Home » Spyware & Browser Hijacker Support Forum » auto blank als Startseite lässt sich nicht ändern » Themenansicht
auto blank als Startseite lässt sich nicht ändern |
||
|---|---|---|
| #0
| ||
|
08.01.2005, 12:31
...neu hier
Beiträge: 5 |
||
 
|
|
|
|
08.01.2005, 17:09
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo@Nils1
"Win32.winshow.N"-->C:\WINDOWS\D3YZ32.EXE ------------------------------------------------------------------------------- #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: Class - {90C430E2-D68B-7E5D-5D5F-1E9313AB83BE} - C:\WINDOWS\SYSTEM\NETKA32.DLL O4 - HKLM\..\Run: [WINSS32.EXE] C:\WINDOWS\WINSS32.EXE O4 - HKLM\..\RunServices: [D3YZ32.EXE] C:\WINDOWS\D3YZ32.EXE PC neustarten KillBox http://www.bleepingcomputer.com/files/killbox.php <Delete File on Reboot C:\WINDOWS\system\zqfvf.dll C:\WINDOWS\D3YZ32.EXE C:\WINDOWS\WINSS32.EXE und klick auf das rote Kreuz, wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" PC neustarten loeschen temporaere Dateien C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 (loesche nicht die index.dat) #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera CWShredder 2.12 [2004-12-13] http://www.majorgeeks.com/download3019.html Lade TrojanHunter--> Fullscan http://www.antivirus-online.de/german/counttro.php3?a=1204 #Antivirus (free)-->nach dem Installationsscann mache einen Komplettscann (poste mir bitte das Log vom Scann) http://www.free-av.de/ [X] Speicher [X] Bootsektor Suchlaufwerke [ ] Unbekannte Bootsektoren melden [X] Alle Dateien [ ] Programmdateien #Ad-aware SE Personal 1.05 Updated -->poste mir bitte das Log vom Scann http://fileforum.betanews.com/detail/965718306/1 #Search&Destroy http://www.safer-networking.org/de/download/index.html Spybot - Search && Destroy process list report,-->bitte abkopieren und posten #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 08.01.2005 um 17:17 Uhr von Sabina editiert.
|
|
|
|
|
|
|
09.01.2005, 21:09
...neu hier
Themenstarter Beiträge: 5 |
#3
Hallo Sabina, vielen Dank für die schnelle Hilfe! Habe alle Deine Anweisungen ausgeführt und es sah Anfangs ganz gut aus, ausser das der IE sehr langsam war! Konnte auch die Startseite einstellen, doch leider ist der autoblank wieder da!!!!!!!!! Hier die beiden Logs:
Log aus Ad-aware: Ad-Aware SE Build 1.05 Logfile Created on:Sonntag, 9. Januar 2005 20:04:22 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R24 29.12.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):9 total references CoolWebSearch(TAC index:10):46 total references Possible Browser Hijack attempt(TAC index:3):3 total references Rads01.Quadrogram(TAC index:6):23 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 09.01.2005 20:04:22 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [KERNEL32.DLL] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293910847 Threads : 6 Priority : High FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Kernkomponente des Win32-Kernel InternalName : KERNEL32 LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000 OriginalFilename : KERNEL32.DLL #:2 [MSGSRV32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292880351 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Windows 32-Bit-VxD-Meldungsserver InternalName : MSGSRV32 LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998 OriginalFilename : MSGSRV32.EXE #:3 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292888531 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft Windows CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk LegalCopyright : Copyright © Microsoft Corp. 1991-2000 OriginalFilename : mmtask.tsk #:4 [MPREXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292890095 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000 OriginalFilename : MPREXE.EXE #:5 [STIMON.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292907651 Threads : 6 Priority : Normal FileVersion : 4.90.3000.1 ProductVersion : 4.90.3000.1 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Standbildgeräte-Monitor InternalName : STIMON LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : STIMON.EXE #:6 [MSTASK.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292905919 Threads : 2 Priority : Normal FileVersion : 4.71.2721.1 ProductVersion : 4.71.2721.1 ProductName : Taskplaner für Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Taskplaner-Engine InternalName : TaskScheduler LegalCopyright : Copyright (C) Microsoft Corp. 1997 OriginalFilename : mstask.exe #:7 [SCARDS32.EXE] FilePath : C:\WINDOWS\ ProcessID : 4292928307 Threads : 3 Priority : Normal FileVersion : V2.14.21 ProductVersion : V2.14 ProductName : CHIPDRIVE IFD Drivers CompanyName : Towitoko AG FileDescription : SCARD 32-Bit 95/98-ServerProcess / NT-Service InternalName : SCARDS32 LegalCopyright : © 1998-2001, Towitoko AG OriginalFilename : SCARDS32.EXE #:8 [SCARDSVR.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292926235 Threads : 3 Priority : Normal FileVersion : 5.00.1708.1 ProductVersion : 5.00.1708.1 ProductName : Betriebssystem Microsoft(R) Windows NT(R) CompanyName : Microsoft Corporation FileDescription : Smartcard-Ressourcenverwaltungsserver InternalName : SCardSvr.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998 OriginalFilename : SCardSvr.exe #:9 [EXPLORER.EXE] FilePath : C:\WINDOWS\ ProcessID : 4292914455 Threads : 18 Priority : Normal FileVersion : 5.50.4134.100 ProductVersion : 5.50.4134.100 ProductName : Betriebssystem Microsoft(R) Windows (R) 2000 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : EXPLORER.EXE #:10 [STMGR.EXE] FilePath : C:\WINDOWS\SYSTEM\RESTORE\ ProcessID : 4293018399 Threads : 4 Priority : Normal FileVersion : 4.90.0.2533 ProductVersion : 4.90.0.2533 ProductName : Microsoft (r) PCHealth CompanyName : Microsoft Corporation FileDescription : Microsoft (R) PC State Manager InternalName : StateMgr.