schwarzer desktop nach virenbekämpfung... |
||
---|---|---|
#0
| ||
12.06.2005, 12:27
...neu hier
Beiträge: 4 |
||
|
||
12.06.2005, 13:01
Ehrenmitglied
Beiträge: 29434 |
#32
Hallo@Ba.sti
CCleaner--> loesche alle *temp-Datein(die urls brauchst du nicht anzuhaken, sind die Favoriten) http://virus-protect.org/temp.html #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein arbeite das bitte ab und poste alles: http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.06.2005, 13:31
...neu hier
Beiträge: 4 |
#33
Ich habe da n problem, der CCleaner hat 2.005,085 MB gelöscht ... (??) bin 2. mal hat er weitere 0.85 MB gelöscht, aber ... der verlauf in Netscape is noch da, ich kann den internetexplorer immernoch nich öffnen ... is dann der CCleaner kaputt oder mein pc? ich mache dann mal das andere ...
mfg basti ___________________________________________________________________ langsam sind mir Viren unsympatisch Edit: der inetexplorer funzt wieder, es war die startseite ??? dann massig Quadrate und dann wieder ?? eingestellt, jetzt gehts wieder Dieser Beitrag wurde am 12.06.2005 um 13:34 Uhr von Ba.sti editiert.
|
|
|
||
12.06.2005, 13:35
Ehrenmitglied
Beiträge: 29434 |
#34
vielleicht scannst du noch mal mit dem se.dll-Tool, suchst dann das log vom Scan (oder , falls du findest, das Log vom 1.Scan) und postest es mir
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.06.2005, 13:46
...neu hier
Beiträge: 4 |
#35
se.dll tool war doch silentrunners oder? der log wäre denn:
"Silent Runners.vbs", revision 37, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Mozilla Quick Launch" = ""C:\Programme\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "STYLEXP" = "C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide" [file not found] "Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "Steam" = ""d:\lalalala\steam.exe" -silent" ["Valve Corporation"] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "Dit" = "Dit.exe" ["ICSI Technology Ltd."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "CHotkey" = "mHotkey.exe" ["Chicony"] "ledpointer" = "CNYHKey.exe" ["Chicony"] "Prism_Utility" = "Prismsta.exe" ["Intersil Americas Inc."] "PCMService" = ""C:\Programme\Home Cinema\PowerCinema\PCMService.exe"" [empty string] "Microsoft Works Update Detection" = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."] "mmtask" = "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" ["TODO: <Company name>"] "AVGCtrl" = "C:\Programme\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"] "msnappau" = ""C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" [file not found] "{15362FA5-C983-41ed-B7AC-5B9BEAF56929}" = "AOL" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\aolshare\shell\de\shellext.dll" ["America Online, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshellext.dll" ["RealNetworks"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Enabled Active Desktop and Wallpaper: ------------------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Basti" & "All Users" startup folders: ------------------------------------------------------- C:\Dokumente und Einstellungen\Basti\Startmenü\Programme\Autostart "Mousometer" -> shortcut to: "C:\Programme\Mousometer\mousometer.exe" [null data] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {CLSID}\(Default) = "MSN" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll" [MS] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {CLSID}\(Default) = "ICQ Toolbar" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {CLSID}\(Default) = "MSN" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll" [MS] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {CLSID}\(Default) = "ICQ Toolbar" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ -> {CLSID}\(Default) = "Real.com" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, "C:\Programme\AVPersonal\AVGUARD.EXE" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Ereignisprotokoll-Überwachung, LogWatch, "C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe" ["Computer Associates"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- Edit: So ... Hier die Statistik mienes ersten eScans: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Fri Jan 03 04:27:59 2003 => File C:\WINDOWS\system32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: File Deleted. 2: Fri Jan 03 04:31:58 2003 => File C:\Dokumente und Einstellungen\Basti\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-1d01f676.zip infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: File Deleted. 3: Fri Jan 03 04:57:40 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temp\se.dll infected by "Trojan.Win32.StartPage.gv" Virus. Action Taken: File Deleted. 4: Fri Jan 03 04:58:51 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\main[1].htm infected by "Trojan-Clicker.HTML.IFrame.a" Virus. Action Taken: File Deleted. 5: Fri Jan 03 04:58:52 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\myform[1].php infected by "Trojan-Clicker.HTML.IFrame.a" Virus. Action Taken: File Deleted. 6: Fri Jan 03 04:59:00 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\tbd_web[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: File Renamed. 7: Fri Jan 03 04:59:00 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\tbd_web[2].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: File Renamed. 8: Fri Jan 03 04:59:03 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\ysb_prompt[1].php infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: File Deleted. 9: Fri Jan 03 04:59:07 2003 => Scanning File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4DQFCHYJ\infected6xz[1].gif [**] 10: Fri Jan 03 04:59:24 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FC7EILF3\main[2].htm infected by "Trojan-Clicker.HTML.IFrame.a" Virus. Action Taken: File Deleted. 11: Fri Jan 03 04:59:25 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FC7EILF3\myform[1].htm infected by "Trojan-Clicker.HTML.IFrame.a" Virus. Action Taken: File Deleted. 12: Fri Jan 03 04:59:37 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T1MXJ0C3\in[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed. 13: Fri Jan 03 04:59:53 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YHHKSZD3\prompt[1].php infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: File Deleted. 14: Fri Jan 03 04:59:58 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YHHKSZD3\tbd_web[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: File Renamed. 15: Fri Jan 03 05:00:12 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\in[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed. 16: Fri Jan 03 05:00:14 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\myform[1].htm infected by "Trojan-Clicker.HTML.IFrame.a" Virus. Action Taken: File Deleted. 17: Fri Jan 03 05:00:20 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\tab1[1].htm infected by "Trojan-Clicker.HTML.IFrame.a" Virus. Action Taken: File Deleted. 18: Fri Jan 03 05:00:22 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\ttt[1].exe infected by "Trojan-Dropper.Win32.Small.oy" Virus. Action Taken: File Deleted. 19: Fri Jan 03 05:00:23 2003 => File C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\wow[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed. 20: Fri Jan 03 05:06:49 2003 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 21: Fri Jan 03 05:08:45 2003 => Scanning File C:\Programme\Blitz2DDemo\help\resources\samples\music\Warning_Infected!.mod 22: Fri Jan 03 06:08:32 2003 => Total Number of Disinfected Files: 0 -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- *** -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Fri Jan 03 04:26:00 2003 => ERROR!!! Invalid Entry System32\Drivers\iiusbisp.sys in SYSTEM\CurrentControlSet\Services\IIUSBISP... 