Search Bar = http://www.richfind.com/ie/ |
||
---|---|---|
#0
| ||
23.01.2005, 01:44
...neu hier
Beiträge: 8 |
||
|
||
23.01.2005, 22:03
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@Metteron
Deaktivieren Wiederherstellung «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. --> kannst du nach der Reinigung wieder aktivieren KillBoxladen (auf dem Desktop entpacken) http://www.bleepingcomputer.com/files/killbox.php 1) lade rem.zip http://forums.skads.org/index.php?showtopic=80 2) entpacke es im verzeichnis C:\WINDOWS\System32\ (es ist wichtig, dass es in diesem verzeichnis ist!) #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local> R3 - URLSearchHook: Search - {B3CC3ADE-3C49-49BD-BD55-179723AAB0FB} - C:\WINDOWS\System32\Q447553.dll (file missing) O2 - BHO: Search - {16C3C644-B7D6-4131-A7D7-D251439E8C26} - C:\WINDOWS\System32\Q447553.dll (file missing) O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O15 - Trusted Zone: http://*.63.219.181.7 O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{968D7E4A-C7A1-4904-BEFF-DDB380456F60}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{A86F940E-86C6-4BA0-B67F-36DF00C0D1DA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{DE71992D-2F9C-4779-B19E-DF69372E718E}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{F21A4CC9-7615-4FD8-8F62-4D133CEF3614}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS1\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS2\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 PC neustarten 3) starte den rechner im abgesicherten modus. http://www.tu-berlin.de/www/software/virus/savemode.shtml Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k Killbox-> oeffnen <Delete File on Reboot C:\WINDOWS\System32\Q447553.dll und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes" 4) starte die datei rem.bat, scannen lassen. 5) starte den rechner anschließend im normalen modus. #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs 6) unter C:\ sollte nun eine datei namens log.txt zu finden sein. 7) markiere den inhalt und füge ihn hier ein. erstelle ein aktuelles HijackThis log und poste es mit der log.txt von rem. __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 23.01.2005 um 22:07 Uhr von Sabina editiert.
|
|
|
||
24.01.2005, 03:15
...neu hier
Themenstarter Beiträge: 8 |
#3
Hoi Sabina,
danke schön, so sieht es nun aus: Logfile of HijackThis v1.99.0 Scan saved at 02:46:28, on 24.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\Logi_MwX.Exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe C:\Programme\Siemens\Gigaset USB Stick 54\Gcc.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\StarOffice6.0\program\soffice.exe C:\Programme\Siemens\Gigaset USB Stick 54\OdHost.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\OLIVER~1.OLI\LOKALE~1\Temp\Rar$EX01.115\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von cablecom hispeed internet R3 - URLSearchHook: Search - {9CD9ED88-318F-4782-BCCA-D3914AB5247E} - C:\WINDOWS\System32\Q1535337.dll O2 - BHO: Search - {04C22C8E-8FC8-49E5-897A-CA6DEABBA0C1} - C:\WINDOWS\System32\Q1535337.dll O2 - BHO: Search - {139C38F2-3533-48A0-BC68-0FEF3304918E} - C:\WINDOWS\System32\Q1535337.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Search - {4B02F362-76FF-4902-B0B8-D7620B8F6F61} - C:\WINDOWS\System32\Q1535337.dll O3 - Toolbar: Search - {CD235C4B-326A-4F76-B917-60D013ECB157} - C:\WINDOWS\System32\Q1535337.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Workflow] D:\Installs\Workflow.exe O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: StarOffice 6.0.lnk = C:\Programme\StarOffice6.0\program\quickstart.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Stick 54\Gcc.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Search - {4B02F362-76FF-4902-B0B8-D7620B8F6F61} - C:\WINDOWS\System32\Q1535337.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Search - {CD235C4B-326A-4F76-B917-60D013ECB157} - C:\WINDOWS\System32\Q1535337.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O18 - Filter: text/html - {B75AAAA4-5B4A-4560-B404-18C3F45B7FC5} - C:\WINDOWS\System32\Q1535337.dll O18 - Filter: text/plain - {B75AAAA4-5B4A-4560-B404-18C3F45B7FC5} - C:\WINDOWS\System32\Q1535337.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe Aber die synthome sind immer noch da, ich hoff du kannst mir dabei helfen Dieser Beitrag wurde am 24.01.2005 um 03:34 Uhr von Metteron editiert.
|
|
|
||
24.01.2005, 11:07
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@Metteron
ich warte noch auf das Log der rem-dat unter C:\ sollte nun eine datei namens log.txt zu finden sein. --------------------------------------------------------------------------------------- Deaktivieren Wiederherstellung «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. Fixe mit dem Hijackthis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/ R3 - URLSearchHook: Search - {9CD9ED88-318F-4782-BCCA-D3914AB5247E} - C:\WINDOWS\System32\Q1535337.dll O2 - BHO: Search - {04C22C8E-8FC8-49E5-897A-CA6DEABBA0C1} - C:\WINDOWS\System32\Q1535337.dll O2 - BHO: Search - {139C38F2-3533-48A0-BC68-0FEF3304918E} - C:\WINDOWS\System32\Q1535337.dll O3 - Toolbar: Search - {4B02F362-76FF-4902-B0B8-D7620B8F6F61} - C:\WINDOWS\System32\Q1535337.dll O3 - Toolbar: Search - {CD235C4B-326A-4F76-B917-60D013ECB157} - C:\WINDOWS\System32\Q1535337.dll O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: Search - {4B02F362-76FF-4902-B0B8-D7620B8F6F61} - C:\WINDOWS\System32\Q1535337.dll O9 - Extra button: Search - {CD235C4B-326A-4F76-B917-60D013ECB157} - C:\WINDOWS\System32\Q1535337.dll O18 - Filter: text/html - {B75AAAA4-5B4A-4560-B404-18C3F45B7FC5} - C:\WINDOWS\System32\Q1535337.dll O18 - Filter: text/plain - {B75AAAA4-5B4A-4560-B404-18C3F45B7FC5} - C:\WINDOWS\System32\Q1535337.dll PC neustarten Kopiere in die Killbox: <Delete File on Reboot C:\RECYCLER\Desktop.ini C:\WINDOWS\System32\Q447553.dll C:\WINDOWS\System32\Q1535337.dll und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes" PC neustarten #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Lade--> updaten--> scannen--> PC neustarten--> noch mal scannen--> poste mir das Log vom Scann --------------------------------------------------------------------------------------------- #eScan-Erkennungstool[/u] eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp erstelle den Ordner c:\bases escan in diesen ordner entpacke das *zip file mwav.zip die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. mache bitte folgendes: nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. und ganz unten steht die zusammenfassung, diese auch hier posten #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 24.01.2005 um 11:25 Uhr von Sabina editiert.
