HijackThis klappt nicht |
||
---|---|---|
#0
| ||
24.11.2005, 12:22
Ehrenmitglied
Beiträge: 29434 |
||
|
||
24.11.2005, 20:59
Member
Themenstarter Beiträge: 14 |
#17
Hallo,
habe nun alles erledigt und stelle Dir den Report rein. Habe aber noch eine Frage an Dich, weil Du Dich ja mit dem Pc bestens auskennst. Mein Task Manager funktioniert seid einiger Zeit nicht mehr. Ich kann ihn öffnen aber es ist kein Kreuz zum schließen mehr da. Woran könnte das denn liegen ??? MfG Kerstin Spyware Scan Details Start Date: 24.11.2005 20:10:34 End Date: 24.11.2005 20:40:36 Total Time: 30 mins 2 secs Detected spyware Adw.Afris.Downloader Browser Hijacker more information... Details: This ownloader silently travels to porn sites without displaying a browser. No window is visible, but this Thread visits various porn sites and loads up the temporary internet files folder with many pornographic images. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-65cb7e6b-45bd7153.class KaZaA P2P more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa\Advanced HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 1 HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 0 HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\software\kazaa HKEY_CURRENT_USER\software\kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\software\kazaa\Advanced SuperNode 1 HKEY_CURRENT_USER\software\kazaa\Advanced ScanFolder 0 HKEY_CURRENT_USER\software\kazaa\Advanced Status Installed HKEY_CURRENT_USER\software\kazaa\DontShow SetDefaultHandler 1 HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoreAll 0 HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoredUsers HKEY_CURRENT_USER\software\kazaa\k-lite InstallSig 10 HKEY_CURRENT_USER\software\kazaa\LocalContent DisableSharing 0 HKEY_CURRENT_USER\software\kazaa\LocalContent DownloadDir C:\My Shared Folder HKEY_CURRENT_USER\software\kazaa\ResultsFilter adult_filter_level 0 HKEY_CURRENT_USER\software\kazaa\ResultsFilter showDisableAdultFilter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter password HKEY_CURRENT_USER\software\kazaa\ResultsFilter virus_filter 0 HKEY_CURRENT_USER\software\kazaa\ResultsFilter firewall_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter bogus_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter custom_filter_phrases .scr, .vbs, .jpg.exe, .jpg.vbs, .avi.exe, .avi.vbs, .mp3.exe, .mp3.vbs, -fulldownloader, 3-fulldwnloader, -full-downloader, -games-fulldownloader, divx-fulldownloader, 3-full-dwnloader- HKEY_CURRENT_USER\software\kazaa\Settings SetDefaultHandler 0 HKEY_CURRENT_USER\software\kazaa\Settings UseCount 0 HKEY_CURRENT_USER\software\kazaa\Skins SkinsDir C:\Kazaa Lite\Skins HKEY_CURRENT_USER\software\kazaa\SOCKS Enabled 0 HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentDownloads 4 HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentUploads 3 HKEY_CURRENT_USER\software\kazaa\Transfer UploadBandwidth 0 HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 0 HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0 C:\My Shared Folder HKEY_CURRENT_USER\software\kazaa\UserDetails UserName someone HKEY_CURRENT_USER\software\kazaa\UserDetails Email someone@somewhere.abc HKEY_CURRENT_USER\software\kazaa\UserDetails Newsletter 0 HKEY_CURRENT_USER\software\kazaa\UserDetails AutoConnected 0 HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode DE HKEY_CURRENT_USER\software\kazaa LimitBitrate 0 AvenueMedia.DyFuCA Browser Plug-in more information... Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 Zango Search Assistant Adware more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Count 5 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Time |
