Home » Spyware & Browser Hijacker Support Forum » Startseite regfreeze Virus tool2.exe §Your computer is infected" » Themenansicht
Startseite regfreeze Virus tool2.exe §Your computer is infected" |
||
|---|---|---|
| #0
| ||
|
07.11.2005, 22:35
Member
Beiträge: 60 |
||
 
|
|
|
|
08.11.2005, 01:04
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo@
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deluxe-se.com/pr/remove_<a href='http://www.regfreeze.net/?cashdeluxe'>spyware</a>/1/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O2 - BHO: sxpdr32.MyBHO - {5D0F16E6-47DF-11DA-8802-00024493948B} - C:\WINDOWS\system32\sxpdr32.dll O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - Startup: RegFreeze.lnk = C:\Programme\RegFreeze\regfreeze.exe O9 - Extra button: Search and Remove <a href='http://www.regfreeze.net/?cashdeluxe'>spyware</a> - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Programme\RegFreeze\rfsearchhandler.dll O9 - Extra 'Tools' menuitem: Search and Remove <a href='http://www.regfreeze.net/?cashdeluxe'>spyware</a> - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Programme\RegFreeze\rfsearchhandler.dll O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab ist das deine Domain ??? wenn ja..lass, wenn nicht--> fixen O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\Software\..\Telephony: DomainName = office.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.local O20 - Winlogon Notify: st3i - C:\WINDOWS\q6227314.dll PC neustarten CCleaner lösche alle temp-Dateien http://virus-protect.org/temp.html kopiere die 4 logs hier http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.11.2005, 10:04
Member
Themenstarter Beiträge: 60 |
#3
Ok, hab bis zum letzten Punkt alles gemacht. Der letzte sagt wohl aus, dass du hier die 4 log-dateien gepostet haben möchteset, oder nicht?!
HIer sind sie: Datentr„ger in Laufwerk C: ist C Volumeseriennummer: B870-CB17 Verzeichnis von C:\WINDOWS\system32 08.11.2005 09:52 311.938 perfh009.dat 08.11.2005 09:52 40.326 perfc009.dat 08.11.2005 09:52 48.552 perfc007.dat 08.11.2005 09:52 317.168 perfh007.dat 08.11.2005 09:52 723.744 PerfStringBackup.INI 08.11.2005 09:43 6 its.txt 08.11.2005 09:41 2 iap386.enh 08.11.2005 00:01 8 luwin32.dat 08.11.2005 00:01 619 uold.ini 08.11.2005 00:01 619 sxrun32.ini 08.11.2005 00:01 1.486 wlo32.bin 08.11.2005 00:01 1.386 wlo32.ini 07.11.2005 10:21 13.646 wpa.dbl 05.11.2005 21:53 772 winword32.bin 05.11.2005 21:53 698 winword32.ini 05.11.2005 21:53 82.432 um.tmp 05.11.2005 21:53 3.937 loadadv411.exe 05.11.2005 21:53 21.504 intxt.exe 05.11.2005 21:53 67.278 mp3_plugin.exe 05.11.2005 21:45 82.432 sxpdr32.dll 05.11.2005 21:45 3.937 cadds32.exe 05.11.2005 21:45 8 cuid32.bin 05.11.2005 21:45 22.400 temploader.exe 20.10.2005 09:55 227.208 FNTCACHE.DAT 01.10.2005 23:14 1.682 KGyGaAvL.sys 05.09.2005 16:44 0 CanadaUtilEuro.log 10.08.2005 15:30 176.167 rmoc3260.dll 10.08.2005 15:30 5.632 pndx5032.dll 10.08.2005 15:30 6.656 pndx5016.dll 10.08.2005 15:30 278.528 pncrt.dll 10.08.2005 15:25 1.140 qtplugin.log 09.08.2005 18:16 56 545A8CF734.sys Datentr„ger in Laufwerk C: ist C Volumeseriennummer: B870-CB17 Verzeichnis von C:\DOKUME~1\Drago\LOKALE~1\Temp Datentr„ger in Laufwerk C: ist C Volumeseriennummer: B870-CB17 Verzeichnis von C:\WINDOWS 08.11.2005 09:48 2.048 bootstat.dat 08.11.2005 00:23 192 winamp.ini 07.11.2005 22:23 839 Tobit.ini 07.11.2005 17:42 227 system.ini 07.11.2005 17:42 827 win.ini 07.11.2005 10:57 69 NeroDigital.ini 05.11.2005 21:46 2.033 hosts 05.11.2005 21:46 1.999 desktop.html 05.11.2005 