|
|
|
||
26.01.2005, 10:24
...neu hier
Themenstarter Beiträge: 8 |
#5
„Sorry, das ich mich erst jetzt bei dir wieder melde, aber ich hatte viel zuschaffen im betrieb und dausserdem muss ich dir gestehen das was wir hier machen noch NIE gemacht habe, aber mit deiner hilfe klappt es ganz gut, danke für den nachhilfe unterricht “
Hier noch das Remlog: Files Found................. ---------------------------------------- run_dos.dll Files Not deleted................. ---------------------------------------- Merging registry entries ----------------------------------------------------------------- The Registry Entries Found... ----------------------------------------------------------------- Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting ----------------------------------------------------------------- msi.dll Finished „du wolltest doch das ich : Zitat Kopiere in die killbox:diese dateien hatte ich aber nicht“ Hier ist das escanlog: Mon Jan 24 23:50:00 2005 => File C:\WINDOWS\system32\rdspclips.exe infected by "HackTool.Win32.Hidd.e" Virus. Action Taken: No Action Taken. Mon Jan 24 23:50:21 2005 => File C:\WINDOWS\msxmidi.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Mon Jan 24 23:50:22 2005 => File C:\WINDOWS\Ole32ws.dll infected by "not-a-virusorn-Dialer.Win32.OnlineDialer" Virus. Action Taken: No Action Taken. Mon Jan 24 23:51:08 2005 => File C:\WINDOWS\System32\hdbvz.dll infected by "HackTool.Win32.Hidd.c" Virus. Action Taken: No Action Taken. Mon Jan 24 23:51:08 2005 => File C:\WINDOWS\System32\hdzow.dll infected by "HackTool.Win32.Hidd.c" Virus. Action Taken: No Action Taken. Mon Jan 24 23:51:12 2005 => File C:\WINDOWS\System32\iesp1.dll infected by "Trojan-Clicker.Win32.Agent.br" Virus. Action Taken: No Action Taken. Mon Jan 24 23:51:49 2005 => File C:\WINDOWS\System32\msxmidi.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Mon Jan 24 23:51:50 2005 => File C:\WINDOWS\System32\nbtrstat.exe infected by "Trojan-Clicker.Win32.Small.dg" Virus. Action Taken: No Action Taken. Mon Jan 24 23:52:19 2005 => File C:\WINDOWS\System32\sprestrst.exe infected by "Trojan.Win32.DNSChanger.b" Virus. Action Taken: No Action Taken. Mon Jan 24 23:52:28 2005 => File C:\WINDOWS\System32\tsmsetup.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken. Mon Jan 24 23:52:30 2005 => File C:\WINDOWS\System32\update.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Mon Jan 24 23:52:30 2005 => File C:\WINDOWS\System32\upncont.exe infected by "Trojan-Dropper.Win32.Small.qt" Virus. Action Taken: No Action Taken. Mon Jan 24 23:52:44 2005 => File C:\WINDOWS\System32\wowdbe.exe infected by "Trojan-Dropper.Win32.Small.qt" Virus. Action Taken: No Action Taken. Mon Jan 24 23:53:13 2005 => File C:\DOKUME~1\OLIVER~1.OLI\LOKALE~1\TEMPOR~1\Content.IE5\OOLUCG24\cax[1].cab infected by "not-a-virusorn-Dialer.Win32.OnlineDialer" Virus. Action Taken: No Action Taken. Mon Jan 24 23:53:24 2005 => Scanning File C:\DOKUME~1\OLIVER~1.OLI\LOKALE~1\TEMPOR~1\Content.IE5\U0JMVQ2K\infected6xz[1].gif Mon Jan 24 23:53:28 2005 => File C:\DOKUME~1\OLIVER~1.OLI\LOKALE~1\TEMPOR~1\Content.IE5\Z985IXYA\connect[1].htm infected by "Trojan-Downloader.JS.Small.ac" Virus. Action Taken: No Action Taken. Tue Jan 25 00:04:51 2005 => File C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Eigene Dateien\Word\bgcolor.mim infected by "I-Worm.Klez.h" Virus. Action Taken: No Action Taken. Tue Jan 25 00:05:23 2005 => File C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OOLUCG24\cax[1].cab infected by "not-a-virusorn-Dialer.Win32.OnlineDialer" Virus. Action Taken: No Action Taken. Tue Jan 25 00:05:33 2005 => Scanning File C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U0JMVQ2K\infected6xz[1].gif Tue Jan 25 00:05:36 2005 => File C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Z985IXYA\connect[1].htm infected by "Trojan-Downloader.JS.Small.ac" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:12 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\18241EC9.htm infected by "Exploit.VBS.Phel.a" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:12 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\182748C6.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:12 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\184118A9.CHM infected by "TrojanDownloader.VBS.Psyme.ac" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:12 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\18900853.htm infected by "Exploit.VBS.Phel.a" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:12 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\32351D1E.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:14 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3BE55571 infected by "not-a-virusorn-Dialer.Win32.OnlineDialer" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:14 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\432B0893 infected by "not-a-virusorn-Dialer.Win32.OnlineDialer" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:14 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\56D25FE5.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: No Action Taken. Tue Jan 25 00:15:14 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\778A14C0.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: No Action Taken. Tue Jan 25 00:52:58 2005 => File C:\WINDOWS\msxmidi.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Tue Jan 25 00:52:59 2005 => File C:\WINDOWS\Ole32ws.dll infected by "not-a-virusorn-Dialer.Win32.OnlineDialer" Virus. Action Taken: No Action Taken. Tue Jan 25 01:01:53 2005 => File C:\WINDOWS\system32\hdbvz.dll infected by "HackTool.Win32.Hidd.c" Virus. Action Taken: No Action Taken. Tue Jan 25 01:01:53 2005 => File C:\WINDOWS\system32\hdzow.dll infected by "HackTool.Win32.Hidd.c" Virus. Action Taken: No Action Taken. Tue Jan 25 01:01:58 2005 => File C:\WINDOWS\system32\iesp1.dll infected by "Trojan-Clicker.Win32.Agent.br" Virus. Action Taken: No Action Taken. Tue Jan 25 01:02:37 2005 => File C:\WINDOWS\system32\msxmidi.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Tue Jan 25 01:02:39 2005 => File C:\WINDOWS\system32\nbtrstat.exe infected by "Trojan-Clicker.Win32.Small.dg" Virus. Action Taken: No Action Taken. Tue Jan 25 01:03:47 2005 => File C:\WINDOWS\system32\sprestrst.exe infected by "Trojan.Win32.DNSChanger.b" Virus. Action Taken: No Action Taken. Tue Jan 25 01:03:56 2005 => File C:\WINDOWS\system32\tsmsetup.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken. Tue Jan 25 01:03:58 2005 => File C:\WINDOWS\system32\update.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Tue Jan 25 01:03:58 2005 => File C:\WINDOWS\system32\upncont.exe infected by "Trojan-Dropper.Win32.Small.qt" Virus. Action Taken: No Action Taken. Tue Jan 25 01:04:26 2005 => File C:\WINDOWS\system32\wowdbe.exe infected by "Trojan-Dropper.Win32.Small.qt" Virus. Action Taken: No Action Taken. Tue Jan 25 01:10:59 2005 => File C:\WINDOWS\msxmidi.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Tue Jan 25 01:11:00 2005 => File C:\WINDOWS\Ole32ws.dll infected by "not-a-virusorn-Dialer.Win32.OnlineDialer" Virus. Action Taken: No Action Taken. Tue Jan 25 01:19:34 2005 => File C:\WINDOWS\system32\hdbvz.dll infected by "HackTool.Win32.Hidd.c" Virus. Action Taken: No Action Taken. Tue Jan 25 01:19:34 2005 => File C:\WINDOWS\system32\hdzow.dll infected by "HackTool.Win32.Hidd.c" Virus. Action Taken: No Action Taken. Tue Jan 25 01:19:39 2005 => File C:\WINDOWS\system32\iesp1.dll infected by "Trojan-Clicker.Win32.Agent.br" Virus. Action Taken: No Action Taken. Tue Jan 25 01:20:17 2005 => File C:\WINDOWS\system32\msxmidi.