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : StateMgr.exe #:11 [SYSTRAY.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293066207 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : System Tray-Applet InternalName : SYSTRAY LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000 OriginalFilename : SYSTRAY.EXE #:12 [HPGS2WND.EXE] FilePath : C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\ ProcessID : 4293079655 Threads : 4 Priority : Normal FileVersion : 2,3,0,0\161 ProductVersion : 2,3,0,0\161 ProductName : Hewlett-Packard hpgs2wnd CompanyName : Hewlett-Packard FileDescription : hpgs2wnd InternalName : hpgs2wnd LegalCopyright : Copyright © 2001 OriginalFilename : hpgs2wnd.exe #:13 [LOADQM.EXE] FilePath : C:\WINDOWS\ ProcessID : 4293091687 Threads : 3 Priority : Normal FileVersion : 5.4.1103.3 ProductVersion : 5.4.1103.3 ProductName : QMgr Loader CompanyName : Microsoft Corporation FileDescription : Microsoft QMgr InternalName : LOADQM.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : LOADQM.EXE #:14 [THGUARD.EXE] FilePath : D:\PROGRAMME D\TROJANHUNTER 4.1\ ProcessID : 4293088543 Threads : 2 Priority : Normal FileVersion : 3.8.0.275 ProductVersion : 1.0.0.0 ProductName : TrojanHunter Guard CompanyName : Mischel Internet Security FileDescription : TrojanHunter Guard LegalCopyright : Mischel Internet Security LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security. OriginalFilename : THGuard.exe #:15 [AVGCTRL.EXE] FilePath : D:\PROGRAMME D\ANITVIRUS\ ProcessID : 4293087855 Threads : 2 Priority : Normal #:16 [HPGS2WNF.EXE] FilePath : C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\ ProcessID : 4293101003 Threads : 2 Priority : Normal FileVersion : 2, 6, 0,161 ProductVersion : 2, 6, 0,161 ProductName : hpgs2wnf Module FileDescription : hpgs2wnf Module InternalName : hpgs2wnf LegalCopyright : Copyright 2001 OriginalFilename : hpgs2wnf.EXE #:17 [CAPICTRL.EXE] FilePath : C:\PROGRAMME\TA 33 USB\ ProcessID : 4292933943 Threads : 1 Priority : Normal FileVersion : 1.03 ProductVersion : 1.03 ProductName : CAPIControl Application CompanyName : DeTeWe AG & Co. FileDescription : CAPIControl InternalName : CAPIControl LegalCopyright : Copyright (C) 1999-2000 DeTeWe AG & Co. OriginalFilename : CAPIControl.EXE #:18 [WKCALREM.EXE] FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\ ProcessID : 4293074015 Threads : 2 Priority : Normal FileVersion : 6.00.1911.0 ProductVersion : 6.00.1911.0 ProductName : Microsoft® Works 6.0 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Calendar Reminder Service InternalName : WkCalRem LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved. OriginalFilename : WKCALREM.EXE #:19 [OSA.EXE] FilePath : C:\PROGRAMME\MICROSOFT OFFICE 97\OFFICE\ ProcessID : 4293117399 Threads : 1 Priority : Normal #:20 [WMIEXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293096835 Threads : 3 Priority : Normal FileVersion : 4.90.2452.1 ProductVersion : 4.90.2452.1 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : WMI service exe housing InternalName : wmiexe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : wmiexe.exe #:21 [AD-AWARE.EXE] FilePath : D:\PROGRAMME D\AD-AWARE SE PERSONAL\ ProcessID : 4293263167 Threads : 2 Priority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:22 [RNAAPP.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293307015 Threads : 3 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : DFÜ-Netzwerkprogramm InternalName : RNAAPP LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996 OriginalFilename : RNAAPP.EXE #:23 [TAPISRV.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293298667 Threads : 6 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Microsoft® Windows(R) Telefonieserver InternalName : Telefoniedienst LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998 OriginalFilename : TAPISRV.EXE Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuText Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuStatusBar Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Script Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : clsid Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Icon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : HotIcon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : ButtonText CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.toolbandobj.1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.toolbandobj.1 Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.toolbandobj CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.toolbandobj Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.startbho.1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.startbho.1 Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.startbho CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.startbho Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1de9ee01-df51-49db-9bdd-5990b35c1c2a} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1de9ee01-df51-49db-9bdd-5990b35c1c2a} Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : ID1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : ID2 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : ID4 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : NumRuns CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : Next CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : CLSID CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : PanelNumber CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 31 Objects found so far: 31 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Deep scanning and examining files (c  