2: Fri Jan 03 05:40:25 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB824141$\user32.dll 3: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe 4: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll 5: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll 6: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\html32.cnv 7: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\locator.exe 8: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\magnify.exe 9: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe 10: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys 11: Fri Jan 03 05:40:26 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll 12: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\narrator.exe 13: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\newdev.dll 14: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll 15: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\osk.exe 16: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll 17: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys 18: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll 19: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll 20: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\srv.sys 21: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\user32.dll 22: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll 23: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll 24: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll 25: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826942$\ndis.sys 26: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys 27: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll 28: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll 29: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll 30: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB826942$\xpsp2res.dll 31: Fri Jan 03 05:40:27 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll 32: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll 33: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll 34: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll 35: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll 36: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll 37: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll 38: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\colbact.dll 39: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll 40: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe 41: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\comuid.dll 42: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\es.dll 43: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe 44: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll 45: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll 46: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll 47: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll 48: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll 49: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll 50: Fri Jan 03 05:40:28 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll 51: Fri Jan 03 05:40:29 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\txflog.dll 52: Fri Jan 03 05:40:29 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB833330$\Blastcln\blastcln.exe 53: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\callcont.dll 54: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll 55: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\h323.tsp 56: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll 57: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe 58: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll 59: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll 60: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll 61: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll 62: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\msgina.dll 63: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\mst120.dll 64: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll 65: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll 66: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll 67: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\schannel.dll 68: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll 69: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\dao360.dll 70: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll 71: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll 72: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll 73: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll 74: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll 75: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll 76: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll 77: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll 78: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll 79: Fri Jan 03 05:40:31 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll 80: Fri Jan 03 05:40:32 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll 81: Fri Jan 03 05:40:32 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll 82: Fri Jan 03 05:40:32 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll 83: Fri Jan 03 05:40:32 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll 84: Fri Jan 03 05:40:32 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll 85: Fri Jan 03 05:40:32 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll 86: Fri Jan 03 05:40:32 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll 87: Fri Jan 03 05:40:32 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll 88: Fri Jan 03 05:40:33 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll 89: Fri Jan 03 05:40:33 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB839645$\sxs.dll 90: Fri Jan 03 05:40:33 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll 91: Fri Jan 03 05:40:40 2003 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\WINDOWS\system32\wldr.dll => Trojan-Downloader.Win32.Agent.le 2: C:\Dokumente und Einstellungen\Basti\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-1d01f676.zip => Trojan-Downloader.Java.OpenStream.t 3: C:\Dokumente und Einstellungen\Basti\Desktop\Verküpfungen\Rise of nation\imsdox-ron.exe => tagged:CrackTool.Win32.HotHook. 4: C:\Dokumente und Einstellungen\Basti\Eigene Dateien\lalal\Cs\hltv.exe => tagged:Server-Proxy.Win32.3proxy.Hltv. 5: C:\Dokumente und Einstellungen\Basti\Eigene Dateien\lalal\Cs\Quake 3\Check for Quake III Arena Updates.exe => tagged:Tool.Win32.Reboot. 6: C:\Dokumente und Einstellungen\Basti\Eigene Dateien\lalal\Sheep.exe => tagged:Effect.Win16.Sheep. 7: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temp\se.dll => Trojan.Win32.StartPage.gv 8: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\main[1].htm => Trojan-Clicker.HTML.IFrame.a 9: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\myform[1].php => Trojan-Clicker.HTML.IFrame.a 10: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\tbd_web[1].htm => Exploit.HTML.CodeBaseExec 11: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\tbd_web[2].htm => Exploit.HTML.CodeBaseExec 12: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1R8GKDTO\ysb_prompt[1].php => Trojan-Downloader.JS.IstBar.j 13: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FC7EILF3\main[2].htm => Trojan-Clicker.HTML.IFrame.a 14: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FC7EILF3\myform[1].htm => Trojan-Clicker.HTML.IFrame.a 15: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T1MXJ0C3\in[1].htm => Exploit.HTML.Mht 16: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YHHKSZD3\prompt[1].php => Trojan-Downloader.JS.IstBar.j 17: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YHHKSZD3\tbd_web[1].htm => Exploit.HTML.CodeBaseExec 18: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\in[1].htm => Exploit.HTML.Mht 19: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\myform[1].htm => Trojan-Clicker.HTML.IFrame.a 20: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\tab1[1].htm => Trojan-Clicker.HTML.IFrame.a 21: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\ttt[1].exe => Trojan-Dropper.Win32.Small.oy 22: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZMQLOUE5\wow[1].htm => Exploit.HTML.Mht -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Muss ich den jetzt nochmalmachen? Dieser Beitrag wurde am 12.06.2005 um 14:14 Uhr von Ba.sti editiert.
|
|
|
||
12.06.2005, 14:14
Ehrenmitglied
Beiträge: 29434 |
#36
Hijacker about:blank - se.dll\sp.html
http://www.trojaner-info.de/anleitungen/hijackthis/about_blank.html ich moechte gern das Log von diesem Scan denn der Hijacker ist noch nicht geloescht Zitat 7: C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temp\se.dll => Trojan.Win32.StartPage.gv--------------------------- Trojan-Clicker.HTML.IFrame.aloeschen C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Temporary Internet Files\Content.IE5\<---alles leeren (lasse nur die index.dat) dann: PC neustarten+ dann scanne bitte noch einmal mit escan und poste alles __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.08.2005, 17:46
Member
Beiträge: 20 |
#37
Hallo, habe auch Probleme... --> schwarzer Bildschirm mit "Warning"-Hinweis und ab und an werde ich aus dem I-Net automatisch rausgekickt...