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Tue Jan 25 01:20:19 2005 => File C:\WINDOWS\system32\nbtrstat.exe infected by "Trojan-Clicker.Win32.Small.dg" Virus. Action Taken: No Action Taken. Tue Jan 25 01:21:25 2005 => File C:\WINDOWS\system32\sprestrst.exe infected by "Trojan.Win32.DNSChanger.b" Virus. Action Taken: No Action Taken. Tue Jan 25 01:21:33 2005 => File C:\WINDOWS\system32\tsmsetup.exe infected by "not-a-virus:AdWare.FindSpy.a" Virus. Action Taken: No Action Taken. Tue Jan 25 01:21:35 2005 => File C:\WINDOWS\system32\update.exe infected by "Trojan-Dropper.Win32.Small.qi" Virus. Action Taken: No Action Taken. Tue Jan 25 01:21:35 2005 => File C:\WINDOWS\system32\upncont.exe infected by "Trojan-Dropper.Win32.Small.qt" Virus. Action Taken: No Action Taken. Tue Jan 25 01:22:04 2005 => File C:\WINDOWS\system32\wowdbe.exe infected by "Trojan-Dropper.Win32.Small.qt" Virus. Action Taken: No Action Taken. Tue Jan 25 01:22:22 2005 => Total Disinfected Files: 0 Tue Jan 25 01:22:22 2005 => ***** Scanning complete. ***** Tue Jan 25 01:22:22 2005 => Total Files Scanned: 78448 Tue Jan 25 01:22:22 2005 => Total Virus(es) Found: 53 Tue Jan 25 01:22:22 2005 => Total Disinfected Files: 0 Tue Jan 25 01:22:22 2005 => Total Files Renamed: 0 Tue Jan 25 01:22:22 2005 => Total Deleted Files: 0 Tue Jan 25 01:22:22 2005 => Total Errors: 16 Tue Jan 25 01:22:22 2005 => Time Elapsed: 01:33:15 Tue Jan 25 01:22:22 2005 => Virus Database Date: 2005/01/24 Tue Jan 25 01:22:22 2005 => Virus Database Count: 116554 Tue Jan 25 01:22:22 2005 => Scan Completed. Tue Jan 25 02:12:18 2005 => Virus Database Date: 2005/01/24 Tue Jan 25 02:12:18 2005 => Virus Database Count: 116554 Tue Jan 25 02:13:10 2005 => AV Library Unloaded (3)... Tue Jan 25 23:28:40 2005 => ********************************************************** Tue Jan 25 23:28:40 2005 => eScan AntiVirus Toolkit Utility. Tue Jan 25 23:28:40 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc. Tue Jan 25 23:28:40 2005 => ********************************************************** Tue Jan 25 23:28:40 2005 => Version 4.8.7 (C:\bases\mwavscan.com) Tue Jan 25 23:28:40 2005 => Log File: C:\bases\MWAV.LOG Tue Jan 25 23:28:40 2005 => Last Scan Date and Time: 24.01.2005 23:48:50 Tue Jan 25 23:28:43 2005 => Latest Date of files inside MWAV: 24 Jan 2005 07:01:08. Tue Jan 25 23:28:47 2005 => AV Library Loaded... Tue Jan 25 23:28:47 2005 => Scanning File C:\bases\kavss.exe Tue Jan 25 23:28:47 2005 => Scanning File C:\bases\Getvlist.exe Tue Jan 25 23:28:48 2005 => Scanning File C:\bases\kavss.dll Tue Jan 25 23:28:48 2005 => Scanning File C:\bases\kavssdi.dll Tue Jan 25 23:28:48 2005 => Scanning File C:\bases\kavssi.dll Tue Jan 25 23:28:48 2005 => Scanning File C:\bases\kavvlg.dll Tue Jan 25 23:28:48 2005 => Scanning File C:\bases\msvlclnt.dll Tue Jan 25 23:28:48 2005 => Scanning File C:\bases\ipc.dll Tue Jan 25 23:28:48 2005 => Scanning File C:\bases\main.avi Tue Jan 25 23:28:48 2005 => Scanning File C:\bases\virus.avi Tue Jan 25 23:28:48 2005 => Virus Database Date: 2005/01/24 Tue Jan 25 23:28:48 2005 => Virus Database Count: 116554 Hier das neu HijackThis Logfile: Logfile of HijackThis v1.99.0 Scan saved at 01:13:49, on 26.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\StarOffice6.0\program\soffice.exe C:\Programme\Messenger\msmsgs.exe C:\DOKUME~1\OLIVER~1.OLI\LOKALE~1\Temp\Rar$EX00.702\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von cablecom hispeed internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Search - {1B306924-8878-49C2-A9B1-A8325171261E} - C:\WINDOWS\System32\Q611689.dll R3 - URLSearchHook: Search - {E6895057-B902-4D53-83A6-67AB49391B5A} - C:\WINDOWS\System32\Q411812.dll O2 - BHO: Search - {0E48F63E-E3A2-43E5-AC6F-7912458A8F87} - C:\WINDOWS\System32\Q611689.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Search - {A44CCC8B-3111-4C4F-A8E6-592979840F8A} - C:\WINDOWS\System32\Q411812.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DFA03BFB-C2E2-4DEF-9E5A-CBC5621ABCC0} - C:\WINDOWS\System32\msugm.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Search - {40AFFD00-86CE-4188-8B39-E47B255C3844} - C:\WINDOWS\System32\Q611689.dll O3 - Toolbar: Search - {16020B9E-6F7D-430F-BA7A-50B55043527D} - C:\WINDOWS\System32\Q411812.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [rdspclips.exe] rdspclips.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Startup: StarOffice 6.0.lnk = C:\Programme\StarOffice6.0\program\quickstart.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Search - {16020B9E-6F7D-430F-BA7A-50B55043527D} - C:\WINDOWS\System32\Q411812.dll O9 - Extra button: Search - {40AFFD00-86CE-4188-8B39-E47B255C3844} - C:\WINDOWS\System32\Q611689.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O15 - Trusted Zone: http://*.63.219.181.7 O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab O18 - Filter: text/html - {214C5E18-E675-4E93-BE5E-BD0A9BE6B955} - C:\WINDOWS\System32\Q611689.dll O18 - Filter: text/plain - {214C5E18-E675-4E93-BE5E-BD0A9BE6B955} - C:\WINDOWS\System32\Q611689.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe nochmals vielen Dank für deine Geduld. mfg Olli Dieser Beitrag wurde am 26.01.2005 um 10:31 Uhr von Metteron editiert.
|
|
|
||
26.01.2005, 11:40
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@Metteron
Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs kopiere rein: {16020B9E-6F7D-430F-BA7A-50B55043527D} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {1B306924-8878-49C2-A9B1-A8325171261E} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {A44CCC8B-3111-4C4F-A8E6-592979840F8A} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {0E48F63E-E3A2-43E5-AC6F-7912458A8F87} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {DFA03BFB-C2E2-4DEF-9E5A-CBC5621ABCC0} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {E6895057-B902-4D53-83A6-67AB49391B5A} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {40AFFD00-86CE-4188-8B39-E47B255C3844} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {16020B9E-6F7D-430F-BA7A-50B55043527D} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {40AFFD00-86CE-4188-8B39-E47B255C3844} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {214C5E18-E675-4E93-BE5E-BD0A9BE6B955} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) -------------------------------------------------------------------------------------- Start<Ausfuehren kopiere rein: regsvr32 /u Q611689.dll regsvr32 /u Q411812.dll regsvr32 /u msugm.dll fixe mit dem HijackThis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Search - {1B306924-8878-49C2-A9B1-A8325171261E} - C:\WINDOWS\System32\Q611689.dll R3 - URLSearchHook: Search - {E6895057-B902-4D53-83A6-67AB49391B5A} - C:\WINDOWS\System32\Q411812.dll O2 - BHO: Search - {0E48F63E-E3A2-43E5-AC6F-7912458A8F87} - C:\WINDOWS\System32\Q611689.dll O2 - BHO: Search - {A44CCC8B-3111-4C4F-A8E6-592979840F8A} - C:\WINDOWS\System32\Q411812.dll O2 - BHO: (no name) - {DFA03BFB-C2E2-4DEF-9E5A-CBC5621ABCC0} - C:\WINDOWS\System32\msugm.dll O3 - Toolbar: Search - {40AFFD00-86CE-4188-8B39-E47B255C3844} - C:\WINDOWS\System32\Q611689.dll O3 - Toolbar: Search - {16020B9E-6F7D-430F-BA7A-50B55043527D} - C:\WINDOWS\System32\Q411812.dll O4 - HKLM\..\Run: [rdspclips.exe] rdspclips.exe O9 - Extra button: Search - {16020B9E-6F7D-430F-BA7A-50B55043527D} - C:\WINDOWS\System32\Q411812.dll O9 - Extra button: Search - {40AFFD00-86CE-4188-8B39-E47B255C3844} - C:\WINDOWS\System32\Q611689.dll O15 - Trusted Zone: http://*.63.219.181.7 O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab O18 - Filter: text/html - {214C5E18-E675-4E93-BE5E-BD0A9BE6B955} - C:\WINDOWS\System32\Q611689.dll O18 - Filter: text/plain - {214C5E18-E675-4E93-BE5E-BD0A9BE6B955} - C:\WINDOWS\System32\Q611689.dll Neustarten --> in den abgesicherten Modus remv3.bat--> noch einmal scannen, bitte #Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" Loeschen temporaere Dateien --> loesche die Dateien in den Ordnern, nicht die ordner selbst C:\WINDOWS\Temp\ C:\Temp\ C:\Dokumente und Einstellungen\OLIVER~1.OLI\Lokale Einstellungen\Temp\ C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ [loesche nicht die index.dat) #C:\Windows\Downloaded Programm Files\ -->löschen Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k Loesche: C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Eigene Dateien\Word\bgcolor.mim KillBox <Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\run_dos.dll C:\WINDOWS\System32\msugm.dll C:\WINDOWS\System32\Q611689.dll C:\WINDOWS\System32\Q411812.dll C:\WINDOWS\system32\rdspclips.exe C:\WINDOWS\msxmidi.exe C:\WINDOWS\Ole32ws.dll C:\WINDOWS\System32\hdbvz.dll C:\WINDOWS\System32\hdzow.dll C:\WINDOWS\System32\iesp1.dll C:\WINDOWS\System32\nbtrstat.exe C:\WINDOWS\System32\sprestrst.exe C:\WINDOWS\System32\tsmsetup.exe C:\WINDOWS\System32\update.exe C:\WINDOWS\System32\upncont.exe C:\WINDOWS\System32\wowdbe.exe PC neustarten Die remv3.bat hat die Datei C:\log.txt angelegt. Den Inhalt hier posten. markiere den inhalt und füge ihn hier ein. ------------------------------------------------------------------------ #backdoor.agent.b.removal.tool.(Symantec) http://securityresponse.symantec.com/avcenter/venc/data/backdoor.agent.b.removal.tool.html #Search&Destroy http://www.safer-networking.org/de/download/index.html Spybot - Search && Destroy process list report,-->bitte abkopieren und posten #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> updaten--> Fullscann--> PC neustarten--> noch einmal scannen und poste das Log vom Scann zusammen mit der rem.bat-txt #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs _______________________________________________________________________________ scanne noch mal mit escan und uberpruefe, ob alles geloescht wurde, wenn nicht--> wieder in die Killbox kopieren-->loeschen durch Neustart gleiches gilt mit der rem.bat--> was nach dem Scann als "not deleted" angegeben wird, musst du dann manuell loeschen Files Found ---------------------------------------- xxxxxx.dlll Files Not deleted................. + das neue Log vom HijackThis posten __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 26.01.2005 um 12:07 Uhr von Sabina editiert.