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : File Data : dcbpw.txt Category : Malware Comment : Object : c:\WINDOWS\SYSTEM\ CoolWebSearch Object Recognized! Type : File Data : kzsdd.dat Category : Malware Comment : Object : c:\WINDOWS\SYSTEM\ CoolWebSearch Object Recognized! Type : File Data : uynuy.log Category : Malware Comment : Object : c:\WINDOWS\SYSTEM\ CoolWebSearch Object Recognized! Type : File Data : ysdml.log Category : Malware Comment : Object : c:\WINDOWS\SYSTEM\ CoolWebSearch Object Recognized! Type : File Data : qnrmjk.txt Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : injrdv.txt Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : WINSS32.EXE.tcf Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : taskmon.exe.tcf Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : scanregw.exe.bak Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : taskmon.exe.bak Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : nyyab.txt Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : nrtkjl.txt Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : fsdpdw.txt Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : frkzj.log Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : jylgfg.log Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : bzdlhq.dat Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : scanregw.exe.tcf Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : shicome.exe.tcf Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017143.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017152.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017708.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017709.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017710.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017712.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017713.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017714.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017735.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017737.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017738.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017739.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0017741.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0019909.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0019910.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0019915.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : A0019916.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Disk Scan Result for c:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 66 Deep scanning and examining files (d »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for d:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 66 Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\WINDOWS\Favoriten\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\WINDOWS\Favoriten\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free porn.url Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\WINDOWS\Favoriten\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\serg CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : UninstallString CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 12 Objects found so far: 81 20:13:40 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:09:18.370 Objects scanned:67130 Objects identified:81 Objects ignored:0 New critical objects:81 Hier der Log aus Search & Destroy: --- Report generated: 2005-01-09 20:56 --- Alexa Related: What's related link (Replace file, nothing done) C:\WINDOWS\Web\RELATED.HTM CoolWWWSearch.CameUp: Interface (Registry key, nothing done) HKEY_CLASSES_ROOT\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF} CoolWWWSearch.CameUp: Interface (Registry key, nothing done) HKEY_CLASSES_ROOT\Interface\{1DE9EE01-DF51-49DB-9BDD-5990B35C1C2A} CoolWWWSearch.CameUp: Root class (Registry key, nothing done) HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1 CoolWWWSearch.CameUp: Root class (Registry key, nothing done) HKEY_CLASSES_ROOT\ToolBand.ToolBandObj CoolWWWSearch.CameUp: Root class (Registry key, nothing done) HKEY_CLASSES_ROOT\ToolBand.StartBHO.1 CoolWWWSearch.CameUp: Root class (Registry key, nothing done) HKEY_CLASSES_ROOT\ToolBand.StartBHO DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 --- Spybot - Search && Destroy version: 1.3 --- 2004-05-12 Includes\Cookies.sbi 2004-05-12 Includes\Dialer.sbi 2004-05-12 Includes\Hijackers.sbi 2004-05-12 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2004-05-12 Includes\Malware.sbi 2004-05-12 Includes\Revision.sbi 2004-05-12 Includes\Security.sbi 2004-05-12 Includes\Spybots.sbi 2004-05-12 Includes\Tracks.uti 2004-05-12 Includes\Trojans.sbi |
|
|
|
|
|
|
10.01.2005, 00:32
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@Nils1
Deaktiviere die Wiederherstellung «Windows Me http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807134146924 #deinstalliere den Trojanhunter wieder. Kopiere in die Killbox: c:\WINDOWS\SYSTEM\shicome.exe.tcf c:\WINDOWS\SYSTEM\shicome.exe c:\WINDOWS\scanregw.exe.tcf c:\WINDOWS\scanregw.exe c:\WINDOWS\scanregw.exe.bak c:\WINDOWS\bzdlhq.dat c:\WINDOWS\nrtkjl.txt c:\WINDOWS\SYSTEM\dcbpw.txt c:\WINDOWS\SYSTEM\kzsdd.dat c:\WINDOWS\SYSTEM\uynuy.log c:\WINDOWS\SYSTEM\ysdml.log c:\WINDOWS\qnrmjk.txt c:\WINDOWS\injrdv.txt c:\WINDOWS\WINSS32.EXE.tcf c:\WINDOWS\WINSS32.EXE c:\WINDOWS\taskmon.exe.tcf c:\WINDOWS\taskmon.exe PC neustarten #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein dann scanne noch mal mitAdAware, (ich moechte auch gern das Scanlog vom Antivirus sehen )  #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs --> wichtig !!!! und poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 10.01.2005 um 00:38 Uhr von Sabina editiert.