21:45 13.824 q6227314.dll 05.11.2005 21:45 28.672 dvpd.dll 05.11.2005 21:45 28.160 tool2.exe 05.11.2005 21:45 57.485 kl.exe 05.11.2005 21:45 0 uniq 03.11.2005 15:22 1.051 CAF.INI 03.11.2005 12:37 9.692 VFRAME32.INI 03.11.2005 11:48 36 VFORTSCH.INI 03.11.2005 11:48 600 VPMS.INI 25.10.2005 19:44 116 ConverterCore.INI 24.10.2005 11:01 10.866 ModemLog_Smart Link 56K Modem.txt 10.10.2005 22:07 156 gugel-pos.INI 10.10.2005 22:06 192 cangoorank.INI 07.10.2005 16:48 479.232 Setup1.exe 07.10.2005 16:47 74.752 ST6UNST.EXE 07.10.2005 15:51 3 VMAPO.DAT 07.10.2005 15:48 518 DOCS.INI 07.10.2005 14:57 1.615 ODBC.INI 07.10.2005 14:57 4.161 ODBCINST.INI 06.10.2005 11:29 73 EurekaLog.ini 05.10.2005 12:29 45.056 NCUNINST.EXE 04.10.2005 20:27 316.640 WMSysPr9.prx 29.09.2005 21:11 394 capture.ini 29.09.2005 21:10 220 musicmaker.INI 24.09.2005 22:49 367 sampler.INI 24.09.2005 22:49 28 robota.INI 24.09.2005 22:49 375 BeatBox.INI 23.09.2005 12:23 24 magix.ini 25.08.2005 10:00 69.632 CSUninst.exe Datentr„ger in Laufwerk C: ist C Volumeseriennummer: B870-CB17 Verzeichnis von C:\ 08.11.2005 10:05 0 sys.txt 08.11.2005 10:05 6.483 system.txt 08.11.2005 10:05 121 systemtemp.txt 08.11.2005 10:05 107.504 system32.txt 08.11.2005 09:48 805.306.368 pagefile.sys 07.11.2005 17:42 211 boot.ini 05.11.2005 21:45 3.051 secure32.html 05.11.2005 21:45 28.160 winstall.exe 03.11.2005 15:09 6.899 cltest.txt 03.11.2005 03:08 5.238 data 04.10.2005 00:58 708 os848618.bin 28.07.2005 11:52 3 TCPCheckResult.txt 20.07.2005 11:44 17.188 mmxmlparserprotokoll.txt 20.07.2005 11:44 3.792 mmisscriptprotokoll.txt 18.07.2005 22:41 0 MSDOS.SYS 18.07.2005 22:41 0 IO.SYS 18.07.2005 22:41 0 CONFIG.SYS 18.07.2005 22:41 0 AUTOEXEC.BAT 18.07.2005 22:41 0 __IS6__.tmp 04.08.2004 13:00 4.952 bootfont.bin 04.08.2004 13:00 251.184 ntldr 04.08.2004 13:00 47.564 NTDETECT.COM 22 Datei(en) 805.789.426 Bytes 0 Verzeichnis(se), 793.497.600 Bytes frei Wenn es nicht richtig war bitte um Antwort, ansonsten vielen dank für eine schnelle hilfe im voraus |
|
|
|
|
|
|
08.11.2005, 11:15
Ehrenmitglied
Beiträge: 29434 |
#4
KILLBOX
http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\its.txt C:\WINDOWS\system32\iap386.enh C:\WINDOWS\system32\luwin32.dat C:\WINDOWS\system32\uold.ini C:\WINDOWS\system32\sxrun32.ini C:\WINDOWS\system32\sxpdr32.dll C:\WINDOWS\system32\wlo32.bin C:\WINDOWS\system32\wlo32.ini C:\WINDOWS\system32\winword32.bin C:\WINDOWS\system32\winword32.ini C:\WINDOWS\system32\um.tmp C:\WINDOWS\system32\loadadv411.exe C:\WINDOWS\system32\intxt.exe C:\WINDOWS\system32\mp3_plugin.exe C:\WINDOWS\system32\cadds32.exe C:\WINDOWS\system32\cuid32.bin C:\WINDOWS\system32\temploader.exe C:\WINDOWS\system32\CanadaUtilEuro.log C:\WINDOWS\hosts C:\WINDOWS\desktop.html C:\WINDOWS\q6227314.dll C:\WINDOWS\dvpd.dll C:\WINDOWS\tool2.exe C:\WINDOWS\kl.exe C:\WINDOWS\system32\paytime.exe C:\WINDOWS\system32\tibs.exe C:\WINDOWS\system32\countrydial.exe C:\WINDOWS\uniq C:\secure32.html C:\winstall.exe C:\WINDOWS\CSUninst.exe PC neustarten Killbox: DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Program Files\Media Gateway C:\Programme\RegFreeze Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. poste das Log vom Silentrunner (erst spaeter beginne ich mit den Virenscans....) http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.11.2005, 15:24
Member
Themenstarter Beiträge: 60 |
#5
