005 11:52:16 BasePriority : Normal FileVersion : 6.14.10.6693 ProductVersion : 6.14.10.6693 ProductName : NVIDIA Driver Helper Service, Version 66.93 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 66.93 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:39 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2020 ThreadCreationTime : 13.05.2005 11:52:16 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:40 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1560 ThreadCreationTime : 13.05.2005 11:52:17 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:41 [wmiprvse.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 3200 ThreadCreationTime : 13.05.2005 11:52:38 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:42 [msnmsgr.exe] FilePath : C:\Programme\MSN Messenger\ ProcessID : 3268 ThreadCreationTime : 13.05.2005 11:52:39 BasePriority : Normal FileVersion : 7.0.0777 ProductVersion : 7.0.0777 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:43 [waol.exe] FilePath : C:\PROGRA~1\AOL9~1.0\ ProcessID : 3788 ThreadCreationTime : 13.05.2005 11:53:01 BasePriority : Normal #:44 [shellmon.exe] FilePath : C:\PROGRA~1\AOL9~1.0\ ProcessID : 3960 ThreadCreationTime : 13.05.2005 11:53:04 BasePriority : Normal #:45 [aoltpspd.exe] FilePath : C:\Programme\Gemeinsame Dateien\Aol\ ProcessID : 3980 ThreadCreationTime : 13.05.2005 11:53:05 BasePriority : Normal FileVersion : 1, 1, 1, 0 ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07 ProductName : AOL TopSpeed(TM) CompanyName : America Online Inc FileDescription : AOL TopSpeed(TM) InternalName : AOL TopSpeed(TM) LegalCopyright : Copyright © America Online 2003 LegalTrademarks : AOL TopSpeed(TM) OriginalFilename : aoltpspd.exe #:46 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2500 ThreadCreationTime : 13.05.2005 11:53:46 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 28 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 28 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantfind4u.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://wind-find4u.com/sp.htm" Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://wind-find4u.com/sp.htm" Possible Browser Hijack attempt : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\MainSearch Pagefind4u.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://wind-find4u.com/index.htm" Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://wind-find4u.com/index.htm" Possible Browser Hijack attempt : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\MainStart Pagefind4u.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://wind-find4u.com/index.htm" Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "http://wind-find4u.com/index.htm" Possible Browser Hijack attempt : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\MainSearch Barfind4u.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://wind-find4u.com/sp.htm" Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://wind-find4u.com/sp.htm" Possible Browser Hijack attempt : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\SearchURLfind4u.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://wind-find4u.com/index.htm" Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\SearchURL Value : Data : "http://wind-find4u.com/index.htm" Possible Browser Hijack attempt : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\SearchURLProviderfind4u.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "wind-find4u.com" Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-1715567821-1801674531-1005\Software\Microsoft\Internet Explorer\SearchURL Value : Provider Data : "wind-find4u.com" Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 6 Objects found so far: 34 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@as-eu.falkag[1].txt Category : Data Miner Comment : Hits:59 Value : Cookie:chrisitophel@as-eu.falkag.net/ Expires : 03.05.2006 21:10:56 LastSync : Hits:59 UseCount : 0 Hits : 59 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@statcounter[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:chrisitophel@statcounter.com/ Expires : 02.05.2010 01:25:30 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@tradedoubler[1].txt Category : Data Miner Comment : Hits:62 Value : Cookie:chrisitophel@tradedoubler.com/ Expires : 02.06.2005 14:27:52 LastSync : Hits:62 UseCount : 0 Hits : 62 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@as1.falkag[2].txt Category : Data Miner Comment : Hits:146 Value : Cookie:chrisitophel@as1.falkag.de/ Expires : 12.06.2005 02:02:08 LastSync : Hits:146 UseCount : 0 Hits : 146 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@tribalfusion[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:chrisitophel@tribalfusion.com/ Expires : 01.01.2038 02:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@cs.sexcounter[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:chrisitophel@cs.sexcounter.com/ Expires : 12.05.2024 20:07:28 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@revenue[1].txt Category : Data Miner Comment : Hits:22 Value : Cookie:chrisitophel@revenue.net/ Expires : 10.06.2022 07:05:42 LastSync : Hits:22 UseCount : 0 Hits : 22 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@2o7[2].txt Category : Data Miner Comment : Hits:265 Value : Cookie:chrisitophel@2o7.net/ Expires : 12.05.2010 00:25:26 LastSync : Hits:265 UseCount : 0 Hits : 265 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@adserver.rushed[1].txt Category : Data Miner Comment : Hits:2 Value : Cookie:chrisitophel@adserver.rushed.de/ Expires : 03.05.2006 14:10:50 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@adtech[2].txt Category : Data Miner Comment : Hits:28 Value : Cookie:chrisitophel@adtech.de/ Expires : 30.04.2015 02:07:16 LastSync : Hits:28 UseCount : 0 Hits : 28 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@fastclick[1].txt Category : Data Miner Comment : Hits:12 Value : Cookie:chrisitophel@fastclick.net/ Expires : 29.04.2007 15:24:50 LastSync : Hits:12 UseCount : 0 Hits : 12 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@cgi-bin[1].txt Category : Data Miner Comment : Hits:36 Value : Cookie:chrisitophel@imrworldwide.com/cgi-bin Expires : 08.05.2015 12:07:40 LastSync : Hits:36 UseCount : 0 Hits : 36 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@bs.serving-sys[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:chrisitophel@bs.serving-sys.com/ Expires : 01.01.2038 07:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@serving-sys[2].txt Category : Data Miner Comment : Hits:5 Value : Cookie:chrisitophel@serving-sys.com/ Expires : 01.01.2038 07:00:00 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@0[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:chrisitophel@jrightm.cjt1.net/HTM/602/0 Expires : 10.05.2006 11:00:42 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@weborama[2].txt Category : Data Miner Comment : Hits:42 Value : Cookie:chrisitophel@weborama.fr/ Expires : 01.05.2007 19:52:24 LastSync : Hits:42 UseCount : 0 Hits : 42 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@partners.webmasterplan[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:chrisitophel@partners.webmasterplan.com/ Expires : 03.06.2005 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@fortunecity[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:chrisitophel@fortunecity.com/ Expires : 01.01.2011 02:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@paycounter[2].txt Category : Data Miner Comment : Hits:3 Value : Cookie:chrisitophel@paycounter.com/ Expires : 31.12.2030 03:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : chrisitophel@ads.tripod.lycos[1].txt Category : Data Miner Comment : Hits:6 Value : Cookie:chrisitophel@ads.tripod.lycos.de/ Expires : 10.05.2005 00:44:22 LastSync Dieser Beitrag wurde am 13.05.2005 um 14:40 Uhr von CyrusXjr editiert.
|
|
|
||
29.05.2005, 14:18
...neu hier
Beiträge: 2 |
#148
Hi, ich hab auch diesen topantispyware link auf dem desktop, finde allerdings nicht die lines im hijackthis log die zu fixen sind. deshalb hier mein log, vielleicht kann mir jemand helfen..
Logfile of HijackThis v1.99.1 Scan saved at 14:10:56, on 29.05.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\OpenOffice.org1.1.4\program\soffice.exe C:\WINDOWS\explorer.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\DOKUME~1\MARTIN~1.SCH\LOKALE~1\TEMP\_VWUPSRV.EXE C:\WINDOWS\System32\wuauclt.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Martin.SCHNIGGS-A6Y48M\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe C:\Dokumente und Einstellungen\Martin.SCHNIGGS-A6Y48M\Lokale Einstellungen\Temporary Internet Files\Content.IE5\A54BMLE5\kav5.0trial_personalen[1].exe C:\kav\personal5.0\english\kav5.0.227_personalen.exe C:\Programme\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programme\OpenOffice.org1.1.4\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/5/s1//q.chm::/file.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113979786147 O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF5CB08-1E2A-4EB3-B71E-A99E79B48F89}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D542778C-A39B-4B8B-8852-3C9F0E6BC007}: NameServer = 62.72.64.241 62.72.64.237 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOKUME~1\MARTIN~1.SCH\LOKALE~1\TEMP\_VWUPSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Dankeschön |
|
|
||
29.05.2005, 18:14
Ehrenmitglied
Beiträge: 29434 |
#149
Hallo@saraha
Lade: rkfiles.zip http://bilder.informationsarchiv.net/Nikitas_Tools/rkfiles.zip -->entpacken--> gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml -->Doppelklick(Ausfuehren)-->rkfiles.bat--> warten bis sich das DOS-Fenster schliesst...auch wenn es lange dauert --->poste C:\log.txt #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/5/s1//q.chm::/file.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c267.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab PC neustarten CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html ------------------------------------------------------------------------ Escan-Erkennungstool (Anleitung) http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.05.2005, 18:28
Ehrenmitglied
Beiträge: 29434 |
#150
Hallo@CyrusXjr
Nimm bitte deine XP-CD und formatiere, der PC ist total verseucht __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
silentrunners
http://www.silentrunners.org/sr_download.html
gehe auf:
Zitat:
Click here to download a zip file.
hier die Erklaerung:
http://www.silentrunners.org/sr_scriptuse.html
klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor-->
und poste alles, was angezeigt wird.