Hier meine HiJackThis Logfile Was kann ich als nächstes machen um das Problem zu beheben? Danke schonmal für die Mühe/Hilfe... Logfile of HijackThis v1.99.1 Scan saved at 17:43:22, on 29.08.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\0900 Alarm\0900Alarm.exe C:\WINDOWS\System32\intmonp.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\intmon.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\popuper.exe C:\WINDOWS\System32\shnlog.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\ArcorOnline\Arcor.exe C:\Programme\Microsoft Office\Office\WINWORD.EXE C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Programme\SICHERHEIT\hijackthis_199_1\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.search-control.com/srh/151/ R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-control.com/srh/151/ R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.search-control.com/srh/151/ R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-control.com/srh/151/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-control.com/srh/151/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-control.com/srh/151/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: (no name) - {FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp8372.tmp O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\0900Alarm.exe O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a O4 - Startup: 0900Alarm.exe.lnk = C:\Programme\0900 Alarm\0900Alarm.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: Browser-Anpassung für Outpost Firewall - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\System32\Winx\SRS.EXE O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU) O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.a99b.com/videochat.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{CCE5CFD3-FCE5-48BD-90CA-D7C26A44ACE5}: NameServer = 195.50.140.252 145.253.2.75 O20 - Winlogon Notify: style2 - C:\WINDOWS\q710406_disk.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe |
|
|
||
29.08.2005, 17:53
Ehrenmitglied
Beiträge: 29434 |
#38
boris77
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.search-control.com/srh/151/ R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-control.com/srh/151/ R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.search-control.com/srh/151/ R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-control.com/srh/151/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-control.com/srh/151/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.search-control.com/srh/151/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp8372.tmp O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O20 - Winlogon Notify: style2 - C:\WINDOWS\q710406_disk.dll pc neustarten KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html Delete File on Reboot (anhaken) C:\WINDOWS\system32\ps2.exe C:\WINDOWS\q710406_disk.dll C:\WINDOWS\System32\hp8372.tmp C:\WINDOWS\System32\msmsgs.exe C:\WINDOWS\popuper.exe C:\WINDOWS\System32\shnlog.exe und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? " ---- klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" PC neustarten CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html smitRem TOOL (Entfernungstool) http://noahdfear.geekstogo.com/ öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste die Textdatei in den Thread *reg-Datei oben im Browser: Datei -- Seite speichern unter.. -- wähle "Desktop" -- speichern http://www.bleepingcomputer.com/files/reg/smitfraud.reg dann erscheint eine smitfraud.reg auf dem Desktop Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "smitfraud.reg" auf dem Desktop doppelklicken und mit "ja" bestätigen, damit die reg*-Datei der Registry beigefügt wird und sofort den PC neustarten ClaerProg..lade die neuste Version http://virus-protect.org/temp.html und reinige den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Verlauf - Temporäre Internetfiles (Cache) - URLs - index.dat Lade Ewido von dieser Seite -- poste mir den scanreport http://virus-protect.org/ewido.html + #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein poste dann auch das neue Log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.08.2005, 22:27
Member
Beiträge: 20 |
#39
Hallo Sabina,
anbei die SMITFILES.TXT -Datei. smitRem log file version 2.3 by noahdfear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ShudderLTD key present! Running LTDFix! ShudderLTD key was successfully removed! Pre-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ wppp.html intmonp.exe ole32vbs.exe hp***.tmp intmon.exe hhk.dll logfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ sites.ini ~~~ Drive root ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Wininet.dll ~~~ wininet.dll INFECTED!! Starting replacement procedure. ~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~ ~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~ ~~~~ Checking dllcache\wininet.dll for infection ~~~~ ~~~~ dllcache\wininet.dll Clean! ~~~~ ~~~ Replaced wininet.dll from dllcache ~~~ |
|
|
||
29.08.2005, 22:29
Ehrenmitglied
Beiträge: 29434 |
#40
boris77
nun arbeite Schritt fuer Schritt alles weitere ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.08.2005, 23:33
Member
Beiträge: 20 |
#41
Hallo Sabina,
hier nun endlich der EWIDO Scanreport - nach getätigter Säuberung... --------------------------------------------------------- ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 23:32:11, 29.08.2005 + Report-Checksumme: 9424985 + Scanergebnis: HKLM\SOFTWARE\Classes\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} -> Spyware.URLBlaze : Gesäubert mit Backup HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj -> Spyware.CoolWebSearch : Gesäubert mit Backup HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer -> Spyware.CoolWebSearch : Gesäubert mit Backup HKLM\SOFTWARE\Classes\IELoaderCtl.IELoaderCtl -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{0F4A7B40-A295-11CF-A3A9-00A0C9034920} -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{20F13844-04BC-4987-9964-2502F0DA54D3} -> Spyware.PurityScan : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{3E43040C-73C1-4898-A4F8-E2C9428B1167} -> Spyware.PurityScan : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115} -> Spyware.BlazeFind : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{C60BC918-ABBA-0704-0B53-2C8830E9FAEC} -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Interface\{CE7C3CEF-4B15-11D1-ABED-709549C10000} -> Spyware.WurldMedia : Gesäubert mit Backup HKLM\SOFTWARE\Classes\Jao.jao -> Spyware.BlazeFind : Gesäubert mit Backup HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Gesäubert mit Backup HKLM\SOFTWARE\IntexusDial -> Dialer.Generic : Gesäubert mit Backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Yun -> Spyware.CoolWebSearch : Gesäubert mit Backup HKU\S-1-5-21-3174505522-3035045854-1967465239-1005\Software\IST -> Spyware.ISTBar : Gesäubert mit Backup HKU\S-1-5-21-3174505522-3035045854-1967465239-1005\Software\Microsoft\Windows\CurrentVersion\Yun -> Spyware.CoolWebSearch : Gesäubert mit Backup C:\Dokumente und Einstellungen\Boris\Cookies\boris@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup C:\Dokumente und Einstellungen\Boris\Cookies\boris@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\Boris\Cookies\boris@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Gesäubert mit Backup C:\Programme\AVPersonal\INFECTED\QZUQPHF.EXE.VIR -> TrojanDownloader.PurityScan.d : Gesäubert mit Backup C:\Programme\AVPersonal\INFECTED\qzuqphf.VIR -> TrojanDownloader.PurityScan.d : Gesäubert mit Backup C:\Programme\SICHERHEIT\hijackthis_199_1\backups\backup-20050829-181441-211.dll -> Trojan.Puper.g : Gesäubert mit Backup C:\WINDOWS\odbc.hta -> Spyware.Hijacker.Generic : Gesäubert mit Backup C:\WINDOWS\odbs.log -> Spyware.Hijacker.Generic : Gesäubert mit Backup C:\WINDOWS\system32\Winx\SRS.EXE -> Spyware.Hijacker.Generic : Gesäubert mit Backup C:\WINDOWS\system32\Winx\SYS.EXE -> Spyware.Hijacker.Generic : Gesäubert mit Backup ::Report Ende Und hier der HIJACKTHIS-Logfile: Logfile of HijackThis v1.99.1 Scan saved at 23:36:49, on 29.08.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\HP\KBD\KBD.EXE C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Dit.exe C:\Programme\MSI\Live Update 3\LMonitor.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe C:\WINDOWS\DitExp.exe C:\Programme\0900 Alarm\0900Alarm.exe C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\ArcorOnline\Arcor.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\ewido\security suite\ewidoguard.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\SICHERHEIT\hijackthis_199_1\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/content/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: (no name) - {FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\0900Alarm.exe O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a O4 - Startup: 0900Alarm.exe.lnk = C:\Programme\0900 Alarm\0900Alarm.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: Browser-Anpassung für Outpost Firewall - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\System32\Winx\SRS.EXE (file missing) O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU) O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.a99b.com/videochat.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{CCE5CFD3-FCE5-48BD-90CA-D7C26A44ACE5}: NameServer = 195.50.140.252 145.253.2.75 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Und, muss ich noch was machen? Ich hoffe nicht, andererseits, mit der Hilfe, die ich bisher hatte ;-) Dieser Beitrag wurde am 29.08.2005 um 23:40 Uhr von boris77 editiert.