|
|
|
||
27.01.2005, 16:52
Ehrenmitglied
Beiträge: 29434 |
#7
Hallo@Metteron
Arbeite alles ab....nun mache ich keine Veranderungen mehr Es kann sein, dass du spaeter noch ein anderes Tool installieren musst, aber erst einmal versuchen wir es so __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 27.01.2005 um 16:53 Uhr von Sabina editiert.
|
|
|
||
28.01.2005, 07:45
...neu hier
Themenstarter Beiträge: 8 |
#8
hallo Sabina,
irgendwie hab ich Müll gebaut und zwar ich hab extra einen Datei angelegt für dich, und irgend wie ist nun die Hälfte der Logfiles verschwunden, die einzigen Logfiles die ich noch habe sind die Ad-Aware,hijackthis,ClearProg escan. Sorry, ich hoffe wir beide bekommen es auch so in den griff, oder ist es besser ich starte noch mal von vorne? Ad-Aware SE Build 1.05 Logfile Created ononnerstag, 27. Januar 2005 23:27:27 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R26 25.01.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch(TAC index:10):11 total references MRU List(TAC index:0):13 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 27.01.2005 23:27:27 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 1132 ThreadCreationTime : 27.01.2005 22:25:03 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1244 ThreadCreationTime : 27.01.2005 22:25:05 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1272 ThreadCreationTime : 27.01.2005 22:25:07 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1316 ThreadCreationTime : 27.01.2005 22:25:07 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1328 ThreadCreationTime : 27.01.2005 22:25:07 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1492 ThreadCreationTime : 27.01.2005 22:25:08 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1676 ThreadCreationTime : 27.01.2005 22:25:08 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1828 ThreadCreationTime : 27.01.2005 22:25:08 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1976 ThreadCreationTime : 27.01.2005 22:25:09 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 564 ThreadCreationTime : 27.01.2005 22:25:10 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:11 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 684 ThreadCreationTime : 27.01.2005 22:25:10 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 716 ThreadCreationTime : 27.01.2005 22:25:10 BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:13 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 776 ThreadCreationTime : 27.01.2005 22:25:10 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:14 [atiptaxx.exe] FilePath : C:\Programme\ATI Technologies\ATI Control Panel\ ProcessID : 1000 ThreadCreationTime : 27.01.2005 22:25:11 BasePriority : Normal FileVersion : 6.14.10.4039 ProductVersion : 6.14.10.4039 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:15 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 1008 ThreadCreationTime : 27.01.2005 22:25:11 BasePriority : Normal FileVersion : 5.0.18 ProductVersion : 5.0.18 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager #:16 [syntplpr.exe] FilePath : C:\Programme\Synaptics\SynTP\ ProcessID : 1016 ThreadCreationTime : 27.01.2005 22:25:11 BasePriority : Normal FileVersion : 6.6.0 05Jul02 ProductVersion : 6.6.0 05Jul02 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002 OriginalFilename : SynTPLpr.exe #:17 [syntpenh.exe] FilePath : C:\Programme\Synaptics\SynTP\ ProcessID : 1024 ThreadCreationTime : 27.01.2005 22:25:11 BasePriority : Normal FileVersion : 6.6.0 05Jul02 ProductVersion : 6.6.0 05Jul02 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002 OriginalFilename : SynTPEnh.exe #:18 [iwctrl.exe] FilePath : C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\ ProcessID : 1076 ThreadCreationTime : 27.01.2005 22:25:11 BasePriority : Normal FileVersion : 4.0.2.7 ProductVersion : 4.0.0.0 ProductName : InstantWrite CompanyName : Pinnacle Systems, Inc. FileDescription : InstantWrite Control Center InternalName : iwctrl LegalCopyright : Copyright ©1997-2003 VOB Pinnacle Systems, Inc. #:19 [directcd.exe] FilePath : C:\Programme\Roxio\Easy CD Creator 5\DirectCD\ ProcessID : 1164 ThreadCreationTime : 27.01.2005 22:25:12 BasePriority : Normal FileVersion : 5.3.4.21 ProductVersion : 5.3.4.21 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc. OriginalFilename : Directcd.exe #:20 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1192 ThreadCreationTime : 27.01.2005 22:25:12 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:21 [cfd.exe] FilePath : C:\Programme\BroadJump\Client Foundation\ ProcessID : 1212 ThreadCreationTime : 27.01.2005 22:25:12 BasePriority : Normal #:22 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1656 ThreadCreationTime : 27.01.2005 22:25:13 BasePriority : Normal FileVersion : 8.16 ProductVersion : 8.16 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:23 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1748 ThreadCreationTime : 27.01.2005 22:25:13 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:24 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1760 ThreadCreationTime : 27.01.2005 22:25:13 BasePriority : Normal FileVersion : 8.16 ProductVersion : 8.16 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:25 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1716 ThreadCreationTime : 27.01.2005 22:25:13 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:26 [msmsgs.exe] FilePath : C:\Programme\Messenger\ ProcessID : 1836 ThreadCreationTime : 27.01.2005 22:25:13 BasePriority : Normal FileVersion : 4.7.2009 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:27 [spysweeper.exe] FilePath : C:\Programme\Webroot\Spy Sweeper\ ProcessID : 1900 ThreadCreationTime : 27.01.2005 22:25:13 BasePriority : Normal FileVersion : 3.0.0.118 ProductVersion : 3.0i ProductName : Spy Sweeper CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper LegalCopyright : Copyright (c) 2001-2004 Webroot Software, Inc. LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc. #:28 [wincinemamgr.exe] FilePath : C:\Programme\InterVideo\Common\Bin\ ProcessID : 148 ThreadCreationTime : 27.01.2005 22:25:14 BasePriority : Normal FileVersion : 1.0 ProductVersion : 1, 0, 0, 1 ProductName : WinCinema Manager for InterVideo WinCinema products FileDescription : WinCinema Manager InternalName : WinCinema Manager LegalCopyright : Copyright (C) 2000 InterVideo Inc. OriginalFilename : WinCinemaMgr.EXE #:29 [soffice.exe] FilePath : C:\Programme\StarOffice6.0\program\ ProcessID : 300 ThreadCreationTime : 27.01.2005 22:25:15 BasePriority : Normal FileVersion : 6.00.8546 ProductVersion : 6.00.8546 CompanyName : Sun Microsystems, Inc. FileDescription : StarOffice 6.0 InternalName : SOFFICE LegalCopyright : Copyright © 2000 by Sun Microsystems, Inc. OriginalFilename : SOFFICE.EXE #:30 [em_exec.exe] FilePath : C:\Programme\Logitech\MouseWare\system\ ProcessID : 304 ThreadCreationTime : 27.01.2005 22:25:15 BasePriority : Normal FileVersion : 9.80.019 ProductVersion : 9.80.019 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : (C) 1987-2004 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team #:31 [ati2evxx.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2740 ThreadCreationTime : 27.01.2005 22:26:18 BasePriority : Normal #:32 [ccproxy.