|
|
||
25.11.2005, 01:05
Ehrenmitglied
Beiträge: 29434 |
#18
vielleicht hilft das weiter:
start--<Ausfuehren--> regedit HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\System DisableTaskMgr = "dword:00000001"<--in 0 aendern DisableRegistryTools = "dword:00000001"<---in 0 aendern dann starte den PC neu __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.11.2005, 18:30
Member
Themenstarter Beiträge: 14 |
#19
Hallo,
also ich komme bis HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies. System ist dort nicht vorhanden. Unter System gibt es dann noch ein Ordner wo 0 drauf steht und einmal den Explorer Ordner. Wenn ich den anklicke steht: NoDrive TypeOut REG_DWORD 0x00000091(145). :-( MfG Kerstin |
|
|
||
26.11.2005, 00:19
Ehrenmitglied
Beiträge: 29434 |
#20
http://virus-protect.org/silentrunner.html
scanne mit Silentrunner und poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2005, 10:30
Member
Themenstarter Beiträge: 14 |
#21
Habe den Silentrunner runtergeladen aber kann ihn nicht öffnen es erscheint folgende Meldung
WINDOWS SCRIPT HOST Fehler eine Automatisierungsklasse mit dem Namen "WScript.Shell" wurde nicht gefunden. Code 80020009 Quelle WScript.CreateObjekt. MfG Kerstin |
|
|
||
26.11.2005, 14:58
Ehrenmitglied
Beiträge: 29434 |
#22
versuche es mal mit WinPfind
http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2005, 16:18
Member
Themenstarter Beiträge: 14 |
#23
ui das ist aber ne Menge zum posten
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... UPX! 22.11.2002 15:21:26 123904 C:\WINDOWS\SYSTEM32\avisynth.dll UPX! 18.07.2002 11:58:20 37888 C:\WINDOWS\SYSTEM32\AVIwrap.dll UPX! 24.05.2000 20:22:24 21504 C:\WINDOWS\SYSTEM32\avi_renderer.ax UPX! 04.08.2000 15:34:02 64000 C:\WINDOWS\SYSTEM32\claud.ax UPX! 01.12.2002 23:29:52 61952 C:\WINDOWS\SYSTEM32\D2VSource.ax aspack 18.03.2005 16:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll UPX! 27.08.2001 06:04:20 19968 C:\WINDOWS\SYSTEM32\dedynamic.ax PEC2 04.08.2004 15:00:00 41118 C:\WINDOWS\SYSTEM32\DFRG.MSC UPX! 01.04.2000 03:11:08 184832 C:\WINDOWS\SYSTEM32\DivXa32.acm UPX! 05.08.2001 22:51:18 17408 C:\WINDOWS\SYSTEM32\DivXAF.ax UPX! 01.08.2002 10:03:40 121344 C:\WINDOWS\SYSTEM32\DivXc32.dll UPX! 21.02.2001 14:08:24 122944 C:\WINDOWS\SYSTEM32\divxc32f.dll UPX! 29.08.2002 02:41:28 81920 C:\WINDOWS\SYSTEM32\DivX_c32.ax UPX! 02.09.1998 07:24:28 16896 C:\WINDOWS\SYSTEM32\dump.ax UPX! 11.12.2002 08:19:58 94208 C:\WINDOWS\SYSTEM32\DVobSub.ax UPX! 03.01.2003 19:03:20 296960 C:\WINDOWS\SYSTEM32\ffdshow.ax UPX! 08.12.2001 19:20:20 17920 C:\WINDOWS\SYSTEM32\huffyuv.dll UPX! 18.08.2001 11:00:00 65024 C:\WINDOWS\SYSTEM32\ir32_32.dll UPX! 18.08.2001 11:00:00 219648 C:\WINDOWS\SYSTEM32\ir41_32.ax UPX! 18.08.2001 11:00:00 33280 C:\WINDOWS\SYSTEM32\ir41_qc.dll UPX! 18.08.2001 11:00:00 41472 C:\WINDOWS\SYSTEM32\ir41_qcx.dll UPX! 06.11.1997 13:53:30 11264 C:\WINDOWS\SYSTEM32\ir50_lcs.dll UPX! 07.10.1998 16:46:18 41984 C:\WINDOWS\SYSTEM32\Ir50_qc.dll UPX! 07.10.1998 16:50:22 40448 C:\WINDOWS\SYSTEM32\Ir50_qcx.dll UPX! 05.01.1999 17:49:36 64512 