|
|
|
||
29.08.2005, 23:49
Ehrenmitglied
Beiträge: 29434 |
#42
Hallo@boris77
Fixe mit dem HijackThis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/ R3 - URLSearchHook: (no name) - {FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file) PC neustarten bitte abarbeiten und alles posten (mit Pfadangabe) http://virus-protect.org/datfindbat.html escan , bitte abarbeiten und alles posten + das neue Log vom HijackThis http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.08.2005, 00:14
Member
Beiträge: 20 |
#43
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\WINDOWS\system32 29.08.2005 15:51 16.896 checkIn.dll 29.08.2005 15:00 766 spyware.ico 29.08.2005 15:00 4.286 spam.ico 29.08.2005 15:00 2.238 network.ico 28.08.2005 21:14 1.374 wpa.dbl 09.08.2005 11:24 493 WebPlayerInstaller.log 14.07.2005 21:07 16.832 amcompat.tlb 14.07.2005 21:07 23.392 nscompat.tlb 08.07.2005 11:53 366.510 perfh009.dat 08.07.2005 11:53 46.920 perfc009.dat 08.07.2005 11:53 398.034 perfh007.dat 08.07.2005 11:53 63.610 perfc007.dat 08.07.2005 11:53 884.724 PerfStringBackup.INI 07.05.2005 21:30 72.192 taskkill.exe 14.04.2005 19:01 8 ntP2.trk 12.03.2005 00:48 56.832 pxcpya64.exe 12.03.2005 00:48 109.568 pxinsi64.exe 12.03.2005 00:48 56.320 pxinsa64.exe 12.03.2005 00:48 61.440 pxhpinst.exe 12.03.2005 00:48 108.544 pxcpyi64.exe 12.03.2005 00:28 28.672 VXBLOCK.dll 12.03.2005 00:28 339.968 pxwave.dll 12.03.2005 00:28 405.504 pxdrv.dll 12.03.2005 00:28 172.032 pxmas.dll 12.03.2005 00:28 339.968 px.dll 27.01.2005 15:39 466.944 capicom.dll 26.01.2005 20:48 1.895 qtplugin.log 11.08.2004 20:45 228.352 wmerror.dll 11.08.2004 20:45 9.216 asferror.dll 11.08.2004 20:45 3.407.872 wmploc.dll 11.08.2004 20:45 86.016 wmpshell.dll 11.08.2004 20:45 311.808 MSWMDM.dll 11.08.2004 20:45 482.816 Audiodev.dll 11.08.2004 01:39 2.362.104 wmvcore.dll 11.08.2004 01:39 773.368 wmsdmod.dll 11.08.2004 01:38 871.160 wmvdmod.dll 11.08.2004 01:38 1.181.944 wmvadvd.dll 11.08.2004 01:38 531.192 wmspdmod.dll 11.08.2004 01:38 380.144 wmadmod.dll 11.08.2004 01:38 360.176 MSSCP.dll 11.08.2004 01:38 253.688 drmclien.dll 11.08.2004 01:37 290.816 WMDRMNet.dll 11.08.2004 01:37 344.064 WMDRMdev.dll 11.08.2004 01:36 527.360 drmv2clt.dll 11.08.2004 01:36 233.472 blackbox.dll 11.08.2004 01:36 95.232 drmstor.dll 11.08.2004 01:36 141.312 msnetobj.dll 11.08.2004 00:45 221.184 qasf.dll 11.08.2004 00:45 1.509.376 WMVADVE.DLL 11.08.2004 00:45 34.304 WMDMPS.dll 11.08.2004 00:45 30.208 WMDMLOG.dll 11.08.2004 00:45 25.088 MsPMSNSv.dll 11.08.2004 00:45 169.472 MsPMSP.dll 11.08.2004 00:45 282.624 wmpdxm.dll 11.08.2004 00:45 161.792 cewmdm.dll 11.08.2004 00:45 135.168 wmpasf.dll 11.08.2004 00:45 712.704 wmadmoe.dll 11.08.2004 00:45 999.424 wmvdmoe2.dll 11.08.2004 00:45 175.104 wmpsrcwp.dll 11.08.2004 00:45 1.589.760 wmpencen.dll 11.08.2004 00:45 1.116.160 wmsdmoe2.dll 11.08.2004 00:45 936.960 wmspdmoe.dll 11.08.2004 00:41 5.550.080 wmp.dll 11.08.2004 00:41 1.027.072 wmnetmgr.dll 11.08.2004 00:41 229.376 wmasf.dll 10.08.2004 22:07 150.016 wmidx.dll 10.08.2004 22:07 6.656 laprxy.dll 10.08.2004 22:05 38.912 wpd_ci.dll 10.08.2004 22:05 327.680 wpdsp.dll 10.08.2004 22:05 331.776 wpdmtpdr.dll 10.08.2004 22:05 114.176 wpdmtp.dll 10.08.2004 22:05 66.560 wpdmtpus.dll 10.08.2004 22:05 61.952 wpdconns.dll 10.08.2004 22:05 10.752 wpdtrace.dll 10.08.2004 22:05 47.104 uwdf.exe 10.08.2004 22:05 38.912 wdfmgr.exe 10.08.2004 22:05 15.872 wdfapi.dll 10.08.2004 21:52 360.448 l3codecp.acm 10.08.2004 21:52 20.480 wmpcd.dll 10.08.2004 21:52 20.480 wmpui.dll 10.08.2004 21:52 20.480 wmpcore.dll 10.08.2004 21:52 20.480 wmp.ocx 10.08.2004 21:46 96.768 logagent.exe 23.07.2004 16:09 13.368 FlashVxd.vxd Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\DOKUME~1\Boris\LOKALE~1\Temp 29.08.2005 22:40 16.384 ~DFDBB3.tmp 29.08.2005 22:32 534 pcf2.tmp 29.08.2005 22:29 534 pcf1.tmp 3 Datei(en) 17.452 Bytes 0 Verzeichnis(se), 17.361.891.328 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\WINDOWS 29.08.2005 22:38 0 0.log 29.08.2005 22:38 525 ODBC.INI 29.08.2005 22:38 4.210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 29.08.2005 22:38 49 transp.gif 29.08.2005 22:38 50 wiaservc.log 29.08.2005 22:38 157 wiadebug.log 29.08.2005 22:37 54.156 QTFont.qfn 29.08.2005 22:37 2.048 bootstat.dat 29.08.2005 22:36 105.272 ntbtlog.txt 29.08.2005 22:34 32.506 SchedLgU.Txt 29.08.2005 22:22 71.025 setupact.log 29.08.2005 22:22 0 setuperr.log 29.08.2005 16:40 1.593 uninstall.ini 29.08.2005 16:01 1.409 QTFont.for 29.08.2005 10:56 54.325 CDPLAYER.INI 29.08.2005 00:31 155 winamp.ini 25.08.2005 01:06 363.337 wmsetup.log 22.08.2005 23:43 20 SIERRA.INI 19.08.2005 12:01 1.023.471 setupapi.log 16.08.2005 19:49 228 MP32WAV.INI 17.07.2005 19:46 32 mscpt.dat Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 48AC-4ADA Verzeichnis von C:\ 30.08.2005 00:13 0 sys.txt 30.08.2005 00:12 9.812 system.txt 30.08.2005 00:11 375 systemtemp.txt 30.08.2005 00:11 97.679 system32.txt 29.08.2005 22:37 805.306.368 pagefile.sys 29.08.2005 22:29 1.526 smitfiles.txt 29.08.2005 18:09 488 hpfr5550.xml |
|
|
||
30.08.2005, 01:32
Ehrenmitglied
Beiträge: 29434 |
#44
Hallo@boris77
•KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\spyware.ico C:\WINDOWS\system32\spam.ico C:\WINDOWS\system32\network.ico C:\WINDOWS\system32\pxcpya64.exe C:\WINDOWS\system32\pxwma.dll C:\WINDOWS\system32\pxsfs.dll C:\WINDOWS\system32\pxinsi64.exe C:\WINDOWS\system32\pxinsa64.exe C:\WINDOWS\system32\pxhpinst.exe C:\WINDOWS\system32\pxcpyi64.exe PC neustarten #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein poste dann auch das neue Log vom HijackTHis + escan , bitte abarbeiten und alles posten + das neue Log vom HijackThis http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.08.2005, 01:57
Member
Beiträge: 20 |
#45
So - der escan ist inzwischen endlich fertig - und komme dann zu dem, was Du "eben" gepostet hast...