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 2760 ThreadCreationTime : 27.01.2005 22:26:19 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:33 [navapsvc.exe] FilePath : C:\Programme\Norton Internet Security\Norton AntiVirus\ ProcessID : 2848 ThreadCreationTime : 27.01.2005 22:26:19 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:34 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3168 ThreadCreationTime : 27.01.2005 22:26:20 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:35 [savscan.exe] FilePath : C:\Programme\Norton Internet Security\Norton AntiVirus\ ProcessID : 3912 ThreadCreationTime : 27.01.2005 22:26:27 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright (c) 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:36 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2344 ThreadCreationTime : 27.01.2005 22:26:39 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:37 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3284 ThreadCreationTime : 27.01.2005 22:27:20 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 13 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : "HOMEOldSP" Rootkey : HKEY_USERS Object : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\internet explorer\main Value : HOMEOldSP CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : "HOMEOldSP" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : HOMEOldSP Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 15 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 15 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/plain CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/plain Value : CLSID CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html Value : CLSID CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Custom Search URL CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\protocols\filter\text/html Value : CLSID Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 9 Objects found so far: 24 23:37:45 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:10:17.858 Objects scanned:119848 Objects identified:11 Objects ignored:0 New critical objects:11 ___________________________________________________________________________________________ und hier die remlog: Files Found................. ---------------------------------------- run_dos.dll Files Not deleted................. ---------------------------------------- Merging registry entries ----------------------------------------------------------------- The Registry Entries Found... ----------------------------------------------------------------- Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting ----------------------------------------------------------------- msi.dll Finished ____________________________________________________________________________________________ ClearProg: Cookies des IE 0 Cookies 0 Byte Cache des IE 2 Dateien 134 Byte URLs des IE 0 Einträge ------ ------------------------------------------------------------------------ Gelöschte Anzahl: 2 Einträge/Dateien Gelöschte Datenmenge: (134 Byte) _________________________________________________________________ und hier die log vom escan Fri Jan 28 02:04:53 2005 => ***** Checking for specific ITW Viruses ***** Fri Jan 28 02:04:53 2005 => Checking for Welchia Virus... Fri Jan 28 02:04:53 2005 => Checking for LovGate Virus... Fri Jan 28 02:04:53 2005 => Checking for CodeRed Virus... Fri Jan 28 02:04:53 2005 => Checking for OpaServ Virus... Fri Jan 28 02:04:53 2005 => Checking for Sobig.e Virus... Fri Jan 28 02:04:53 2005 => Checking for Winupie Virus... Fri Jan 28 02:04:53 2005 => Checking for Swen Virus... Fri Jan 28 02:04:53 2005 => Checking for JS.Fortnight Virus... Fri Jan 28 02:04:53 2005 => Checking for Novarg Virus... Fri Jan 28 02:04:53 2005 => Checking for Pagabot Virus... Fri Jan 28 02:04:53 2005 => Checking for Parite.b Virus... Fri Jan 28 02:04:53 2005 => Checking for Parite.a Virus... Fri Jan 28 02:04:54 2005 => ***** Scanning complete. ***** Fri Jan 28 02:04:54 2005 => Total Files Scanned: 77435 Fri Jan 28 02:04:54 2005 => Total Virus(es) Found: 23 Fri Jan 28 02:04:54 2005 => Total Disinfected Files: 0 Fri Jan 28 02:04:54 2005 => Total Files Renamed: 0 Fri Jan 28 02:04:54 2005 => Total Deleted Files: 0 Fri Jan 28 02:04:54 2005 => Total Errors: 45 Fri Jan 28 02:04:54 2005 => Time Elapsed: 01:38:06 Fri Jan 28 02:04:54 2005 => Virus Database Date: 2005/01/24 Fri Jan 28 02:04:54 2005 => Virus Database Count: 116554 Fri Jan 28 02:04:54 2005 => Scan Completed Hier ist aber schon mal ein zwischen Bericht ich wiederhole gerade nochmal das mit der killbox, nur mal so ne frage, würde ich es uns nicht erleichtern wenn man einmal formatiert und dann nur noch die restlichen Viruse sucht und killt, oder Lohn sich das nicht mehr? Ich find es echt lieb von dir das du so viel Geduld mit mir hast, Danke schön für alles, als bis später, mfg Olli al. Virenkiller Dieser Beitrag wurde am 29.01.2005 um 00:08 Uhr von Metteron editiert.
|
|
|
||
28.01.2005, 07:45
...neu hier
Themenstarter Beiträge: 8 |
#9
doppelposting/ doppelposting/
Dieser Beitrag wurde am 28.01.2005 um 10:26 Uhr von Sabina editiert.
|
|
|
||
28.01.2005, 10:13
Ehrenmitglied
Beiträge: 29434 |
#10
Hallo@Metteron
nun gut, es geht so nicht, hab ich schon bei einem anderen User gesehen, aber ich wollte sicher gehen. Die Killbox scheint die infizierten Dateien, die von escan erkannt werden, nicht dauerhaft zu loeschen...oder sie werden nachgeladen. Fri Jan 28 02:04:54 2005 => Total Virus(es) Found: 23 _________________________________________________________________________________ Mache folgendes: du musst sehr genau ueberpruefen, ob dein System "einfriert", wenn du den escan trial laedst, einfach weil du auch den Symantec aktiv hast. -->deaktiviere also den Symantec #eScan-Trial http://www.mwti.net/antivirus/escan/escandl_antivirus.asp (15-Tage- trial-Freeversion) Killbox-> oeffnen <Delete File on Reboot C:\WINDOWS\System32\run_dos.dll und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes" ---> gehe in den abgesicherten Modus (das ist wichtig) und klicke auf: awn2k3e.exe mache einen Full-Scann. dann poste das neue Log vom HijackTHis. __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 28.01.2005 um 10:17 Uhr von Sabina editiert.
|
|
|
||
28.01.2005, 17:10
...neu hier
Themenstarter Beiträge: 8 |
#11
Hoi Sabina,
dies konnte ich nicht ausführen, da die Run_Dos.dll fehlte, aber dafür alles andere Zitat Killbox-> oeffnenHier das Ergebnis des escan´s Fr Jan 28 16:34:17 2005 => ***** Scanning Completed. ***** Fr Jan 28 16:34:17 2005 => Fr Jan 28 16:34:17 2005 => Total Number of Files Scanned: 31755 Fr Jan 28 16:34:17 2005 => Total Number of Files Infected: 13 Fr Jan 28 16:34:17 2005 => Total Number of Files Disinfected: 0 Fr Jan 28 16:34:17 2005 => Total Number of Files Renamed: 3 Fr Jan 28 16:34:17 2005 => Total Number of Files Deleted: 10 Fr Jan 28 16:34:17 2005 => Total Number of Errors: 0 Fr Jan 28 16:34:17 2005 => Time Elapsed:: 00:34:26 _________________________________________________ und die hijackthis.log: Logfile of HijackThis v1.99.0 Scan saved at 16:55:22, on 28.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Eigene Dateien\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von cablecom hispeed internet O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iesp1.dll (file missing) O3 - Toolbar: Search - {18B0760D-86E1-46A7-B83E-08A34581833C} - C:\WINDOWS\System32\Q1677101.dll O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000000} - (no file) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programme\eScan\LAUNCH.EXE" O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Startup: StarOffice 6.0.lnk = C:\Programme\StarOffice6.0\program\quickstart.exe O9 - Extra button: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Search - {18B0760D-86E1-46A7-B83E-08A34581833C} - C:\WINDOWS\System32\Q1677101.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing O17 - HKLM\System\CCS\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{968D7E4A-C7A1-4904-BEFF-DDB380456F60}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{A86F940E-86C6-4BA0-B67F-36DF00C0D1DA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{DE71992D-2F9C-4779-B19E-DF69372E718E}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS1\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS2\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 O18 - Filter: text/html - {F026A0FB-2B37-480B-81DE-0FEA29869853} - C:\WINDOWS\System32\protect32.dll O18 - Filter: text/plain - {F026A0FB-2B37-480B-81DE-0FEA29869853} - C:\WINDOWS\System32\protect32.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: eScan Server-Updater - MWTI2 - C:\PROGRA~1\eScan\TRAYSSER.EXE O23 - Service: eScan Monitor Service - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe ________________________________ mfg Olli Dieser Beitrag wurde am 29.01.2005 um 00:04 Uhr von Metteron editiert.