LSPfix.exe
http://www.spychecker.com/program/lspfix.html
<"I know what I'm doing" <--anhaken
bringe die flsmngr.dll von links nach rechts (falls sie nicht schon dort sind) und loeschen (deleted)
Start-->Ausfuehren--> regedit
HKEY_CURRENT_USER\Software\Microsoft\Internet \Explorer\Desktop\Components
falls du es findest--> loesche auf der rechten Seite der Registry den Unterschluessel "0" mit Rechtsklick
+ (auch loeschen)
"FriendlyName" = "Security"
"Source" = "C:\WINDOWS\Web\desktop.html"
"SubscribedURL" = "C:\WINDOWS\Web\desktop.html"
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.royalsearch.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O9 - Extra button: Microsoft AntiSpyware helper - {BEBBE3D1-050C-489F-B5FF-0709D6F84D91} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BEBBE3D1-050C-489F-B5FF-0709D6F84D91} - (no file) (HKCU)
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB
PC neustarten
•KillBox
http://www.bleepingcomputer.com/files/killbox.php
•Delete File on Reboot <--anhaken
und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
C:\WINDOWS\Downloaded Program Files\internazionale_ver10.ocx
c:\Program Files\Fln\fln.dll
C:\WINDOWS\System32\runsrv32.exe
C:\WINDOWS\System32\runsrv32.dll
C:\WINDOWS\System32\txfdb32.dll
C:\WINDOWS\System32\srpcsrv32.dll
C:\WINDOWS\System32\runsvc32.exe
C:\WINDOWS\System\runsrv32.dll
C:\WINDOWS\System32\runoledb32.exe
C:\Program Files\TopAntiSpyware
C:\WINDOWS\desktop.html
C:\WINDOWS\Web\desktop.html
C:\r.exe
C:\WINDOWS\System32\spoolsrv32.exe
PC neustarten
CCleaner--> loesche alle *temp-Datein
http://www.ccleaner.com/ccdownload.asp
so kann man C:\WINDOWS\Web\desktop.html loeschen
Geht auf Start -> Einstellungen -> Systemsteuerung und klickt dort auf "Anzeige" Darin gibt es ein Register "Desktop" und die Möglichkeit "Desktop anpassen". Darin wiederum klickt ihr auf das Register "Web" und entfernt dort "Security" in der Liste
1 - Taskleiste Rechtsklick - Eigenschaften.
2 - Taskleiste automatisch ausblenden Aktivieren.
3 - Man kann nun einen kleinen Teil des alten Desktop hintergrundes sehen, da wo die Taskleiste früher war.
4 - Rechtsklick - Eigenschaften auf den kleinen alten Desktop ausschnitt.
5 - Dektop - Desktop anpassen
6 - Web-Karteikarte auswählen
7 - Eintrag "Security"+C:\WINDOWS\desktop.html Löschen
•C:\WINDOWS\Web\desktop.html
•C:\WINDOWS\SSICO.ICO
•C:\Dokumente und Einstellungen\User\\Desktop\! Protect Your Data.url
•C:\Dokumente und Einstellungen\User\\Favorites\! Smart Security.url
•C:\Dokumente und Einstellungen\User\\Recent\! Smart Security.url
•C:\Dokumente und Einstellungen\User\\Start Menu\! Secure Yourself.url
•Download NOD32 Antivirus System
http://www.nod32.de/download/download.php
Man sollte jedoch darauf achten, dass man die Einstellungen
dahingehend ändert das ALLE DATEIEN durchsucht werden.
Voreingestellt sind nur bestimmte Dateitypen.
suche/scanne mit dem Panda-Onlinescan (und berichte)
http://virus-protect.org/onlinescan.html
dann poste das neue Log vom HijackThis
__________
MfG Sabina
rund um die PC-Sicherheit