Hier das escan-Ergebnis: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Tue Aug 30 00:29:08 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 2: Tue Aug 30 00:29:08 2005 => System found infected with BDHelper Spyware/Adware ({ce7c3ce2-4b15-11d1-abed-709549c10000})! Action taken: No Action Taken. 3: Tue Aug 30 00:29:11 2005 => System found infected with Infotel srl Spyware/Adware ({ffff0003-0001-101a-a3c9-08002b2f49fb})! Action taken: No Action Taken. 4: Tue Aug 30 00:30:29 2005 => Offending file found: C:\WINDOWS\uninstall.ini 5: Tue Aug 30 00:30:29 2005 => System found infected with WhistleSoftware Spyware/Adware (uninstall.ini)! Action taken: No Action Taken. 6: Tue Aug 30 00:31:35 2005 => File C:\WINDOWS\System32\checkIn.dll infected by "Trojan.Win32.Dialer.ks" Virus! Action Taken: No Action Taken. 7: Tue Aug 30 01:07:38 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 8: Tue Aug 30 01:07:39 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\LOAD[1].HTM.VIR [**] 9: Tue Aug 30 01:25:55 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077033.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 10: Tue Aug 30 01:25:55 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077034.exe infected by "Trojan.Win32.Puper.au" Virus! Action Taken: No Action Taken. 11: Tue Aug 30 01:25:56 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077049.exe infected by "Trojan.Win32.Zapchast" Virus! Action Taken: No Action Taken. 12: Tue Aug 30 01:25:56 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077050.exe infected by "Trojan-Downloader.Win32.Small.air" Virus! Action Taken: No Action Taken. 13: Tue Aug 30 01:25:56 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077051.exe infected by "Trojan.Win32.Zapchast" Virus! Action Taken: No Action Taken. 14: Tue Aug 30 01:25:56 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077057.exe infected by "Trojan.Win32.Puper.au" Virus! Action Taken: No Action Taken. 15: Tue Aug 30 01:25:56 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077058.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 16: Tue Aug 30 01:26:02 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077137.exe infected by "Trojan-Downloader.Win32.Small.bct" Virus! Action Taken: No Action Taken. 17: Tue Aug 30 01:26:02 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077138.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 18: Tue Aug 30 01:26:02 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077139.exe infected by "Trojan.Win32.Puper.au" Virus! Action Taken: No Action Taken. 19: Tue Aug 30 01:26:02 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077144.exe infected by "Trojan.Win32.Puper.au" Virus! Action Taken: No Action Taken. 20: Tue Aug 30 01:26:02 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077155.exe infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 21: Tue Aug 30 01:26:09 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077211.dll infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken. 22: Tue Aug 30 01:26:09 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077227.dll infected by "Trojan-Downloader.Win32.Delf.lh" Virus! Action Taken: No Action Taken. 23: Tue Aug 30 01:26:10 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077233.exe infected by "Trojan.Win32.Puper.au" Virus! Action Taken: No Action Taken. 24: Tue Aug 30 01:26:51 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078057.exe infected by "Trojan.Win32.Puper.au" Virus! Action Taken: No Action Taken. 25: Tue Aug 30 01:26:52 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078071.old infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken. 26: Tue Aug 30 01:26:53 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078117.hta infected by "Trojan.VBS.StartPage.x" Virus! Action Taken: No Action Taken. 27: Tue Aug 30 01:26:53 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078118.EXE infected by "Trojan.Win32.StartPage.yn" Virus! Action Taken: No Action Taken. 28: Tue Aug 30 01:26:53 2005 => File C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078119.EXE infected by "Trojan.Win32.StartPage.yn" Virus! Action Taken: No Action Taken. 29: Tue Aug 30 01:34:52 2005 => File C:\WINDOWS\system32\checkIn.dll infected by "Trojan.Win32.Dialer.ks" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Tue Aug 30 00:27:50 2005 => ERROR!!! Invalid Entry {B212D577-05B7-4963-911E-4A8588160DFA} = C:\WINDOWS\q710406_disk.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler). No Action Taken. 2: Tue Aug 30 00:29:00 2005 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\Boris\LOKALE~1\Temp\iMSPCLOj.sys in SYSTEM\CurrentControlSet\Services\iMSPCLOj... 3: Tue Aug 30 00:29:02 2005 => ERROR!!! Invalid Entry \??\C:\Programme\NewTech Infosystems\NTI CD-Maker 2000 Standard\NTIDrvr.sys in SYSTEM\CurrentControlSet\Services\NTIDrvr... 4: Tue Aug 30 00:30:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ieloader.dll". Action Taken: No Action Taken. 5: Tue Aug 30 00:30:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\Scanner\hpqgends.tmp". Action Taken: No Action Taken. 6: Tue Aug 30 00:30:48 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxsfs.dll". Action Taken: No Action Taken. 7: Tue Aug 30 00:30:48 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\movgear.exe" refers to invalid object "C:\Programme\GIF Movie Gear\moviegear.exe". Action Taken: No Action Taken. 8: Tue Aug 30 00:30:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\RecordNow\". Action Taken: No Action Taken. 9: Tue Aug 30 00:30:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\RecordNow\Media\". Action Taken: No Action Taken. 10: Tue Aug 30 00:30:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\RecordNow\System\". Action Taken: No Action Taken. 11: Tue Aug 30 00:30:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\RecordNow\Explain\". Action Taken: No Action Taken. 12: Tue Aug 30 00:30:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\RecordNow\". Action Taken: No Action Taken. 13: Tue Aug 30 00:30:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\Installer\{8214CC02-6271-4DC8-B8DD-779933450264}\". Action Taken: No Action Taken. 14: Tue Aug 30 00:30:49 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton AntiVirus\". Action Taken: No Action Taken. 15: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken. 16: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: No Action Taken. 17: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".001". Action Taken: No Action Taken. 18: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".002". Action Taken: No Action Taken. 19: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".abm". Action Taken: No Action Taken. 20: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".av". Action Taken: No Action Taken. 21: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: No Action Taken. 