|
|
|
||
29.01.2005, 00:49
Ehrenmitglied
Beiträge: 29434 |
#12
Download Registry Search Tool :
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs kopiere rein: {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {18B0760D-86E1-46A7-B83E-08A34581833C} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {00000000-0000-0000-0000-000000000000} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {F026A0FB-2B37-480B-81DE-0FEA29869853} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) ___________________________________________________________________________ Fixe mit dem HijackThis: R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\protect32.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iesp1.dll (file missing) O3 - Toolbar: Search - {18B0760D-86E1-46A7-B83E-08A34581833C} - C:\WINDOWS\System32\Q1677101.dll O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000000} - (no file) O9 - Extra button: Search - {18B0760D-86E1-46A7-B83E-08A34581833C} - C:\WINDOWS\System32\Q1677101.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{968D7E4A-C7A1-4904-BEFF-DDB380456F60}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{A86F940E-86C6-4BA0-B67F-36DF00C0D1DA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CCS\Services\Tcpip\..\{DE71992D-2F9C-4779-B19E-DF69372E718E}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS1\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 O17 - HKLM\System\CS2\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31 O18 - Filter: text/html - {F026A0FB-2B37-480B-81DE-0FEA29869853} - C:\WINDOWS\System32\protect32.dll O18 - Filter: text/plain - {F026A0FB-2B37-480B-81DE-0FEA29869853} - C:\WINDOWS\System32\protect32.dll PC neustarten Kille mit der Killbox: C:\WINDOWS\System32\protect32.dll/sp.html C:\WINDOWS\System32\Q1677101.dll C:\WINDOWS\System32\iesp1.dll C:\WINDOWS\System32\protect32.dll PC neustarten #backdoor.agent.b.removal.tool.(Symantec) http://securityresponse.symantec.com/avcenter/venc/data/backdoor.agent.b.removal.tool.html Gehe in den abgesicherten Modus: Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k dann scanne noch mal mit escan (aber unbedingt im abgesicherten Modus) #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein poste das neue Log vom HijackThis. __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 29.01.2005 um 00:54 Uhr von Sabina editiert.
|
|
|
||
29.01.2005, 15:34
...neu hier
Themenstarter Beiträge: 8 |
#13
Hi Sabina,
escan hat nichts gefunden genauso wie ad-Aware, nur search &destroy hat noch vier gefunden, leider schaff ich es einfach nicht dir dies zu kopieren, ist es geschafft? Wenn ja, dann aber nicht ganz, denn wenn ich ins Netz gehe steht unter in der taskleiste immer noch Search Bar = http://........., oder ist das korrekt? ______________________________ REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}" 29.01.2005 01:03:00 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}"=hex(4):46,72,65,73,68,42,61,72,00 ____________________ REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{18B0760D-86E1-46A7-B83E-08A34581833C}" 29.01.2005 01:05:54 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18B0760D-86E1-46A7-B83E-08A34581833C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18B0760D-86E1-46A7-B83E-08A34581833C}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{18B0760D-86E1-46A7-B83E-08A34581833C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{18B0760D-86E1-46A7-B83E-08A34581833C}\Implemented Categories] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{18B0760D-86E1-46A7-B83E-08A34581833C}\Implemented Categories\{00021494-0000-0000-C000-000000000046}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{18B0760D-86E1-46A7-B83E-08A34581833C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{18B0760D-86E1-46A7-B83E-08A34581833C}] "BandCLSID"="{18B0760D-86E1-46A7-B83E-08A34581833C}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{18B0760D-86E1-46A7-B83E-08A34581833C}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{18B0760D-86E1-46A7-B83E-08A34581833C}"="Search" [HKEY_USERS\S-1-5-21-436374069-746137067-854245398-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping] "{18B0760D-86E1-46A7-B83E-08A34581833C}"=dword:0000200d _____________________________________________ REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{00000000-0000-0000-0000-000000000000}" 29.01.2005 01:07:21 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31345649-0000-0010-8000-00AA00389B71}\Pins\Output\Types\{73646976-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CB63E61-C611-11D0-83AA-000092900184}\Pins\Output\Types\{73646976-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2551F60-705F-11CF-A424-00AA003735BE}\Pins\Input\Types\{73646976-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{00000000-0000-0000-0000-000000000000}\Implemented Categories] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{00000000-0000-0000-0000-000000000000}\Implemented Categories\{00021494-0000-0000-C000-000000000046}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{BB07BACD-CD56-4e63-A8FF-CBF0355FB9F4}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978650-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}-{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}-{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}\PublisherProperties] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{02D3EB1A-D009-41B8-81CA-2E0EA4634DEF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{02D3EB1A-D009-41B8-81CA-2E0EA4634DEF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{02D3EB1A-D009-41B8-81CA-2E0EA4634DEF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{02D3EB1A-D009-41B8-81CA-2E0EA4634DEF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{02D3EB1A-D009-41B8-81CA-2E0EA4634DEF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{19AABA67-B25F-4919-B5DA-52EB9E180C53}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{19AABA67-B25F-4919-B5DA-52EB9E180C53}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{19AABA67-B25F-4919-B5DA-52EB9E180C53}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{19AABA67-B25F-4919-B5DA-52EB9E180C53}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{19AABA67-B25F-4919-B5DA-52EB9E180C53}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{57A43E27-8269-4588-8512-136731B20D79}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{57A43E27-8269-4588-8512-136731B20D79}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{57A43E27-8269-4588-8512-136731B20D79}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{57A43E27-8269-4588-8512-136731B20D79}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{57A43E27-8269-4588-8512-136731B20D79}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6697B9EC-7219-4954-A336-498C9B806394}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6697B9EC-7219-4954-A336-498C9B806394}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6697B9EC-7219-4954-A336-498C9B806394}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6697B9EC-7219-4954-A336-498C9B806394}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6697B9EC-7219-4954-A336-498C9B806394}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6697B9EC-7219-4954-A336-498C9B806394}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}\SubscriberProperties] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BAE41415-F42C-4180-9025-8EB70BE8F943}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BAE41415-F42C-4180-9025-8EB70BE8F943}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BAE41415-F42C-4180-9025-8EB70BE8F943}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BAE41415-F42C-4180-9025-8EB70BE8F943}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BAE41415-F42C-4180-9025-8EB70BE8F943}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBBEB7AA-8547-497C-864A-908EB118B688}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBBEB7AA-8547-497C-864A-908EB118B688}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBBEB7AA-8547-497C-864A-908EB118B688}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBBEB7AA-8547-497C-864A-908EB118B688}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBBEB7AA-8547-497C-864A-908EB118B688}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBFAF7C7-9B5D-4D6A-93CE-F02DA42D4668}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBFAF7C7-9B5D-4D6A-93CE-F02DA42D4668}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBFAF7C7-9B5D-4D6A-93CE-F02DA42D4668}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBFAF7C7-9B5D-4D6A-93CE-F02DA42D4668}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{BBFAF7C7-9B5D-4D6A-93CE-F02DA42D4668}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{E8E63809-F6F3-4A01-A433-0DD4B98CFF6B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{E8E63809-F6F3-4A01-A433-0DD4B98CFF6B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{E8E63809-F6F3-4A01-A433-0DD4B98CFF6B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{E8E63809-F6F3-4A01-A433-0DD4B98CFF6B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{E8E63809-F6F3-4A01-A433-0DD4B98CFF6B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{EFDB684B-FC4B-4E80-A46F-22A758387235}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{EFDB684B-FC4B-4E80-A46F-22A758387235}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{EFDB684B-FC4B-4E80-A46F-22A758387235}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "EventClassApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{EFDB684B-FC4B-4E80-A46F-22A758387235}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberPartitionID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{EFDB684B-FC4B-4E80-A46F-22A758387235}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}] "SubscriberApplicationID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000000-0000-0000-0000-000000000000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000000-0000-0000-0000-000000000000}] "BandCLSID"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{00000000-0000-0000-0000-000000000000}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tuning