|
|
|
|
|
|
|
10.01.2005, 22:53
...neu hier
Themenstarter Beiträge: 5 |
#5
Hallo Sabina, zur zeit sieht alles gut aus.... hier die gewünschten Log's
AdAware: Ad-Aware SE Build 1.05 Logfile Created on:Montag, 10. Januar 2005 22:04:05 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R24 29.12.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):9 total references CoolWebSearch(TAC index:10):46 total references MRU List(TAC index:0):25 total references Rads01.Quadrogram(TAC index:6):4 total references Tracking Cookie(TAC index:3):2 total references Win32.TrojanDownloader.Agent.al(TAC index:7):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 10.01.2005 22:04:05 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : .DEFAULT\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\office\8.0\excel\recent file list Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\office\8.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : .DEFAULT\software\kazaa\search Description : list of recent searches performed with sharman networks kazaa MRU List Object Recognized! Location: : .DEFAULT\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\clipart gallery\2.0\mrudescription Description : most recently used description in microsoft clipart gallery MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\picture it! publishing\5.0\recent file list Description : list of recently used files in microsoft picture it! MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\office\8.0\powerpoint\recent typeface list Description : list of recently used typefaces in microsoft powerpoint MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\automap\8.0\findmru Description : list of recently used find queries used in microsoft automap-based products MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [KERNEL32.DLL] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293910947 Threads : 4 Priority : High FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Kernkomponente des Win32-Kernel InternalName : KERNEL32 LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000 OriginalFilename : KERNEL32.DLL #:2 [MSGSRV32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292880195 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Windows 32-Bit-VxD-Meldungsserver InternalName : MSGSRV32 LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998 OriginalFilename : MSGSRV32.EXE #:3 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292888399 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft Windows CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk LegalCopyright : Copyright © Microsoft Corp. 1991-2000 OriginalFilename : mmtask.tsk #:4 [MPREXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292889971 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000 OriginalFilename : MPREXE.EXE #:5 [STIMON.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292907551 Threads : 6 Priority : Normal FileVersion : 4.90.3000.1 ProductVersion : 4.90.3000.1 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Standbildgeräte-Monitor InternalName : STIMON LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : STIMON.EXE #:6 [MSTASK.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292905763 Threads : 2 Priority : Normal FileVersion : 4.71.2721.1 ProductVersion : 4.71.2721.1 ProductName : Taskplaner für Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Taskplaner-Engine InternalName : TaskScheduler LegalCopyright : Copyright (C) Microsoft Corp. 1997 OriginalFilename : mstask.exe #:7 [SCARDS32.EXE] FilePath : C:\WINDOWS\ ProcessID : 4292928815 Threads : 3 Priority : Normal FileVersion : V2.14.21 ProductVersion : V2.14 ProductName : CHIPDRIVE IFD Drivers CompanyName : Towitoko AG FileDescription : SCARD 32-Bit 95/98-ServerProcess / NT-Service InternalName : SCARDS32 LegalCopyright : © 1998-2001, Towitoko AG OriginalFilename : SCARDS32.EXE #:8 [SCARDSVR.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292926399 Threads : 3 Priority : Normal FileVersion : 5.00.1708.1 ProductVersion : 5.00.1708.1 ProductName : Betriebssystem Microsoft(R) Windows NT(R) CompanyName : Microsoft Corporation FileDescription : Smartcard-Ressourcenverwaltungsserver InternalName : SCardSvr.