C:\WINDOWS\SYSTEM32\Ivfsrc.ax UPX! 17.08.2001 23:08:38 154624 C:\WINDOWS\SYSTEM32\iviaudio.ax UPX! 13.06.1997 06:56:08 19968 C:\WINDOWS\SYSTEM32\Iyvu9_32.dll UPX! 08.06.2000 16:00:00 42496 C:\WINDOWS\SYSTEM32\l3codecx.ax UPX! 16.04.2002 09:17:00 145920 C:\WINDOWS\SYSTEM32\lameACM.acm UPX! 03.01.2003 19:04:00 132096 C:\WINDOWS\SYSTEM32\libavcodec.dll UPX! 03.01.2003 19:04:00 28672 C:\WINDOWS\SYSTEM32\libmpeg2_ff.dll UPX! 23.04.2002 21:22:48 22528 C:\WINDOWS\SYSTEM32\MMSwitch.ax UPX! 17.05.2002 21:18:30 39936 C:\WINDOWS\SYSTEM32\mp4fil32.dll UPX! 20.08.2002 00:41:12 120832 C:\WINDOWS\SYSTEM32\mpg4c32.dll UPX! 07.05.2000 22:08:42 17408 C:\WINDOWS\SYSTEM32\mpgaudio.ax UPX! 26.01.2003 01:56:24 67584 C:\WINDOWS\SYSTEM32\mpgdec.ax PECompact2 02.11.2005 06:34:46 2377568 C:\WINDOWS\SYSTEM32\MRT.exe aspack 02.11.2005 06:34:46 2377568 C:\WINDOWS\SYSTEM32\MRT.exe UPX! 13.07.2000 20:27:36 17920 C:\WINDOWS\SYSTEM32\multiple_mpeg2_source.ax aspack 04.08.2004 15:00:00 733696 C:\WINDOWS\SYSTEM32\NTDLL.DLL UPX! 05.10.2002 00:04:18 21504 C:\WINDOWS\SYSTEM32\ogg.dll UPX! 06.10.2002 19:42:58 105472 C:\WINDOWS\SYSTEM32\OggDS.dll UPX! 04.12.2002 00:34:46 115200 C:\WINDOWS\SYSTEM32\proppage.dll UPX! 23.06.2001 13:04:50 198656 C:\WINDOWS\SYSTEM32\pvmjpg21.dll Umonitor 04.08.2004 15:00:00 686592 C:\WINDOWS\SYSTEM32\RASDLG.DLL UPX! 03.01.2003 18:32:30 8704 C:\WINDOWS\SYSTEM32\TomsMoComp_ff.dll UPX! 15.10.2002 22:54:04 73216 C:\WINDOWS\SYSTEM32\unrar.dll UPX! 22.07.2000 15:49:46 180736 C:\WINDOWS\SYSTEM32\vfcodec.dll UPX! 11.12.2002 08:19:32 147968 C:\WINDOWS\SYSTEM32\vobsub.dll UPX! 05.10.2002 00:04:26 90624 C:\WINDOWS\SYSTEM32\vorbisenc.dll UPX! 02.09.1998 07:24:30 11776 C:\WINDOWS\SYSTEM32\wavdest.ax winsync 04.08.2004 15:00:00 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU UPX! 21.05.2002 12:20:24 34304 C:\WINDOWS\SYSTEM32\xcdsrc.ax UPX! 19.02.2003 21:43:38 107520 C:\WINDOWS\SYSTEM32\XviD.ax UPX! 17.02.2003 16:26:16 202240 C:\WINDOWS\SYSTEM32\XviD.dll Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 26.11.2005 16:03:58 S 2048 C:\WINDOWS\BOOTSTAT.DAT 17.11.2005 23:12:50 H 54156 C:\WINDOWS\QTFont.qfn 26.11.2005 16:04:28 H 889 C:\WINDOWS\SYSTEM32\vsconfig.xml 05.10.2005 20:33:28 S 12849 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat 05.10.2005 02:17:32 S 21737 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat 28.09.2005 10:53:22 S 17402 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat 26.11.2005 16:16:26 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG 26.11.2005 16:05:54 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG 26.11.2005 16:10:52 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG 26.11.2005 16:12:26 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG 26.11.2005 16:11:08 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG 09.11.2005 11:56:06 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG 23.11.2005 21:34:32 HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\fd97123c-699c-480b-92c3-9848f6548677 23.11.2005 21:34:32 HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred 26.11.2005 16:04:00 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04.08.2004 15:00:00 70656 C:\WINDOWS\SYSTEM32\ACCESS.CPL Microsoft Corporation 04.08.2004 15:00:00 555008 C:\WINDOWS\SYSTEM32\APPWIZ.CPL Broadcom Corporation 08.05.2003 20:25:18 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl Microsoft Corporation 04.08.2004 15:00:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL Logitech Inc. 01.06.2004 11:02:30 282624 C:\WINDOWS\SYSTEM32\CamCpl.cpl Microsoft Corporation 04.08.2004 15:00:00 138240 C:\WINDOWS\SYSTEM32\DESK.CPL Microsoft Corporation 04.08.2004 15:00:00 80384 C:\WINDOWS\SYSTEM32\FIREWALL.CPL Microsoft Corporation 04.08.2004 15:00:00 157184 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL Intel Corporation 23.01.2005 09:33:44 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 04.08.2004 15:00:00 359424 C:\WINDOWS\SYSTEM32\INETCPL.CPL Microsoft Corporation 04.08.2004 15:00:00 133120 C:\WINDOWS\SYSTEM32\INTL.CPL Microsoft Corporation 04.08.2004 15:00:00 381440 C:\WINDOWS\SYSTEM32\IRPROPS.CPL Microsoft Corporation 04.08.2004 15:00:00 69632 C:\WINDOWS\SYSTEM32\JOY.CPL Sun Microsystems, Inc. 04.03.2005 03:36:44 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 04.08.2004 15:00:00 189440 C:\WINDOWS\SYSTEM32\MAIN.CPL Microsoft Corporation 04.08.2004 15:00:00 625152 C:\WINDOWS\SYSTEM32\MMSYS.CPL Microsoft Corporation 04.08.2004 15:00:00 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL Microsoft Corporation 04.08.2004 15:00:00 25600 C:\WINDOWS\SYSTEM32\NETSETUP.CPL Microsoft Corporation 04.08.2004 15:00:00 260096 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL Microsoft Corporation 04.08.2004 15:00:00 32768 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL Microsoft Corporation 04.08.2004 15:00:00 117248 C:\WINDOWS\SYSTEM32\POWERCFG.CPL Microsoft Corporation 04.08.2004 15:00:00 303104 C:\WINDOWS\SYSTEM32\SYSDM.CPL Microsoft Corporation 04.08.2004 15:00:00 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL Microsoft Corporation 04.08.2004 15:00:00 94208 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL Microsoft Corporation 04.08.2004 15:00:00 148480 C:\WINDOWS\SYSTEM32\WSCUI.CPL Microsoft Corporation 26.05.2005 03:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 26.05.2005 03:16:22 174872 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl Intel Corporation 02.10.2003 14:32:18 98304 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\igfxcpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 27.11.2004 16:36:44 706 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 8.0 Tray-Symbol.lnk 18.08.2004 14:18:48 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI 18.01.2005 10:34:38 1869 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk 15.02.2005 11:57:46 1709 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 18.08.2004 14:12:02 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DESKTOP.INI Checking files in %USERPROFILE%\Startup folder... 18.08.2004 14:18:48 HS 84 C:\Dokumente und Einstellungen\Kerstin\Startmenü\Programme\Autostart\DESKTOP.INI Checking files in %USERPROFILE%\Application Data folder... 18.08.2004 14:12:02 HS 62 C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\DESKTOP.INI 14.07.2005 19:22:42 76728 C:\Dokumente und Einstellungen\Kerstin\Anwendungsdaten\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EzCddax {46E22146-59C0-4136-9233-52E412E2B428} = C:\Easy CD-DA Extractor 8\ezcddax8.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = C:\Programme\TuneUp Utilities\sdshelex.