Spaces\1] "Network Type"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tuning Spaces\2] "Network Type"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tuning Spaces\5] "Network Type"="{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00000000-0000-0000-0000-000000000000}"="Search" [HKEY_USERS\.DEFAULT\Identities] "Last User ID"="{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device] "DSGuid"="{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-19\Identities] "Last User ID"="{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-19\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device] "DSGuid"="{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-20\Identities] "Last User ID"="{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-20\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device] "DSGuid"="{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-436374069-746137067-854245398-1004\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device] "DSGuid"="{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-436374069-746137067-854245398-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping] "{00000000-0000-0000-0000-000000000000}"=dword:0000200e [HKEY_USERS\S-1-5-18\Identities] "Last User ID"="{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-18\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device] "DSGuid"="{00000000-0000-0000-0000-000000000000}" ___________________________________________------ REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{F026A0FB-2B37-480B-81DE-0FEA29869853}" 29.01.2005 01:08:52 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F026A0FB-2B37-480B-81DE-0FEA29869853}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F026A0FB-2B37-480B-81DE-0FEA29869853}\InProcServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html] "CLSID"="{F026A0FB-2B37-480B-81DE-0FEA29869853}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain] "CLSID"="{F026A0FB-2B37-480B-81DE-0FEA29869853}" _________________________________________________________ escann: Sa Jan 29 14:29:59 2005 => ***** Scanning Completed. ***** Sa Jan 29 14:29:59 2005 => Sa Jan 29 14:29:59 2005 => Total Number of Files Scanned: 31394 Sa Jan 29 14:29:59 2005 => Total Number of Files Infected: 0 Sa Jan 29 14:29:59 2005 => Total Number of Files Disinfected: 0 Sa Jan 29 14:29:59 2005 => Total Number of Files Renamed: 0 Sa Jan 29 14:29:59 2005 => Total Number of Files Deleted: 0 Sa Jan 29 14:29:59 2005 => Total Number of Errors: 0 Sa Jan 29 14:29:59 2005 => Time Elapsed:: 00:33:06 ___________________________________________________________ Ad-Aware SE Build 1.05 Logfile Created on:Samstag, 29. Januar 2005 14:56:32 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R26 25.01.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):15 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 29.01.2005 14:56:33 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-436374069-746137067-854245398-1004\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 800 ThreadCreationTime : 29.01.2005 13:52:38 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 876 ThreadCreationTime : 29.01.2005 13:52:39 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 908 ThreadCreationTime : 29.01.2005 13:52:42 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 960 ThreadCreationTime : 29.01.2005 13:52:42 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 972 ThreadCreationTime : 29.01.2005 13:52:42 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1148 ThreadCreationTime : 29.01.2005 13:52:43 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1300 ThreadCreationTime : 29.01.2005 13:52:43 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1512 ThreadCreationTime : 29.01.2005 13:52:43 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1588 ThreadCreationTime : 29.01.2005 13:52:43 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1836 ThreadCreationTime : 29.01.2005 13:52:44 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:11 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1944 ThreadCreationTime : 29.01.2005 13:52:44 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1956 ThreadCreationTime : 29.01.2005 13:52:45 BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:13 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 284 ThreadCreationTime : 29.01.2005 13:52:45 BasePriority : Normal FileVersion : 8.16 ProductVersion : 8.16 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:14 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 316 ThreadCreationTime : 29.01.2005 13:52:45 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:15 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 332 ThreadCreationTime : 29.01.2005 13:52:46 BasePriority : Normal FileVersion : 8.16 ProductVersion : 8.16 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:16 [atiptaxx.exe] FilePath : C:\Programme\ATI Technologies\ATI Control Panel\ ProcessID : 368 ThreadCreationTime : 29.01.2005 13:52:46 BasePriority : Normal FileVersion : 6.14.10.4039 ProductVersion : 6.14.10.4039 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:17 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 380 ThreadCreationTime : 29.01.2005 13:52:46 BasePriority : Normal FileVersion : 5.0.18 ProductVersion : 5.0.18 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager #:18 [syntpenh.exe] FilePath : C:\Programme\Synaptics\SynTP\ ProcessID : 416 ThreadCreationTime : 29.01.2005 13:52:46 BasePriority : Normal FileVersion : 6.6.0 05Jul02 ProductVersion : 6.6.0 05Jul02 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002 OriginalFilename : SynTPEnh.exe #:19 [iwctrl.exe] FilePath : C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\ ProcessID : 572 ThreadCreationTime : 29.01.2005 13:52:46 BasePriority : Normal FileVersion : 4.0.2.7 ProductVersion : 4.0.0.0 ProductName : InstantWrite CompanyName : Pinnacle Systems, Inc. FileDescription : InstantWrite Control Center InternalName : iwctrl LegalCopyright : Copyright ©1997-2003 VOB Pinnacle Systems, Inc. #:20 [directcd.exe] FilePath : C:\Programme\Roxio\Easy CD Creator 5\DirectCD\ ProcessID : 664 ThreadCreationTime : 29.01.2005 13:52:47 BasePriority : Normal FileVersion : 5.3.4.21 ProductVersion : 5.3.4.21 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc. OriginalFilename : Directcd.exe #:21 [ati2evxx.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 740 ThreadCreationTime : 29.01.2005 13:52:47 BasePriority : Normal #:22 [ccproxy.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 764 ThreadCreationTime : 29.01.2005 13:52:47 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:23 [avpmwrap.exe] FilePath : C:\PROGRA~1\eScan\ ProcessID : 1044 ThreadCreationTime : 29.01.2005 13:52:48 BasePriority : Normal FileVersion : 4, 0, 0, 1 ProductVersion : 2.6 ProductName : eScan for Windows CompanyName : MicroWorld Technologies Inc. FileDescription : AVPMWrap InternalName : AVPMWrap LegalCopyright : Copyright © 2003-2005 MicroWorld OriginalFilename : AVPMWrap.EXE #:24 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1096 ThreadCreationTime : 29.01.2005 13:52:48 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:25 [msmsgs.exe] FilePath : C:\Programme\Messenger\ ProcessID : 1016 ThreadCreationTime : 29.01.2005 13:52:48 BasePriority : Normal FileVersion : 4.7.2009 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:26 [spysweeper.exe] FilePath : C:\Programme\Webroot\Spy Sweeper\ ProcessID : 1192 ThreadCreationTime : 29.01.2005 13:52:48 BasePriority : Normal FileVersion : 3.0.0.118 ProductVersion : 3.0i ProductName : Spy Sweeper CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper LegalCopyright : Copyright (c) 2001-2004 Webroot Software, Inc. LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc. #:27 [traysser.exe] FilePath : C:\PROGRA~1\eScan\ ProcessID : 1196 ThreadCreationTime : 29.01.2005 13:52:48 BasePriority : Normal FileVersion : 4, 0, 0, 1 ProductVersion : 4, 0, 0, 1 ProductName : MWTI2 TRAYSSER CompanyName : MWTI2 FileDescription : TRAYSSER InternalName : TRAYSSER LegalCopyright : Copyright © 2004 OriginalFilename : TRAYSSER.exe #:28 [avpm.exe] FilePath : C:\PROGRA~1\eScan\ ProcessID : 1240 ThreadCreationTime : 29.01.2005 13:52:48 BasePriority : Normal FileVersion : 4.2.0.58 ProductVersion : 4.2.0.0 ProductName : Kaspersky Anti-Virus CompanyName : Kaspersky Labs. FileDescription : KAV Monitor main module InternalName : AvpM LegalCopyright : Copyright (c) Kaspersky Labs. 1996-2002. LegalTrademarks : Kaspersky Anti-Virus(R) and AVP(R) are registered trademarks of Kaspersky Labs. OriginalFilename : AvpM.Exe Comments : Victor Matiouchenkov [victor@avp.ru] #:29 [em_exec.exe] FilePath : C:\Programme\Logitech\MouseWare\system\ ProcessID : 1256 ThreadCreationTime : 29.01.2005 13:52:49 BasePriority : Normal FileVersion : 9.80.019 ProductVersion : 9.80.019 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : (C) 1987-2004 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team #:30 [maildisp.exe] FilePath : C:\PROGRA~1\eScan\ ProcessID : 1548 ThreadCreationTime : 29.01.2005 13:52:51 BasePriority : Normal FileVersion : 4, 0, 0, 1 ProductVersion : 4, 0, 0, 1 ProductName : MAILDISP CompanyName : MicroWorld Technologies Inc. FileDescription : MAILDISP InternalName : MAILDISP LegalCopyright : Copyright © 2004 OriginalFilename : MAILDISP.exe #:31 [soffice.exe] FilePath : C:\Programme\StarOffice6.0\program\ ProcessID : 1616 ThreadCreationTime : 29.01.2005 13:52:51 BasePriority : Normal FileVersion : 6.00.8546 ProductVersion : 6.00.8546 CompanyName : Sun Microsystems, Inc. FileDescription : StarOffice 6.0 InternalName : SOFFICE LegalCopyright : Copyright © 2000 by Sun Microsystems, Inc. OriginalFilename : SOFFICE.EXE #:32 [locator.