22: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bckp". Action Taken: No Action Taken. 23: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken. 24: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cgi?action=". Action Taken: No Action Taken. 25: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cl3". Action Taken: No Action Taken. 26: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".clb". Action Taken: No Action Taken. 27: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken. 28: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DIG". Action Taken: No Action Taken. 29: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc?Log=1". Action Taken: No Action Taken. 30: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DSC". Action Taken: No Action Taken. 31: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FEC". Action Taken: No Action Taken. 32: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gpk". Action Taken: No Action Taken. 33: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".HDR". Action Taken: No Action Taken. 34: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hzml". Action Taken: No Action Taken. 35: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IE5". Action Taken: No Action Taken. 36: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jnlp". Action Taken: No Action Taken. 37: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jsp". Action Taken: No Action Taken. 38: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MRK". Action Taken: No Action Taken. 39: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".Mtx". Action Taken: No Action Taken. 40: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ovw". Action Taken: No Action Taken. 41: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PDL". Action Taken: No Action Taken. 42: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php3?bname=newslettercontent&parent_id=567&parent_bname=newsletter&genre=All". Action Taken: No Action Taken. 43: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php3?nlid=567&ktext=NEWSLETTER+01+%2F+2005". Action Taken: No Action Taken. 44: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk". Action Taken: No Action Taken. 45: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".qfs". Action Taken: No Action Taken. 46: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken. 47: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken. 48: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".set". Action Taken: No Action Taken. 49: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".simpatia". Action Taken: No Action Taken. 50: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".stb". Action Taken: No Action Taken. 51: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TEM". Action Taken: No Action Taken. 52: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken. 53: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".torrent". Action Taken: No Action Taken. 54: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VIR". Action Taken: No Action Taken. 55: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".viv". Action Taken: No Action Taken. 56: Tue Aug 30 00:30:49 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VOB". Action Taken: No Action Taken. 57: Tue Aug 30 00:30:50 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".yst". Action Taken: No Action Taken. 58: Tue Aug 30 00:30:50 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".~av". Action Taken: No Action Taken. 59: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Adobe Acrobat 5.0". Action Taken: No Action Taken. 60: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Bundesliga Stars 2001". Action Taken: No Action Taken. 61: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Download-Central". Action Taken: No Action Taken. 62: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Football Game". Action Taken: No Action Taken. 63: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken. 64: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken. 65: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken. 66: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken. 67: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken. 68: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NTI CD-Maker 2000 Standard". Action Taken: No Action Taken. 69: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken. 70: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q329256". Action Taken: No Action Taken. 71: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329909". Action Taken: No Action Taken. 72: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q330638". Action Taken: No Action Taken. 73: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331060". Action Taken: No Action Taken. 74: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811789". Action Taken: No Action Taken. 75: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Silent-Bob 1.8". Action Taken: No Action Taken. 76: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Virtua Fighter PC". Action Taken: No Action Taken. 77: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Zak McKracken 2 ". Action Taken: No Action Taken. 78: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoneAlarm". Action Taken: No Action Taken. 79: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0A5B72C1-E598-445C-8EEE-BC7D517922C4}". Action Taken: No Action Taken. 80: Tue Aug 30 00:30:50 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}". Action Taken: No Action Taken. 81: Tue Aug 30 00:30:51 2005 => Entry "HKCR\CLSID\{15DC7116-E58E-4395-A45A-A1C99B17C030}" refers to invalid object "C:\Programme\PSGuard\WndSystem.dll". Action Taken: No Action Taken. 