Hier ist die gewünschte Log:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [file not found] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "P:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AVGCtrl" = ""C:\Programme\AntiVir\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] "DAEMON Tools-1033" = ""C:\Programme\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "CorelDRAW Graphics Suite 11b" = "P:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=111005 serial=DR12WTX-9999998-YSP lang=DE" ["Corel Corporation"] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."] "PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "ICQ Lite" = "P:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {259F616C-A300-44F5-B04A-ED001A26C85C}\(Default) = "Solid Converter PDF" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = "IeCatch2 Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{fc181130-05a0-11d6-8140-000102e745a6}" = "Mein P900" -> {CLSID}\InProcServer32\(Default) = "P:\Programme\Sony Ericsson\Mobile\auexpext.dll" ["Teleca Software Solutions AB"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "P:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "P:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {CLSID}\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AntiVir\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "P:\Programme\ICQLite\ICQLiteShell.dll" [empty string] SolidConverterPDF\(Default) = "{259F616C-A300-44F5-B04A-ED001A26C85C}" -> {CLSID}\InProcServer32\(Default) = "P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "P:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AntiVir\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] SolidConverterPDF\(Default) = "{259F616C-A300-44F5-B04A-ED001A26C85C}" -> {CLSID}\InProcServer32\(Default) = "P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Drago\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Startup items in "Drago" & "All Users" startup folders: ------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Telefonverbindungsmonitor" -> shortcut to: "P:\Programme\Sony Ericsson\Mobile\audevicemgr.exe" ["Teleca Software Solutions AB"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] "{259F616C-A300-44F5-B04A-ED001A26C85C}" = "Solid Converter PDF" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll" ["VoyagerSoft, LLC"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {92848C13-5482-49CB-B31C-CA8D74EFF508}\ "ButtonText" = "Magic Nettrace" "MenuText" = "&Magic Nettrace" "Exec" = "C:\Programme\Magic NetTrace\MTIE.exe" ["TialSoft software"] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "P:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\PROGRAMME\ANTIVIR\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AntiVir\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] DvISE Replica, DavidReplica, "O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE" ["Tobit Software"] DvISE Service Layer, DavidServiceLayer, "O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE" ["Tobit Software"] ewido security suite control, ewido security suite control, "C:\Programme\ewido\security suite\ewidoctrl.exe" ["ewido networks"] SmartLinkService, SLService, "slserv.exe" [" "] VNC Server Version 4, WinVNC4, ""C:\Programme\RealVNC\WinVNC4.exe" -service" ["RealVNC Ltd."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ FaxWare Monitor\Driver = "faxwarmo.dll" ["Tobit Software"] PDF-XChange\Driver = "pxc25pm.dll" ["Tracker Software"] Tobit Color Monitor\Driver = "IMGMSGMO.dll" [null data] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 35 seconds, including 18 seconds for message boxes) Vielen Dank schon mal Dieser Beitrag wurde am 08.11.2005 um 15:49 Uhr von dr.ago editiert.