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998 OriginalFilename : SCardSvr.exe #:9 [WINUM.EXE] FilePath : C:\WINDOWS\ ProcessID : 4292977347 Threads : 1 Priority : Normal Win32.TrojanDownloader.Agent.al Object Recognized! Type : Process Data : WINUM.EXE Category : Data Miner Comment : (CSI MATCH) Object : C:\WINDOWS\ Warning! Win32.TrojanDownloader.Agent.al Object found in memory(C:\WINDOWS\WINUM.EXE) "C:\WINDOWS\WINUM.EXE"Process terminated successfully #:10 [EXPLORER.EXE] FilePath : C:\WINDOWS\ ProcessID : 4292914683 Threads : 15 Priority : Normal FileVersion : 5.50.4134.100 ProductVersion : 5.50.4134.100 ProductName : Betriebssystem Microsoft(R) Windows (R) 2000 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : EXPLORER.EXE #:11 [STMGR.EXE] FilePath : C:\WINDOWS\SYSTEM\RESTORE\ ProcessID : 4293066563 Threads : 4 Priority : Normal FileVersion : 4.90.0.2533 ProductVersion : 4.90.0.2533 ProductName : Microsoft (r) PCHealth CompanyName : Microsoft Corporation FileDescription : Microsoft (R) PC State Manager InternalName : StateMgr.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : StateMgr.exe #:12 [SYSTRAY.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4292934471 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : System Tray-Applet InternalName : SYSTRAY LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000 OriginalFilename : SYSTRAY.EXE #:13 [HPGS2WND.EXE] FilePath : C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\ ProcessID : 4293082419 Threads : 4 Priority : Normal FileVersion : 2,3,0,0\161 ProductVersion : 2,3,0,0\161 ProductName : Hewlett-Packard hpgs2wnd CompanyName : Hewlett-Packard FileDescription : hpgs2wnd InternalName : hpgs2wnd LegalCopyright : Copyright © 2001 OriginalFilename : hpgs2wnd.exe #:14 [LOADQM.EXE] FilePath : C:\WINDOWS\ ProcessID : 4293084739 Threads : 3 Priority : Normal FileVersion : 5.4.1103.3 ProductVersion : 5.4.1103.3 ProductName : QMgr Loader CompanyName : Microsoft Corporation FileDescription : Microsoft QMgr InternalName : LOADQM.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : LOADQM.EXE #:15 [AVGCTRL.EXE] FilePath : D:\PROGRAMME D\ANITVIRUS\ ProcessID : 4293108035 Threads : 2 Priority : Normal #:16 [SYSOR32.EXE] FilePath : C:\WINDOWS\ ProcessID : 4293104095 Threads : 1 Priority : Normal CoolWebSearch Object Recognized! Type : Process Data : SYSOR32.EXE Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\ Warning! CoolWebSearch Object found in memory(C:\WINDOWS\SYSOR32.EXE) "C:\WINDOWS\SYSOR32.EXE"Process terminated successfully #:17 [HPGS2WNF.EXE] FilePath : C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\ ProcessID : 4293102603 Threads : 2 Priority : Normal FileVersion : 2, 6, 0,161 ProductVersion : 2, 6, 0,161 ProductName : hpgs2wnf Module FileDescription : hpgs2wnf Module InternalName : hpgs2wnf LegalCopyright : Copyright 2001 OriginalFilename : hpgs2wnf.EXE #:18 [CAPICTRL.EXE] FilePath : C:\PROGRAMME\TA 33 USB\ ProcessID : 4293075891 Threads : 1 Priority : Normal FileVersion : 1.03 ProductVersion : 1.03 ProductName : CAPIControl Application CompanyName : DeTeWe AG & Co. FileDescription : CAPIControl InternalName : CAPIControl LegalCopyright : Copyright (C) 1999-2000 DeTeWe AG & Co. OriginalFilename : CAPIControl.EXE #:19 [WKCALREM.EXE] FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\ ProcessID : 4293057115 Threads : 2 Priority : Normal FileVersion : 6.00.1911.0 ProductVersion : 6.00.1911.0 ProductName : Microsoft® Works 6.0 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Calendar Reminder Service InternalName : WkCalRem LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved. OriginalFilename : WKCALREM.EXE #:20 [OSA.EXE] FilePath : C:\PROGRAMME\MICROSOFT OFFICE 97\OFFICE\ ProcessID : 4293065395 Threads : 1 Priority : Normal #:21 [WMIEXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293091735 Threads : 3 Priority : Normal FileVersion : 4.90.2452.1 ProductVersion : 4.90.2452.1 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : WMI service exe housing InternalName : wmiexe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : wmiexe.exe #:22 [AD-AWARE.EXE] FilePath : D:\PROGRAMME D\AD-AWARE SE PERSONAL\ ProcessID : 4293214139 Threads : 2 Priority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 27 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuText Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuStatusBar Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Script Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : clsid Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Icon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : HotIcon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : ButtonText CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.toolbandobj.1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.toolbandobj.1 Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.toolbandobj CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.toolbandobj Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.startbho.1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.startbho.1 Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.startbho CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : toolband.startbho Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1de9ee01-df51-49db-9bdd-5990b35c1c2a} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1de9ee01-df51-49db-9bdd-5990b35c1c2a} Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : ID1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : ID2 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : ID4 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : NumRuns CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : Next CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : CLSID CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg\searchbar Value : PanelNumber CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\serg Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 31 Objects found so far: 58 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 58 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : nils quitmeyer@mediaplex[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:nils quitmeyer@mediaplex.com/ Expires : 22.06.2009 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 59 Deep scanning and examining files (c »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : File Data : aidyr.log Category : Malware Comment : Object : c:\WINDOWS\SYSTEM\ CoolWebSearch Object Recognized! Type : File Data : tjwdl.txt Category : Malware Comment : Object : c:\WINDOWS\SYSTEM\ Tracking Cookie Object Recognized! Type : IECache Entry Data : nils quitmeyer@mediaplex[1].txt Category : Data Miner Comment : Value : c:\WINDOWS\Cookies\nils quitmeyer@mediaplex[1].txt Rads01.Quadrogram Object Recognized! Type : File Data : taskmon.exe.bak Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : nyyab.txt Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : fsdpdw.txt Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : frkzj.log Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : jylgfg.log Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : shicome.exe.tcf Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : lkoqn.txt Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : dqraqv.log Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : wrkfky.log Category : Malware Comment : Object : c:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : osdlei.dat Category : Malware Comment : Object : c:\WINDOWS\ Rads01.Quadrogram Object Recognized! Type : File Data : scanregw.exe.tcf Category : Malware Comment : Object : c:\!Submit\ Rads01.Quadrogram Object Recognized! Type : File Data : scanregw.exe.bak Category : Malware Comment : Object : c:\!Submit\ Disk Scan Result for c:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 74 Deep scanning and examining files (d »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for d:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 74 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\serg CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : UninstallString CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 13 Objects found so far: 87 22:15:06 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:11:00.480 Objects scanned:62092 Objects identified:62 Objects ignored:0 New critical objects:62 Der Log von Antivirus: Plattform: Windows 98 Windows-Version: 4.90.3000 Benutzername: Nils Quitmeyer Prozessor: Pentium Arbeitsspeicher: 129460 KB frei Guard: aktiv Versionsinformationen: AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58 AVEWIN32.DLL : v6.29.0.5 782848 15.12.2004 10:03:52 SYS_RW16.DLL : v6.19.0 12800 25.10.2004 12:33:28 SYS_RW32.DLL : v6.19.0 16384 25.10.2004 12:33:28 AVGCTRL.EXE : v6.28.00.00 86016 30.09.2004 08:10:40 AVGUARD.VXD : v6.29.0.5 476623 15.12.2004 14:13:36 AVPACK32.DLL : v6, 28, 0, 4 303144 28.10.2004 10:37:46 AVGETVER.DLL : v6.22.00.00 24576 30.09.2004 08:10:40 AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58 AVSHLEXT.DLL : v6.22.00.00 57344 30.09.2004 08:10:42 AVSched32.EXE : v6.29.00.00 110632 19.11.2004 12:04:14 AVSched32.DLL : v6.28.00.01 122880 30.09.2004 08:10:42 AVREG.DLL : v6.27.00.01 41000 30.09.2004 08:10:42 AVRep.DLL : v6.29.00.44 839720 31.12.2004 10:24:50 INETUPD.EXE : v6.29.00.02 262203 23.11.2004 12:51:52 INETUPD.DLL : v6.29.00.02 159815 23.11.2004 12:51:52 MFC42.DLL : v6.00.8665.0 995383 08.06.2000 17:00:00 MSVCRT.DLL : v6.10.8637.0 290869 08.06.2000 17:00:00 CTL3D32.DLL : v2.31.000 45056 08.06.2000 17:00:00 CTL3DV2.DLL : v2.31.001 27632 08.06.2000 17:00:00 Konfigurationsdaten: Name der Konfigurationsdatei: D:\PROGRAMME D\ANITVIRUS\AVWIN.INI Name der Reportdatei: D:\PROGRAMME D\ANITVIRUS\LOGFILES\AVWIN.LOG Startpfad: D:\PROGRAMME D\ANITVIRUS Kommandozeile: Startmodus: unbekannt Modus der Reportdatei: [ ] Kein