82: Tue Aug 30 00:30:51 2005 => Entry "HKCR\CLSID\{17E02586-A91D-4A9D-A74E-187B05DFFE6F}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 83: Tue Aug 30 00:30:51 2005 => Entry "HKCR\CLSID\{1BD98DFD-2DA9-4C54-85D7-BE03A0F9C487}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 84: Tue Aug 30 00:30:51 2005 => Entry "HKCR\CLSID\{1C94EA51-3800-4F08-B5DC-A5B67823FFEA}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 85: Tue Aug 30 00:30:51 2005 => Entry "HKCR\CLSID\{20D1AF34-6E19-42D8-AF9F-BDFBE45C2454}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 86: Tue Aug 30 00:30:51 2005 => Entry "HKCR\CLSID\{21E132C9-1F98-4151-BDAD-7D9B49C60A8E}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 87: Tue Aug 30 00:30:51 2005 => Entry "HKCR\CLSID\{23F7AD29-F51A-4BA1-BE70-143B1CB25BD1}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 88: Tue Aug 30 00:30:52 2005 => Entry "HKCR\CLSID\{2C59D5EC-6B91-4896-BD6F-5F121D87A7F8}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 89: Tue Aug 30 00:30:52 2005 => Entry "HKCR\CLSID\{2F34E0E0-F0BB-477F-AFB8-509262FA0AD1}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 90: Tue Aug 30 00:30:52 2005 => Entry "HKCR\CLSID\{35ED274E-3F42-4A78-BBDC-3B7D73E85578}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 91: Tue Aug 30 00:30:52 2005 => Entry "HKCR\CLSID\{3D74D140-F780-4AE3-8D6D-F8DC39107213}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 92: Tue Aug 30 00:30:53 2005 => Entry "HKCR\CLSID\{49443D6E-CE4E-47A9-8DEB-F5774CE14984}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 93: Tue Aug 30 00:30:53 2005 => Entry "HKCR\CLSID\{52034AD2-914C-4634-B375-9299631E5525}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 94: Tue Aug 30 00:30:54 2005 => Entry "HKCR\CLSID\{7702C521-76AE-42C0-A181-3B5A96C2EEF7}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 95: Tue Aug 30 00:30:54 2005 => Entry "HKCR\CLSID\{7ADDA344-1D36-4446-9F4B-B2351FB19EFD}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 96: Tue Aug 30 00:30:54 2005 => Entry "HKCR\CLSID\{7D98221E-AF8F-4D29-8BB1-1DFABC288173}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 97: Tue Aug 30 00:30:54 2005 => Entry "HKCR\CLSID\{7E752AAA-5A32-40AD-B150-4A2E85768E4D}" refers to invalid object "F:\BIN\WIN32\omgdwrap.dll". Action Taken: No Action Taken. 98: Tue Aug 30 00:30:55 2005 => Entry "HKCR\CLSID\{9746B450-6064-4EC8-9480-72A289AA2237}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 99: Tue Aug 30 00:30:56 2005 => Entry "HKCR\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}" refers to invalid object "C:\WINDOWS\q710406_disk.dll". Action Taken: No Action Taken. 100: Tue Aug 30 00:30:56 2005 => Entry "HKCR\CLSID\{C5A40FCE-0A0F-40CA-985E-661C28B5B431}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 101: Tue Aug 30 00:30:57 2005 => Entry "HKCR\CLSID\{C7F22879-7151-4C71-8C50-9557AFDA66C6}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 102: Tue Aug 30 00:30:57 2005 => Entry "HKCR\CLSID\{CA5E7959-60B5-47B7-80AC-1606309733F3}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 103: Tue Aug 30 00:30:57 2005 => Entry "HKCR\CLSID\{CEABF027-6CDC-4D47-ADF6-AC5D065826A6}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken. 104: Tue Aug 30 00:30:57 2005 => Entry "HKCR\CLSID\{D95DEB2F-4A47-467C-A78B-5D3038D089D5}" refers to invalid object "F:\BIN\WIN32\omgdbp.ocx". Action Taken: No Action Taken. 105: Tue Aug 30 00:30:57 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken. 106: Tue Aug 30 00:30:57 2005 => Entry "HKCR\CLSID\{E0AA0493-C410-4CBD-B1DB-1723374FA8E0}" refers to invalid object "C:\Programme\PSGuard\WndSystem.dll". Action Taken: No Action Taken. 107: Tue Aug 30 00:30:57 2005 => Entry "HKCR\CLSID\{E5D78BD8-3874-4AA0-9D45-CFB79382C484}" refers to invalid object "C:\Programme\PSGuard\WndSystem.dll". Action Taken: No Action Taken. 108: Tue Aug 30 00:30:58 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken. 109: Tue Aug 30 00:30:58 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "F:\player\WMMP.EXE". Action Taken: No Action Taken. 110: Tue Aug 30 00:30:59 2005 => Entry "HKCR\TypeLib\{02BA2DB5-3BFE-4863-B539-4F80312D5230}" refers to invalid object "C:\DOKUME~1\Boris\LOKALE~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken. 111: Tue Aug 30 00:30:59 2005 => Entry "HKCR\TypeLib\{982392F9-9C65-48B4-B667-3459C46630D1}" refers to invalid object "C:\Programme\PSGuard\WndSystem.dll". Action Taken: No Action Taken. 112: Tue Aug 30 00:31:00 2005 => Entry "HKCR\TypeLib\{F9DA8852-CD01-4259-8D99-731CD0EA09BF}" refers to invalid object "C:\DOKUME~1\Boris\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. 113: Tue Aug 30 00:31:00 2005 => Entry "HKCR\.cmo" refers to invalid object "VirtoolsComposition". Action Taken: No Action Taken. 114: Tue Aug 30 00:31:00 2005 => Entry "HKCR\.MVB\shell\open\command" refers to invalid object "MVIEWER2.EXE %1". Action Taken: No Action Taken. 115: Tue Aug 30 00:31:01 2005 => Entry "HKCR\.xlc\shell\open\command" refers to invalid object "C:\MSOFFICE\EXCEL\excel.exe %1". Action Taken: No Action Taken. 116: Tue Aug 30 00:31:01 2005 => Entry "HKCR\.xls\shell\open\command" refers to invalid object "C:\MSOFFICE\EXCEL\excel.exe %1". Action Taken: No Action Taken. 117: Tue Aug 30 00:31:01 2005 => Entry "HKCR\.xlt\shell\open\command" refers to invalid object "C:\MSOFFICE\EXCEL\excel.exe %1". Action Taken: No Action Taken. 118: Tue Aug 30 00:31:04 2005 => Entry "HKCR\HP" refers to invalid object "{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}". Action Taken: No Action Taken. 119: Tue Aug 30 00:31:04 2005 => Entry "HKCR\HP.1" refers to invalid object "{a4f5768a-9fc4-40d6-95a6-315ac1bd220e}". Action Taken: No Action Taken. 120: Tue Aug 30 00:31:05 2005 => Entry "HKCR\IEHlprObj.IEHlprObj.1" refers to invalid object "{CE7C3CF0-4B15-11D1-ABED-709549C10000}". Action Taken: No Action Taken. -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\WINDOWS\System32\checkIn.dll => Trojan.Win32.Dialer.ks 2: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077033.exe => Trojan.Win32.Small.ev 3: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077034.exe => Trojan.Win32.Puper.au 4: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077049.exe => Trojan.Win32.Zapchast 5: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077050.exe => Trojan-Downloader.Win32.Small.air 6: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077051.exe => Trojan.Win32.Zapchast 7: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077057.exe => Trojan.Win32.Puper.au 8: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP205\A0077058.exe => Trojan.Win32.Small.ev 9: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077137.exe => Trojan-Downloader.Win32.Small.bct 10: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077138.exe => Trojan.Win32.Small.ev 11: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077139.exe => Trojan.Win32.Puper.au 12: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077144.exe => Trojan.Win32.Puper.au 13: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077155.exe => Trojan.Win32.Small.ev 14: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077211.dll => Trojan.Win32.Small.ev 15: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077227.dll => Trojan-Downloader.Win32.Delf.lh 16: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0077233.exe => Trojan.Win32.Puper.au 17: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078057.exe => Trojan.Win32.Puper.au 18: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078071.old => Virus.Win32.Nsag.b 19: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078117.hta => Trojan.VBS.StartPage.x 20: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078118.EXE => Trojan.Win32.StartPage.yn 21: C:\System Volume Information\_restore{68E377ED-413B-49AD-A74A-A4931EA59283}\RP206\A0078119.EXE => Trojan.Win32.StartPage.yn 22: C:\WINDOWS\system32\checkIn.dll => Trojan.Win32.Dialer.ks -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Tue Aug 30 01:45:38 2005 => Total Objects Scanned: 143477 Tue Aug 30 01:45:38 2005 => Total Virus(es) Found: 26 Tue Aug 30 01:45:39 2005 => Total Errors: 120 Tue Aug 30 01:45:39 2005 => Virus Database Date: 2005/08/30 Tue Aug 30 01:45:39 2005 => Virus Database Count: 146178 AUSSERDEM: HIJACKTHIS-Logfile - nach dem KillBox-Anwendung Logfile of HijackThis v1.99.1 Scan saved at 02:05:33, on 30.08.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\HP\KBD\KBD.EXE C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Dit.exe C:\Programme\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\DitExp.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe C:\Programme\0900 Alarm\0900Alarm.exe C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\ArcorOnline\Arcor.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\SICHERHEIT\hijackthis_199_1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/content/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\SICHERHEIT\Trojancheck 6\tcguard.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2002-2003\UIWatcher.exe O4 - HKCU\..\Run: [0900 Alarm] C:\Programme\0900 Alarm\0900Alarm.exe O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a O4 - Startup: 0900Alarm.exe.lnk = C:\Programme\0900 Alarm\0900Alarm.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: Browser-Anpassung für Outpost Firewall - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra button: Connector - {FFB51760-344E-4FFB-BFFF-4B18C7AC1D63} - C:\WINDOWS\System32\Winx\SRS.EXE (file missing) O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU) O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.a99b.com/videochat.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{CCE5CFD3-FCE5-48BD-90CA-D7C26A44ACE5}: NameServer = 195.50.140.252 145.253.2.75 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Dieser Beitrag wurde am 30.08.2005 um 02:07 Uhr von boris77 editiert.
|
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 21:54:06, on 03.01.2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\Prismsta.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Mousometer\mousometer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Basti\LOKALE~1\Temp\Rar$EX10.672\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Prism_Utility] Prismsta.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "d:\lalalala\steam.exe" -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Mousometer.lnk = C:\Programme\Mousometer\mousometer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
dieses Silentrunners hat auch funktioniert ... heir das Log:
"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Mozilla Quick Launch" = ""C:\Programme\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"STYLEXP" = "C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide" [file not found]
"Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Steam" = ""d:\lalalala\steam.exe" -silent" ["Valve Corporation"]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"Dit" = "Dit.exe" ["ICSI Technology Ltd."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"CHotkey" = "mHotkey.exe" ["Chicony"]
"ledpointer" = "CNYHKey.exe" ["Chicony"]
"Prism_Utility" = "Prismsta.exe" ["Intersil Americas Inc."]
"PCMService" = ""C:\Programme\Home Cinema\PowerCinema\PCMService.exe"" [empty string]
"Microsoft Works Update Detection" = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"mmtask" = "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" ["TODO: <Company name>"]
"AVGCtrl" = "C:\Programme\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"msnappau" = ""C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" [file not found]
"{15362FA5-C983-41ed-B7AC-5B9BEAF56929}" = "AOL"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\aolshare\shell\de\shellext.dll" ["America Online, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshellext.dll" ["RealNetworks"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Enabled Active Desktop and Wallpaper:
-------------------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Basti\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Startup items in "Basti" & "All Users" startup folders:
-------------------------------------------------------
C:\Dokumente und Einstellungen\Basti\Startmenü\Programme\Autostart
"Mousometer" -> shortcut to: "C:\Programme\Mousometer\mousometer.exe" [null data]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {CLSID}\(Default) = "MSN"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll" [MS]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {CLSID}\(Default) = "ICQ Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {CLSID}\(Default) = "MSN"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll" [MS]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {CLSID}\(Default) = "ICQ Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\
-> {CLSID}\(Default) = "Real.com"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, "C:\Programme\AVPersonal\AVGUARD.EXE" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ereignisprotokoll-Überwachung, LogWatch, "C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe" ["Computer Associates"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
Ich hab da noch ein Problem, nach diesem sp.html neustart ging mein internetexplorer nich mehr, ich habe zum glück noch Netscape ... hab ich was flasch gemacht? ... wer auch immer das geamcht hat böse, böse ...
Vielen Dank für die nette hilfe,
Basti