|
|
|
|
|
|
|
08.11.2005, 16:21
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@
http://virus-protect.org/onlinescan.html scanne mit Panda und poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.11.2005, 17:07
Member
Themenstarter Beiträge: 60 |
#7
Hallo
hier die neue log Incident Status Location Adware:Adware/CashDeluxe No disinfected C:\!KillBox\intxt.exe Adware:Adware/CashDeluxe No disinfected C:\!KillBox\loadadv411.exe Adware:Adware/CashDeluxe No disinfected C:\!KillBox\um.tmp Virus:Trj/Mitglieder.FO Disinfected O:\Programme\Tobit InfoCenter\David\Archive\USER\10004000\in\IB85C813.$01[5.exe] Virus:Bck/Sub7.20.b Disinfected O:\Programme\Tobit InfoCenter\David\Archive\USER\10004000\out\I57F16BE.$01[server.exe] Adware:Adware/Ucmore No disinfected P:\Downloads\Solid Converter PDF\Solid_Converter_PDF_v2.2.158_Cracked_by_BAKA.zip[crack.exe] danke |
|
|
|
|
|
|
08.11.2005, 18:07
Ehrenmitglied
Beiträge: 29434 |
#8
loesche:
C:\!KillBox Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.11.2005, 19:19
Member
Themenstarter Beiträge: 60 |
#9
Hier der Report von Counterspy:
Spyware Scan Details Start Date: 08.11.2005 18:27:43 End Date: 08.11.2005 19:14:46 Total Time: 47 mins 3 secs Detected spyware Cydoor Adware more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Deleted Infected files detected c:\windows\system32\adcache\b_434_0_0_445800.htm c:\windows\system32\adcache\b_434_0_0_445900.htm c:\windows\system32\adcache\b_434_0_0_446000.htm c:\windows\system32\adcache\b_434_1_0_448500.htm c:\windows\system32\adcache\b_434_1_0_448600.htm c:\windows\system32\adcache\b_434_1_0_453800.htm c:\windows\system32\adcache\b_434_2_0_814200.htm c:\windows\system32\adcache\b_434_2_0_815600.htm c:\windows\system32\adcache\b_434_2_0_815900.htm RealVNC Commercial Remote Control more information... Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet. Status: Ignored Infected files detected c:\programme\realvnc\logmessages.dll c:\programme\realvnc\unins000.dat c:\programme\realvnc\unins000.exe c:\programme\realvnc\vncconfig.exe c:\programme\realvnc\vncviewer.exe c:\programme\realvnc\winvnc4.exe c:\programme\realvnc\wm_hooks.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Enum 0 Root\LEGACY_WINVNC4\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 Type 272 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 Start 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 ErrorControl 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 ImagePath "C:\Programme\RealVNC\WinVNC4.exe" -service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 DisplayName VNC Server Version 4 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 ObjectName LocalSystem HKEY_LOCAL_MACHINE\Software\RealVNC HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Password HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SecurityTypes VncAuth HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 ReverseSecurityTypes None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryConnect 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PortNumber 5900 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 IdleTimeout 3600 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 HTTPPortNumber 5800 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 LocalHost 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Hosts +, HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptKeyEvents 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptPointerEvents 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptCutText 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SendCutText 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableLocalInputs 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectClients 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AlwaysShared 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 NeverShared 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectAction None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemoveWallpaper 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemovePattern 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableEffects 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UpdateMethod 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PollConsoleWindows 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseCaptureBlt 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseHooks 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Protocol3.3 0 NetPumper Adware Bundler more information... Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar. Status: Deleted Infected files detected c:\dokumente und einstellungen\drago\anwendungsdaten\netpumper\drago.ini Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro\Firstrun state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro pkid HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro alid msource HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro iid {DCD2FFC6-51E8-4EE8-B0D1-20478F011AF5} HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo sq40joYR85RnffdOEMM2vn9kbrHedhM3UI7p9V7z2+3VlzL+0ySm3cYuR0P+bFVg6pwji0hQcIMEFB QgoIOMQNEkWDaO8G-ETAPVB8aIdekw3mUiJqMPcNUxT01ypBqvBwc7MnKagDG40ftKgHcGKayYvfv1y6lfSQguYnMk++o HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with NetPumper HKEY_CURRENT_USER\Software\NetPumper HKEY_CURRENT_USER\Software\NetPumper\Drago Field1 177543427 HKEY_CURRENT_USER\Software\NetPumper\Drago Field2 221530856 HKEY_CURRENT_USER\Software\NetPumper\Drago Field3 827823594 HKEY_CURRENT_USER\Software\NetPumper\Drago Field4 1948088207 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage WindUpdates.MediaAccess Adware more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32 C:\PROGRA~2\MEDIAG~1\MEDIAG~1.EXE HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID MediaGateway.Installer HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib {15696AE2-6EA4-47F4-BEA6-A3D32693EFC7} HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID MediaGateway.Installer HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} Installer Class HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} AppID {735C5A0C-F79F-47A1-8CA1-2A2E482662A8} HKEY_LOCAL_MACHINE\Software\Media Gateway HKEY_LOCAL_MACHINE\Software\Media Gateway zuk 0 HKEY_LOCAL_MACHINE\Software\Media Gateway param 6c026d1f699f6d3d5aa37c14d63a05bb83787a7f97bf32086dae64eab8fb1316a2 4a50c9eec9f7f9c8b3:373738303866666530366466663634346636663338323637313 2356662363762:msie:6:0:win:winxp:sp2:flash HKEY_LOCAL_MACHINE\Software\Media Gateway SetupCompleteURL 3F1DC0FA1778F9AEF1859914E6A43CF9514CB9536F9700EC4A38BFF1D6E27C77F076 3E7FB925703B6C259E86ED953F17C97A805245C8EE25B8D0D7C8B7B159A7DF8A037B5F61F9F6F6 HKEY_LOCAL_MACHINE\Software\Media Gateway SetupCompleteTimeout 1129493950 HKEY_LOCAL_MACHINE\Software\Media Gateway LastUpdate 1131355022 HKEY_LOCAL_MACHINE\Software\Media Gateway reqcount 42 HKEY_LOCAL_MACHINE\Software\Media Gateway track 0 HKEY_LOCAL_MACHINE\Software\Media Gateway DownloadPath \temp HKEY_LOCAL_MACHINE\Software\Media Gateway Language en HKEY_LOCAL_MACHINE\Software\Media Gateway SoftwareTable 436D8EB9402BABFFB0F49002FEB138DB7435F775768219FC3D53D89F85C8593AAF6A613F9D 4E3B550F03A095DD9F2F078716D10107FBED24A98BF4AACAD509D09CCB44560E23 BFC4902026DA7EF75BEFE944E5E8BF67D3C6D3748BBA90709B707A177B HKEY_LOCAL_MACHINE\Software\Media Gateway Request 436C84AE4139B9F9EBADFB69AE8467A41F51F50A61D746F45468B7A080B87B32FC6B3925B56B 366F663B9DCDA8C32A528C4781051B8FBA77AD829F99F4BE53B1CB9212131E23B69E E72A32D632AF14ECE65A81EC E43DC187827BDE9C9A66CC62737C48574395 HKEY_CLASSES_ROOT\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9} HKEY_CLASSES_ROOT\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib {15696AE2-6EA4-47F4-BEA6-A3D32693EFC7} HKEY_CLASSES_ROOT\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9} IInstaller HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib {15696AE2-6EA4-47F4-BEA6-A3D32693EFC7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9} IInstaller WinAD Adware more information... Details: WinAd open pop-up windows, displaying german language content. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} HKEY_CLASSES_ROOT\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} MediaGateway HKEY_CLASSES_ROOT\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} HKEY_CLASSES_ROOT\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\1.0\0\win32 C:\Program Files\Media Gateway\MediaGateway.exe HKEY_CLASSES_ROOT\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\1.0\HELPDIR C:\Program Files\Media Gateway\ HKEY_CLASSES_ROOT\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\1.0 LoaderX 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} HKEY_LOCAL_MACHINE\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} MediaGateway HKEY_LOCAL_MACHINE\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} HKEY_LOCAL_MACHINE\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\1.0\0\win32 C:\Program Files\Media Gateway\MediaGateway.exe