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\jetAudio {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = C:\Programme\JetAudio\JetFlExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\jetAudio {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = C:\Programme\JetAudio\JetFlExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = C:\Programme\TuneUp Utilities\sdshelex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890} DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} CNavExtBho Class = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} Real.com = C:\WINDOWS\system32\Shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\ICQToolbar\toolbaru.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD} ButtonText = Messenger : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Programme\AIM95\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\ICQLite\ICQLite.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} ButtonText = Real.com : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = : {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\ICQToolbar\toolbaru.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Zone Labs Client "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" Microsoft Works Update Detection C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe AVGCtrl "C:\Programme\AVPersonal\AVGNT.EXE" /min Trojancheck 6 Guard C:\Programme\Trojancheck 6\tcguard.exe LogitechVideoTray C:\Programme\Logitech\Video\LogiTray.exe LogitechGalleryRepair C:\Programme\Logitech\Video\ISStart.exe HostManager C:\Programme\Gemeinsame Dateien\AOL\1132426500\ee\AOLHostManager.exe SunServer C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] LogitechSoftwareUpdate C:\Programme\Logitech\Video\ManifestEngine.exe boot [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxsrvc.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 26.11.2005 16:16:47 |
|
|
||
26.11.2005, 16:29
Ehrenmitglied
Beiträge: 29434 |
#24
ich weiss nicht, was mit dem Taskmanger los ist....hast du irgendeinen Tweak angewendet?
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2005, 16:31
Member
Themenstarter Beiträge: 14 |
#25
eehm was ist ein tweak ??? :-)
|
|
|
||
26.11.2005, 16:59
Ehrenmitglied
Beiträge: 29434 |
#26
na mit irgendeinem RegistryCleaner oder aehnlichem gearbeitet habe....denn es gab wahrscheinlich eine Veraenderung in der Registry, aber ich weiss nicht welche.....
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2005, 20:41
Member
Themenstarter Beiträge: 14 |
#27
Na eigentlich wende ich nur "tune up" an. ich hab zwar schon alleine einiges probiert aber da ging er schon nicht mehr.
Du hattest mit doch einen link für die Startseite hier rein gestellt oder ??? Irgenwas mit Sheriff reg. kannst Du mir den nochmal reintun ??? MfG Kerstin |
|
|
||
26.11.2005, 20:45
Ehrenmitglied
Beiträge: 29434 |
#28
es ist kein Spysheriff, denn du hast schon nicht gefunden (in der Registry), was auf den Sheriff deutet.
Ich weiss auch keinen Rat mehr. Zitat HKEY_CURRENT_USER\Software\Microsoft\Windows\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2005, 20:47
Member
Themenstarter Beiträge: 14 |
||
|
||
C:\WINDOWS\SYSTEM32\ide21201.vxd
C:\Programme\AnyKeySoft\Worms Breakout 2\Uninstal.exe
C:\Programme\Install Creator\Uninstal.exe
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wowokay.com/
PC neustarten
wende CleanUp an
http://virus-protect.org/cleanup.html
scanne mit Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina
rund um die PC-Sicherheit