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1864 ThreadCreationTime : 29.01.2005 13:52:52 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Rpc Locator InternalName : locator.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : locator.exe #:33 [mailscan.exe] FilePath : C:\PROGRA~1\eScan\ ProcessID : 1372 ThreadCreationTime : 29.01.2005 13:52:54 BasePriority : Normal FileVersion : 4, 0, 0, 1 ProductVersion : 4, 0, 0, 1 ProductName : MAILSCAN CompanyName : MicroWorld Technologies Inc. FileDescription : MAILSCAN InternalName : MAILSCAN LegalCopyright : Copyright © 2004 OriginalFilename : MAILSCAN.exe #:34 [kavss.exe] FilePath : C:\PROGRA~1\eScan\ ProcessID : 1164 ThreadCreationTime : 29.01.2005 13:52:55 BasePriority : Normal FileVersion : 4.0.2.10 ProductVersion : 4.0.2.10 ProductName : Kaspersky Anti-Virus Scanner Server CompanyName : Kaspersky Lab. FileDescription : Kaspersky Anti-Virus Single Scanner InternalName : kavss.exe LegalCopyright : Copyright (C) 1999-2002 Kaspersky Lab. LegalTrademarks : Kaspersky is a registered trademark of Kaspersky Lab. OriginalFilename : kavss.exe Comments : Dmitry A. Ryabov [ryabov@kaspersky.com] #:35 [spooler.exe] FilePath : C:\PROGRA~1\eScan\ ProcessID : 1528 ThreadCreationTime : 29.01.2005 13:52:55 BasePriority : Normal FileVersion : 4, 0, 0, 1 ProductVersion : 4, 0, 0, 1 ProductName : spooler CompanyName : MicroWorld Technologies Inc. FileDescription : spooler InternalName : spooler LegalCopyright : Copyright © 2004 MicroWorld Technologies Inc. OriginalFilename : spooler.exe #:36 [avpm.exe] FilePath : C:\PROGRA~1\eScan\ ProcessID : 2876 ThreadCreationTime : 29.01.2005 13:53:18 BasePriority : Normal FileVersion : 4.2.0.58 ProductVersion : 4.2.0.0 ProductName : Kaspersky Anti-Virus CompanyName : Kaspersky Labs. FileDescription : KAV Monitor main module InternalName : AvpM LegalCopyright : Copyright (c) Kaspersky Labs. 1996-2002. LegalTrademarks : Kaspersky Anti-Virus(R) and AVP(R) are registered trademarks of Kaspersky Labs. OriginalFilename : AvpM.Exe Comments : Victor Matiouchenkov [victor@avp.ru] #:37 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3652 ThreadCreationTime : 29.01.2005 13:53:39 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:38 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2904 ThreadCreationTime : 29.01.2005 13:54:39 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:39 [syntplpr.exe] FilePath : C:\Programme\Synaptics\SynTP\ ProcessID : 3108 ThreadCreationTime : 29.01.2005 13:55:52 BasePriority : Normal FileVersion : 6.6.0 05Jul02 ProductVersion : 6.6.0 05Jul02 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002 OriginalFilename : SynTPLpr.exe #:40 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2396 ThreadCreationTime : 29.01.2005 13:56:07 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 15 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 15:02:52 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:06:19.225 Objects scanned:96174 Objects identified:0 Objects ignored:0 New critical objects:0 ______________________________________________________ Logfile of HijackThis v1.99.0Scan saved at 15:21:18, on 29.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\PROGRA~1\eScan\AVPMWrap.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\eScan\TRAYSSER.EXE C:\PROGRA~1\eScan\avpm.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\eScan\MAILDISP.EXE C:\Programme\StarOffice6.0\program\soffice.exe C:\WINDOWS\System32\locator.exe C:\PROGRA~1\eScan\MAILSCAN.EXE C:\PROGRA~1\eScan\kavss.exe C:\PROGRA~1\eScan\SPOOLER.EXE C:\PROGRA~1\eScan\AvpM.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Eigene Dateien\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von cablecom hispeed internet O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programme\eScan\LAUNCH.EXE" O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Startup: StarOffice 6.0.lnk = C:\Programme\StarOffice6.0\program\quickstart.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: eScan Server-Updater - MWTI2 - C:\PROGRA~1\eScan\TRAYSSER.EXE O23 - Service: eScan Monitor Service - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe ________________________________________ mfg |
|
|
||
29.01.2005, 23:22
Ehrenmitglied
Beiträge: 29434 |
#14
Hallo@Metteron
es sieht schon viel besser aus Neustarten --> in den abgesicherten Modus remv3.bat--> noch einmal scannen, bitte dann die txt-Log von rem posten und stelle eine neue Startseite im InternetExplorer ein und poste das Log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 29.01.2005 um 23:24 Uhr von Sabina editiert.
|
|
|
||
30.01.2005, 23:31
...neu hier
Themenstarter Beiträge: 8 |
#15
Hi Sabina, hier sind die rem und hijackthis log´s/Dateien.
Könntest du mir noch ein paar Programme empfehlen damit ich nicht so schnell wieder ärger habe, beziehungsweise schwache nerven. Files Found................. ---------------------------------------- Files Not deleted................. ---------------------------------------- Merging registry entries ----------------------------------------------------------------- The Registry Entries Found... ----------------------------------------------------------------- Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting ----------------------------------------------------------------- msi.dll Finished ____________________________ Logfile of HijackThis v1.99.0 Scan saved at 23:20:44, on 30.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\eScan\TRAYICOS.EXE C:\PROGRA~1\eScan\AVPMWrap.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\eScan\MAILDISP.EXE C:\Programme\StarOffice6.0\program\soffice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\PROGRA~1\eScan\TRAYSSER.EXE C:\PROGRA~1\eScan\avpm.exe C:\WINDOWS\System32\locator.exe C:\PROGRA~1\eScan\SPOOLER.EXE C:\PROGRA~1\eScan\MAILSCAN.EXE C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\eScan\kavss.exe C:\PROGRA~1\eScan\AvpM.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\Oliver.OLIVERLAPTOP\Eigene Dateien\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von cablecom hispeed internet O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programme\eScan\LAUNCH.EXE" O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Startup: StarOffice 6.0.lnk = C:\Programme\StarOffice6.0\program\quickstart.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: eScan Server-Updater - MWTI2 - C:\PROGRA~1\eScan\TRAYSSER.EXE O23 - Service: eScan Monitor Service - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe mfg Olli |
|
|
||
ihr wurdet mir in den höhsten tönen empfohlen von einem kollegen, dem ihr schon mal gerettet habt und hoffe ihr könnt es, bei mir gleich tun.
und zwar sobald ich meinen explorer öffne bekomme ich immer die eine falsche startseite geöffnet, ich habs auch schon mit euern hijachthis entfernt, aber sie kam bis jetzt immer wieder. ich hoffe ihr könnt mir da weiter helfen, vielen dank im vorraus, hier mein logfile:
Logfile of HijackThis v1.99.0
Scan saved at 01:19:34, on 23.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\Siemens\Gigaset USB Stick 54\Gcc.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\StarOffice6.0\program\soffice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Siemens\Gigaset USB Stick 54\OdHost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\DOKUME~1\OLIVER~1.OLI\LOKALE~1\Temp\Rar$EX14.524\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my-mail.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my-mail.ch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von cablecom hispeed internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - URLSearchHook: Search - {B3CC3ADE-3C49-49BD-BD55-179723AAB0FB} - C:\WINDOWS\System32\Q447553.dll (file missing)
O2 - BHO: Search - {16C3C644-B7D6-4131-A7D7-D251439E8C26} - C:\WINDOWS\System32\Q447553.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Workflow] D:\Installs\Workflow.exe
O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: StarOffice 6.0.lnk = C:\Programme\StarOffice6.0\program\quickstart.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Stick 54\Gcc.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://*.63.219.181.7
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{968D7E4A-C7A1-4904-BEFF-DDB380456F60}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{A86F940E-86C6-4BA0-B67F-36DF00C0D1DA}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE71992D-2F9C-4779-B19E-DF69372E718E}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{F21A4CC9-7615-4FD8-8F62-4D133CEF3614}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EEFAA4F-0185-4CA8-89FE-10A0B38120EA}: NameServer = 69.50.188.180,195.225.176.31
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
cu. Metty