HKEY_LOCAL_MACHINE\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\1.0\HELPDIR C:\Program Files\Media Gateway\ HKEY_LOCAL_MACHINE\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\1.0 LoaderX 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MediaGateway.EXE AppID {735C5A0C-F79F-47A1-8CA1-2A2E482662A8} HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway DownloadPath \temp HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway Language en Zango Search Assistant Adware more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats \{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Count 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Time WindUpdates.MediaGateway Adware more information... Details: WindUpdates is responsible for downloading adware. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\MediaGatewayX.Installer HKEY_CLASSES_ROOT\MediaGatewayX.Installer\CLSID {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} HKEY_CLASSES_ROOT\MediaGatewayX.Installer MediaGatewayX.Installer HKEY_CLASSES_ROOT\MediaGateway.Installer HKEY_CLASSES_ROOT\MediaGateway.Installer\CLSID {1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} HKEY_CLASSES_ROOT\MediaGateway.Installer\CurVer MediaGateway.Installer HKEY_CLASSES_ROOT\MediaGateway.Installer Installer Class HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Gateway HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Gateway UninstallString C:\Program Files\Media Gateway\MediaGateway.exe /Remove HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Gateway DisplayName Media Gateway HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll .Owner {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} HKEY_CLASSES_ROOT\AppID\MediaGateway.EXE HKEY_CLASSES_ROOT\AppID\MediaGateway.EXE AppID {735C5A0C-F79F-47A1-8CA1-2A2E482662A8} HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} rsp A0B3F69B28E73F1E781CB0EEB7D8C9FECE22BDF6 Grokster P2P more information... Details: Free version installs adware and spyware including GAIN, CyDoor, My Search, WebRebates, and Relivant Knowledge. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\magnet HKEY_CLASSES_ROOT\magnet\DefaultIcon "P:\Programme\Morpheus\Morpheus.exe" HKEY_CLASSES_ROOT\magnet\shell\open\command "P:\Programme\Morpheus\Morpheus.exe" "%1" HKEY_CLASSES_ROOT\magnet URL: Morpheus Protocol HKEY_CLASSES_ROOT\magnet URL Protocol Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\drago\cookies\drago@ad.yieldmanager[1].txt Claria.DashBar Cookie Cookie more information... Details: DashBar cookie is a small text file placed on the user's computer after when visiting the Claria/GAIN DashBar website. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\drago\cookies\drago@belnk[1].txt |
|
|
|
|
|
|
09.11.2005, 00:17
Ehrenmitglied
Beiträge: 29434 |
#10
na, da war ja ganz schoen viel Muell auf dem PC
 passt du nicht auf, wenn du surfst ????? deinstalliere Counterspy und installiere: TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner spysweeper (trial) http://virus-protect.org/spysweeper.html dann poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.11.2005, 00:26
Ehrenmitglied
 Beiträge: 6028 |
#11
@Sabina
Hallo Sabina,kennst du "CleanUp"? http://www.stevengould.org/software/cleanup/ __________ MfG Argus |
|
|
|
|
|
|
09.11.2005, 00:31
Ehrenmitglied
Beiträge: 29434 |
#12
klar, kenne ich das
aber ich hatte gern eine Uebersetzung ins Deutsche, wie man das Tool anwendet, bovor ich es hier "verkaufe"Uebersetzt du es fuer mich und suchst den Original-Link ????? der link scheint auch nicht der richtige zu sein....... installiere CleanUp! CleanUp40.exe http://www.zdnet.de/downloads/prg/i/9/de000NI9-wc.html Open Cleanup! by double-clicking the icon on your desktop (or from the Start All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (Make sure nothing else is checked!): * Empty Recycle Bins * Delete Cookies * Delete Prefetch files * Cleanup! All Users Click OK Press the CleanUp! button to start the program. It may ask you to reboot at the end, click NO. Open Cleanup! by double-clicking the icon on your desktop (or from the Start All Programs menu). Set the program up as follows: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.11.2005, 00:56
Ehrenmitglied
Beiträge: 6028 |
#13
http://www.stevengould.org/
Da gibt es wenig zum uebersetzen http://putfile.com/pic.php?pic=11/31117551836.jpg&s=x11 __________ MfG Argus |
|
|
|
|
|
|
09.11.2005, 01:10
Ehrenmitglied
Beiträge: 29434 |
#14
es gibt noch eine Originalseite ...hast du die auch ??