Report erstellen [X] Report überschreiben [ ] Neuen Report anhängen Daten in Reportdatei: [X] Infizierte Dateien [ ] Infizierte Dateien mit Pfaden [ ] Alle durchsuchten Dateien [ ] Komplette Information Reportdatei kürzen: [ ] Reportdatei kürzen Warnungen im Report: [X] Zugriffsfehler/Datei gesperrt [X] Falsche Dateigröße im Verzeichnis [X] Falsche Erstellungszeit im Verzeichnis [ ] COM-Datei zu groß [X] Ungültige Startadresse [X] Ungültiger EXE-Header [X] Möglicherweise beschädigt Kurzreport: [X] Kurzreport erstellen Ausgabedatei: AVWIN.ACT Maximale Anzahl Einträge: 100 Wo zu suchen ist: [X] Speicher [X] Bootsektor Suchlaufwerke [ ] Unbekannte Bootsektoren melden [X] Alle Dateien [ ] Programmdateien Reaktion bei Fund: [X] Reparieren mit Rückfrage [ ] Reparieren ohne Rückfrage [ ] Löschen mit Rückfrage [ ] Löschen ohne Rückfrage [ ] Nur in Logdatei aufzeichnen [X] Akustische Warnung Reaktion bei defekten Dateien: [X] Löschen mit Rückfrage [ ] Löschen ohne Rückfrage [ ] Ignorieren Reaktion bei defekten Dateien: [X] Nicht verändern [ ] Aktuelle Systemzeit [ ] Datum korrigieren Drag&Drop-Einstellungen: [X] Unterverzeichnisse durchsuchen Profil-Einstellungen: [X] Unterverzeichnisse durchsuchen Einstellungen der Archive [X] Archive durchsuchen [X] Alle Archive-Typen Diverse Optionen: Temporärer Pfad: %TEMP% -> C:\Windows\TEMP [X] Virulente Dateien überschreiben [ ] Leerlaufzeit entdecken [X] Stoppen der Prüfung zulassen [X] AVWin®/9x Guard beim Systemstart laden Allgemeine Einstellungen: [X] Einstellungen beim Beenden speichern Priorität: mittel Laufwerke: A: Diskettenlaufwerk C: Festplatte D: Festplatte E: CDRom F: CDRom G: Diskettenlaufwerk H: Diskettenlaufwerk I: Diskettenlaufwerk J: Diskettenlaufwerk Start des Suchlaufs: Montag, 10. Januar 2005 22:18 Speichertest OK Master-Bootsektor von Festplatte HD0 OK Bootsektor von Laufwerk C: OK Bootsektor von Laufwerk D: OK C:\WINDOWS WIN386.SWP Zugriff verweigert! Fehler beim Öffnen der Datei. Dies ist eine Auslagerungsdatei von Windows. Diese Datei ist von Windows gelockt. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! smartcrd.dat Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! SCARDSRV.TMP Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! taskmon.exe.bak Die Datei enthält Signatur des PMS/stroyIn-Programmes und wurde vom Benutzer unterdrückt. shicome.exe.tcf Die Datei enthält Signatur des PMS/stroyIn-Programmes und wurde vom Benutzer unterdrückt. dqraqv.log [FUND!] Ist das Trojanische Pferd TR/Dldr.WinSh.AC.02 WURDE GELÖSCHT! C:\WINDOWS\SYSTEM aidyr.log [FUND!] Ist das Trojanische Pferd TR/Dldr.WinSh.AC.02 WURDE GELÖSCHT! C:\!Submit scanregw.exe.tcf Die Datei enthält Signatur des PMS/stroyIn-Programmes und wurde vom Benutzer unterdrückt. scanregw.exe.bak Die Datei enthält Signatur des PMS/stroyIn-Programmes und wurde vom Benutzer unterdrückt. D:\Eigene Dateien\Nils\FunnyProg\exe MONA.EXE Die Datei enthält Signatur des Scherzprogrammes Joke/Mona und wurde vom Benutzer unterdrückt. PENISZUK.exe Die Datei enthält Signatur des Scherzprogrammes Joke/SmallPen.B und wurde vom Benutzer unterdrückt. WIN2000.EXE Die Datei enthält Signatur des Scherzprogrammes Joke/Win2000 und wurde vom Benutzer unterdrückt. Buttons.exe Die Datei enthält Signatur des Scherzprogrammes Joke/Button und wurde vom Benutzer unterdrückt. stressreducers.exe Die Datei enthält Signatur des Scherzprogrammes Joke/Stressreducer und wurde vom Benutzer unterdrückt. gehalt.exe Die Datei enthält Signatur des Scherzprogrammes Joke/Gehalt und wurde vom Benutzer unterdrückt. Ende des Suchlaufs: Montag, 10. Januar 2005 22:45 Benötigte Zeit: 26:57 min 1453 Verzeichnisse wurden durchsucht 41945 Dateien wurden geprüft 3 Warnungen wurden ausgegeben 2 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Viren bzw. unerwünschte Programme wurden gefunden und nun noch der Log von Hijack: Logfile of HijackThis v1.99.0 Scan saved at 22:48:28, on 10.01.2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SCARDS32.EXE C:\WINDOWS\SYSTEM\SCARDSVR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE C:\WINDOWS\LOADQM.EXE D:\PROGRAMME D\ANITVIRUS\AVGCTRL.EXE C:\WINDOWS\SYSTEM\COMCTL32.DLL C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\PROGRAMME\TA 33 USB\CAPICTRL.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAMME\MICROSOFT OFFICE 97\OFFICE\OSA.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE D:\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\yaljl.dll/sp.html#12345 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nordcom.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\yaljl.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\yaljl.