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.11.2005, 01:26
Ehrenmitglied
Beiträge: 6028 |
#15
http://putfile.com/pic.php?pic=11/31118221349.jpg&s=x11
Was unter ZDNet steht ist etwas anderes __________ MfG Argus |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hab ein rießen Problem, hab mir scheinbar einen mega virus/wurm eingefangen, denn als startseite gibt mir der IE immer --http://deluxe-se.com/pr/remove_<a href='http://www.regfreeze.net/?cashdeluxe'>spyware</a>/1/index.html--. Hatte irgendwas mit tool2.exe auf dem PC und 2 rote kreise mit dem Hinweis "Your computer is infected" oder so. Ebenfalls hab ich noch ein problem, wenn auf irgend einer Internetseite das Wort "<a href='http://www.regfreeze.net/?cashdeluxe'>spyware</a>" steht, verlinkt dieses zu www.regfreeze.net (das steht in nem gelben HInweisfenster wenn ich mit der maus drauf gehe) Hab hier mal die highjackthis log datei mitgepostet, müsst aber wissen, bin Anfänger.
Bitte helft mir
Vielen Dank Dr.Ago und nun die log datei
Logfile of HijackThis v1.99.1
Scan saved at 22:15:09, on 07.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
C:\Programme\AntiVir\AVWUPSRV.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\Programme\RealVNC\WinVNC4.exe
O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE
C:\Programme\AntiVir\AVGNT.EXE
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE
C:\Program Files\Media Gateway\MediaGateway.exe
P:\Programme\Real\RealPlayer\RealPlay.exe
P:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
p:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
P:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Drago\Desktop\vir\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deluxe-se.com/pr/remove_<a href='http://www.regfreeze.net/?cashdeluxe'>spyware</a>/1/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://vfmmosbach.homeip.net/
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: sxpdr32.MyBHO - {5D0F16E6-47DF-11DA-8802-00024493948B} - C:\WINDOWS\system32\sxpdr32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AntiVir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] P:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=111005 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [ICQ Lite] P:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] P:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: RegFreeze.lnk = C:\Programme\RegFreeze\regfreeze.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Telefonverbindungsmonitor.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Programme\Magic NetTrace\MTIE.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - P:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - P:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Search and Remove <a href='http://www.regfreeze.net/?cashdeluxe'>spyware</a> - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Programme\RegFreeze\rfsearchhandler.dll
O9 - Extra 'Tools' menuitem: Search and Remove <a href='http://www.regfreeze.net/?cashdeluxe'>spyware</a> - {CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Programme\RegFreeze\rfsearchhandler.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121763403038
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.local
O17 - HKLM\Software\..\Telephony: DomainName = office.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.local
O20 - Winlogon Notify: st3i - C:\WINDOWS\q6227314.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AntiVir\AVWUPSRV.EXE
O23 - Service: DvISE Replica (DavidReplica) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE
O23 - Service: DvISE Service Layer (DavidServiceLayer) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\WinVNC4.exe" -service (file missing)