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: Class - {A9B87744-E58C-1B79-9F9B-661D1E91F825} - C:\WINDOWS\SYSTEM\D3SB32.DLL O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAMME D\ANITVIRUS\AVGCTRL.EXE /min O4 - HKLM\..\Run: [SYSOR32.EXE] C:\WINDOWS\SYSOR32.EXE O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [TwkSCardSrv] C:\WINDOWS\SCARDS32.exe search O4 - HKLM\..\RunServices: [SCardSvr] C:\WINDOWS\SYSTEM\SCardSvr.exe O4 - HKLM\..\RunServices: [IPGZ32.EXE] C:\WINDOWS\SYSTEM\IPGZ32.EXE O4 - HKLM\..\RunServices: [WINUM.EXE] C:\WINDOWS\WINUM.EXE O4 - Startup: CAPI Control.lnk = C:\Programme\TA 33 USB\Capictrl.exe O4 - Startup: Erinnerungen in Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office 97\Office\OSA.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll so ich hoffe Du hast jetzt gute Nachrichten für mich ;-) Muss ich noch was machen z.B. die Systemwiederherstellung wieder aktivieren? oder noch mehr löschen? Freue mich wieder was zu hören! Vielen schonmal soweit!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Nils |
|
|
|
|
|
|
10.01.2005, 22:59
...neu hier
Themenstarter Beiträge: 5 |
#6
auto blank ist schon wieder da ;-(
Soll ich die Kiste einfach platt machen? Aber bin ich das Ding dann auch wirklich los?????????? Sorry das ich so ein riesen Problem habe........ Nils |
|
|
|
|
|
|
11.01.2005, 11:30
Ehrenmitglied
Beiträge: 29434 |
#7
Hallo@Nils1
Loesche aus den Favoriten -->m IE URL discovered: http://www.lookfor.cc/ Object : C:\WINDOWS\Favoriten\ Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\WINDOWS\Favoriten\ Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\WINDOWS\Favoriten\ mit diesem Programm: #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs ------------------------------------------------------------------------------------ Fixe mit dem HijackTHis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\yaljl.dll/sp.html#12345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\yaljl.dll/sp.html#12345 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\yaljl.dll/sp.html#12345 R3 - Default URLSearchHook is missing O2 - BHO: Class - {A9B87744-E58C-1B79-9F9B-661D1E91F825} - C:\WINDOWS\SYSTEM\D3SB32.DLL O4 - HKLM\..\Run: [SYSOR32.EXE] C:\WINDOWS\SYSOR32.EXE O4 - HKLM\..\RunServices: [IPGZ32.EXE] C:\WINDOWS\SYSTEM\IPGZ32.EXE O4 - HKLM\..\RunServices: [WINUM.EXE] C:\WINDOWS\WINUM.EXE NEUSTARTEN wir muessen einfach alles loeschen, was angezeigt wird. also, kopiere bitte in die Killbox: C:\WINDOWS\SYSTEM\D3SB32.DLL c:\WINDOWS\SYSTEM\aidyr.log C:\WINDOWS\system\yaljl.dll C:\WINDOWS\WINUM.EXE C:\WINDOWS\SYSTEM\IPGZ32.EXE C:\WINDOWS\SYSOR32.EXE c:\WINDOWS\SYSTEM\dcbpw.txt c:\WINDOWS\SYSTEM\kzsdd.dat c:\WINDOWS\SYSTEM\uynuy.log c:\WINDOWS\SYSTEM\ysdml.log c:\WINDOWS\qnrmjk.txt c:\WINDOWS\injrdv.txt c:\WINDOWS\WINSS32.EXE.tcf c:\WINDOWS\taskmon.exe.tcf c:\WINDOWS\taskmon.exe.bak c:\WINDOWS\nyyab.txt c:\WINDOWS\nrtkjl.txt c:\WINDOWS\fsdpdw.txt c:\WINDOWS\frkzj.log c:\WINDOWS\jylgfg.log c:\WINDOWS\shicome.exe.tcf c:\WINDOWS\lkoqn.txt c:\WINDOWS\wrkfky.log c:\WINDOWS\osdlei.dat PC neustarten scanne noch mal mit Antivirus und AdAware und poste das neue Log __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 11.01.2005 um 11:45 Uhr von Sabina editiert.
|
|
|
|
|
|
|
15.01.2005, 21:22
...neu hier
Themenstarter Beiträge: 5 |
#8
Hi Sabina,
habe meinen PC völlig neu gemacht! Hatte arge Schwierigkeiten überhaupt noch zu arbeiten........... Ich danke Dir trotzdem für die riesen HILFE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Lieben Gruß & vielleicht mal bis bald ;-) Nils |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Logfile of HijackThis v1.99.0
Scan saved at 12:32:02, on 08.01.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\WINDOWS\D3YZ32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\WINSS32.EXE
C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAMME\TA 33 USB\CAPICTRL.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAMME\MICROSOFT OFFICE 97\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
D:\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\zqfvf.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {90C430E2-D68B-7E5D-5D5F-1E9313AB83BE} - C:\WINDOWS\SYSTEM\NETKA32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WINSS32.EXE] C:\WINDOWS\WINSS32.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TwkSCardSrv] C:\WINDOWS\SCARDS32.exe search
O4 - HKLM\..\RunServices: [SCardSvr] C:\WINDOWS\SYSTEM\SCardSvr.exe
O4 - HKLM\..\RunServices: [D3YZ32.EXE] C:\WINDOWS\D3YZ32.EXE
O4 - Startup: CAPI Control.lnk = C:\Programme\TA 33 USB\Capictrl.exe
O4 - Startup: Erinnerungen in Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office 97\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll