Winhound bzw. file://C:\WINDOWS\warnhp.html.

Thema ist geschlossen!
Thema ist geschlossen!
#0
29.12.2005, 21:06
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#1 Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809

Verzeichnis von C:\

29.12.2005 10:44 0 sys.txt
29.12.2005 10:43 12.140 system.txt
29.12.2005 10:42 1.174 systemtemp.txt
29.12.2005 10:42 116.034 system32.txt
29.12.2005 10:08 39.424 Normal.dot
29.12.2005 08:22 805.306.368 pagefile.sys
28.12.2005 16:40 1.347 smitfiles.txt
31.10.2005 16:56 700.416 StubInstaller.exe
26.07.2005 14:22 27.136 Sehr geehrter Herr Lux.doc
26.07.2005 14:16 62.464 Sehr geehrter Herr Paucar.doc
11.07.2005 07:39 8.211 mxfilerelatedcache.mxc2
17.06.2005 15:40 36.352 ~WRL1615.tmp
18.05.2005 12:19 3.202 TDSLCheck.txt
16.02.2005 08:44 1.176 IWATCH.CAP
27.01.2005 13:57 2.112 SFIRM.siz
25.11.2004 17:01 12.842.424 temp.mpg
08.11.2004 09:08 9.728 Thumbs.db
08.11.2004 09:07 192.574 Paula1.JPG
08.11.2004 09:06 192.602 Paula.JPG
10.10.2004 16:14 47.564 ntdetect.com
10.10.2004 16:14 251.184 ntldr
24.09.2004 13:35 192 boot.ini
17.08.2004 07:10 162 ~$Normal.dot
13.08.2004 12:41 26.112 Nach fakturierten Rechnungen.doc
20.07.2004 07:03 1.084 vlist.log
05.07.2004 11:46 142 DeleteAtReboot.bat
01.07.2004 10:10 550 IWATCH.TXT
01.07.2004 09:59 67.893 _NavCClt.Log
11.06.2004 14:29 2.348 cibpdfinstall.log
05.02.2004 08:32 2.112 SFIRM.bak
04.08.2003 13:30 2.101 gprs_log.txt
18.06.2003 14:33 405 log.txt
17.06.2003 08:12 13.030 PDOXUSRS.NET
23.11.2002 12:32 1.120 INSTALL.LOG
18.11.2002 13:48 84 RobotError.log
16.11.2002 11:21 0 temp.html
31.10.2002 17:02 144.449 search.log
20.10.2002 14:06 370 detlog.txt
11.07.2002 10:09 0 MSDOS.SYS
11.07.2002 10:09 0 AUTOEXEC.BAT
11.07.2002 10:09 0 CONFIG.SYS
11.07.2002 10:09 0 IO.SYS
18.08.2001 13:00 4.952 bootfont.bin
24.05.2001 12:59 162.304 UNWISE.EXE
44 Datei(en) 820.283.042 Bytes
0 Verzeichnis(se), 3.002.478.592 Bytes frei
Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809

Verzeichnis von C:\WINDOWS

29.12.2005 10:19 88 Oce6x.INI
29.12.2005 09:28 849 win.ini
29.12.2005 09:26 25.824 setupapi.log
29.12.2005 09:20 599 KTEL.INI
29.12.2005 08:22 1.100.405 WindowsUpdate.log
29.12.2005 08:22 2.048 bootstat.dat
28.12.2005 16:34 32.622 SchedLgU.Txt
27.12.2005 12:36 0 xgatm.txt
27.12.2005 09:40 25.812 stub78.ini
27.12.2005 09:40 25.329 stub77.ini
27.12.2005 09:39 26.785 stub76.ini
27.12.2005 09:39 26.386 stub75.ini
27.12.2005 09:38 26.446 stub74.ini
27.12.2005 09:38 26.417 stub73.ini
27.12.2005 09:38 26.300 stub72.ini
27.12.2005 09:37 26.413 stub71.ini
27.12.2005 09:36 25.626 stub70.ini
27.12.2005 09:36 25.949 stub69.ini
27.12.2005 09:36 25.914 stub68.ini
27.12.2005 09:35 26.241 stub67.ini
27.12.2005 09:35 26.472 stub66.ini
27.12.2005 09:34 26.174 stub65.ini
27.12.2005 09:33 24.912 stub64.ini
27.12.2005 09:33 25.074 stub63.ini
27.12.2005 09:32 25.293 stub62.ini
27.12.2005 09:32 25.066 stub61.ini
27.12.2005 09:32 25.594 stub60.ini
27.12.2005 09:32 25.271 stub59.ini
27.12.2005 09:31 26.307 stub58.ini
27.12.2005 09:28 25.008 stub57.ini
27.12.2005 09:27 25.158 stub56.ini
27.12.2005 09:26 25.293 stub55.ini
27.12.2005 09:26 25.311 stub54.ini
27.12.2005 09:25 25.635 stub53.ini
27.12.2005 09:25 25.546 stub52.ini
27.12.2005 09:24 25.592 stub51.ini
27.12.2005 09:23 24.667 stub50.ini
27.12.2005 09:22 24.795 stub49.ini
27.12.2005 09:21 24.864 stub48.ini
27.12.2005 09:20 24.921 stub47.ini
27.12.2005 09:20 25.352 stub46.ini
27.12.2005 09:19 24.766 stub45.ini
27.12.2005 09:19 24.710 stub44.ini
27.12.2005 09:18 25.043 stub43.ini
27.12.2005 09:15 24.914 stub42.ini
27.12.2005 09:09 25.035 stub41.ini
27.12.2005 09:08 24.703 stub40.ini
27.12.2005 09:07 24.420 stub39.ini
27.12.2005 09:07 24.711 stub38.ini
27.12.2005 09:06 24.442 stub37.ini
27.12.2005 09:06 24.735 stub36.ini
27.12.2005 09:05 24.305 stub35.ini
27.12.2005 08:59 24.912 stub34.ini
27.12.2005 08:59 24.391 stub33.ini
27.12.2005 08:59 24.500 stub32.ini
27.12.2005 08:55 24.410 stub31.ini
27.12.2005 08:52 24.809 stub30.ini
27.12.2005 08:40 24.364 stub29.ini
27.12.2005 08:40 24.101 stub28.ini
27.12.2005 08:39 24.565 stub27.ini
27.12.2005 08:39 23.818 stub26.ini
27.12.2005 08:39 23.904 stub25.ini
27.12.2005 08:33 24.085 stub23.ini
27.12.2005 08:33 23.580 stub24.ini
27.12.2005 08:27 23.060 stub22.ini
27.12.2005 06:22 23.685 stub20.ini
27.12.2005 06:22 23.219 stub21.ini
27.12.2005 06:18 22.835 stub19.ini
27.12.2005 06:17 23.622 stub16.ini
27.12.2005 06:17 22.118 stub18.ini
27.12.2005 06:17 23.395 stub17.ini
27.12.2005 06:15 23.264 stub15.ini
27.12.2005 05:53 23.847 stub14.ini
27.12.2005 05:50 23.745 stub13.ini
27.12.2005 05:47 23.567 stub12.ini
27.12.2005 05:43 23.501 stub11.ini
27.12.2005 05:10 23.416 stub10.ini
27.12.2005 05:00 23.496 stub9.ini
27.12.2005 04:59 23.318 stub8.ini
27.12.2005 04:55 23.344 stub7.ini
27.12.2005 04:51 23.619 stub6.ini
27.12.2005 03:12 23.246 stub4.ini
27.12.2005 03:12 23.500 stub5.ini
27.12.2005 02:50 23.166 stub3.ini
27.12.2005 02:45 22.711 stub2.ini
27.12.2005 02:45 22.854 stub1.ini
24.12.2005 23:56 1.199 logs1.ini
23.12.2005 12:48 54.156 QTFont.qfn
21.12.2005 12:49 13.581 jaubc.dat
20.12.2005 19:31 197.761 ubyty.dat
18.12.2005 11:52 2.814 igzod.dat
18.12.2005 11:52 149 hdkctnts.ini

18.12.2005 11:52 16.730 Feder.bmp
18.12.2005 11:52 26.680 F„cher.bmp
18.12.2005 11:52 2.814 egifx.dat
18.12.2005 09:37 832 unins000.dat
18.12.2005 09:37 11.388 udtai.dat
18.12.2005 09:37 28 SYS386E.DAT
18.12.2005 09:37 122 telephon.ini
18.12.2005 09:37 65.832 Santa Fe-Stuck.bmp
18.12.2005 09:37 65.978 Seifenblase.bmp
18.12.2005 09:37 746 ST6UNST.001
18.12.2005 03:25 1.272 Blaue Spitzen 16.bmp
17.12.2005 11:47 69.416 Unnero.cfg
17.12.2005 11:47 790 win.tmp
08.12.2005 08:21 5.688 ModemLog_GPRS via COM.txt
07.12.2005 06:29 197.761 fgtpd.txt
30.11.2005 08:23 0 logs2.ini
19.07.2005 12:30 440 Sfirm32.ini
19.07.2005 12:30 171 Uno.ini
13.07.2005 11:12 1.196 MpsKe.INI
08.07.2005 07:05 22 FLASHKSK.INI

Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809

Verzeichnis von C:\DOKUME~1\MALBSM~1.BUE\LOKALE~1\Temp

29.12.2005 10:38 0 JETA4D0.tmp
29.12.2005 10:32 319 tmpD53.tmp
29.12.2005 10:22 512 ~DF52ED.tmp
29.12.2005 10:20 512 ~DF277A.tmp
29.12.2005 10:20 981.464 mso87DC5.wmf
29.12.2005 10:20 9.728 ~WRS0002.tmp
29.12.2005 10:10 16.384 ~WRF0001.tmp
29.12.2005 10:10 506 ~WRD0000.doc
29.12.2005 10:10 512 ~DF4A6A.tmp
29.12.2005 10:10 512 ~DF471B.tmp
29.12.2005 10:10 512 ~DF399E.tmp
29.12.2005 10:08 1.409 FORD41.tmp
29.12.2005 10:08 8.960 ZTRD40.tmp
29.12.2005 10:06 8.912 ZTRD3E.tmp
29.12.2005 10:06 1.409 FORD3F.tmp
29.12.2005 09:21 975 wcesmgr.log
29.12.2005 09:21 483 outstore.log
29.12.2005 08:36 2.387 WCESCOMM.LOG
29.12.2005 08:24 16.384 ~DF4933.tmp
19 Datei(en) 1.051.880 Bytes
0 Verzeichnis(se), 3.002.511.360 Bytes frei

Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809

Verzeichnis von C:\WINDOWS\system32

29.12.2005 09:28 0 asfiles.txt
29.12.2005 09:25 2.550 Uninstall.ico
29.12.2005 09:25 1.406 Help.ico
29.12.2005 09:25 1.718 Open.ico
29.12.2005 09:25 1.406 AddQuit.ico
29.12.2005 09:25 5.350 IE.ico
29.12.2005 09:25 9.470 Desktop.ico
29.12.2005 09:25 1.718 Quick.ico
28.12.2005 16:34 11.630 appldiag
27.12.2005 12:36 0 gatmy.dll
27.12.2005 12:36 0 d3aq32.exe
27.12.2005 11:46 664.064 wininet.dll
27.12.2005 08:00 2.278 wpa.dbl
27.12.2005 02:45 13.581 ufheh.log
22.12.2005 15:41 197.761 wykin.dat
19.12.2005 08:35 7.006 jupdate-1.5.0_06-b05.log
09.12.2005 01:21 2.723.680 MRT.exe
08.12.2005 19:46 13.581 beplo.dat
08.12.2005 08:21 4.162 ModemLog_AVM ISDN Custom Config.txt
08.12.2005 08:21 4.610 ModemLog_AVM ISDN BTX.txt
08.12.2005 08:21 4.660 ModemLog_AVM ISDN Analog Modem (V.32bis).txt
08.12.2005 08:21 4.620 ModemLog_AVM ISDN FAX (G3).txt
08.12.2005 08:21 4.630 ModemLog_AVM ISDN - ISDN (X.75).txt
08.12.2005 08:21 4.632 ModemLog_AVM ISDN Mailbox (X.75).txt
08.12.2005 08:21 4.672 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt
08.12.2005 08:21 4.642 ModemLog_AVM ISDN RAS (PPP over ISDN).txt
08.12.2005 08:21 4.652 ModemLog_AVM ISDN Internet (PPP over ISDN).txt
15.11.2005 08:07 5.618 jupdate-1.5.0_05-b05.log
14.11.2005 13:53 3.534 jupdate-1.5.0_03-b07.log
10.11.2005 13:03 127.078 javaws.exe
10.11.2005 13:03 49.265 jpicpl32.cpl
10.11.2005 11:27 49.250 javaw.exe
10.11.2005 11:27 49.248 java.exe
09.11.2005 13:31 360.136 FNTCACHE.DAT
31.10.2005 08:08 311.604 perfh009.dat
31.10.2005 08:08 39.992 perfc009.dat
31.10.2005 08:08 316.594 perfh007.dat
31.10.2005 08:08 48.156 perfc007.dat
31.10.2005 08:08 723.568 PerfStringBackup.INI
20.10.2005 23:25 1.094.144 esent.dll
13.10.2005 00:11 15.584 spmsg.dll
11.10.2005 16:19 1.675 shutdown.log
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
23.09.2005 04:06 8.491.520 shell32.dll
10.09.2005 02:54 2.067.968 cdosys.dll
03.09.2005 00:53 474.112 shlwapi.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
30.08.2005 04:55 1.292.800 quartz.dll
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll
11.08.2005 16:11 65.024 nwwks.dll




Hallo Sabina, auch ich kriege das Problem nicht los. Trotz mehrerer Versuche habe ich es nicht geschafft, den weissen Hintergrund zu entfernen.Ursache ist Winhound bzw. file://C:\WINDOWS\warnhp.html.
Folgend meine Ausdrucke. Vielleicht kannst du mir helfen :-)

Logfile of HijackThis v1.97.7
Scan saved at 11:00:44, on 29.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\NavNT\defwatch.exe
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\NavNT\rtvscan.exe
C:\PROGRAMME\SAPDB\DEPEND\pgm\kernel.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\programme\sapdb\indep_prog\pgm\serv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\Programme\klickIdent Profi Plus Januar 2004\klickIdentPP.exe
C:\Programme\NavNT\vptray.exe
C:\WINDOWS\System32\pupxpman.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-DSL Business\bolog.exe
C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Iomega\AutoDisk\AD2KClient.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MailWasher Pro\MailWasher.exe
C:\Programme\Microsoft ActiveSync\WCESMgr.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\malbsmeier.BUERO\Eigene Dateien\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programme\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [ISDN_Monitor] C:\Programme\klickIdent Profi Plus Januar 2004\klickIdentPP.exe
O4 - HKLM\..\Run: [vptray] C:\Programme\NavNT\vptray.exe
O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\MALBSM~1.BUE\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\System32\PUPXPTWK.EXE /TWEAK
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [SfWinStartInfo] C:\SFIRM32\sfWinStartupInfo.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BOL Master] E:\Setup.exe
O4 - HKLM\..\Run: [BusinessOnline Log] "C:\Programme\T-DSL Business\bolog.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stnospy] C:\Programme\SinEspias\no-spy.exe /autorun
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Programme\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MailWasher] C:\Programme\MailWasher Pro\MailWasher.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: FriFon32.lnk = C:\Programme\FRITZ!\FriFon32.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SFIRM32 Automat.lnk = C:\SFIRM32\SFAutomat.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: PDF in Word öffnen (PDF Converter 2.0) - res://C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFConv\IEShellExt.dll /500
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: Mobilen Favoriten erstellen (HKLM)
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38253.4323148148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!

Folgend die weiteren.....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.12.2005, 21:23
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#2 gehe in die Registry

Start-->Ausfuehren--> regedit

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\
FriendlyName" = "Warning homepage" <--loeschen
"Source" = "C:\WINDOWS\warnhp.html" <--loeschen

------------------------------------------------------------------------------------

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot / Process all in List )--> anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

ohne das Datum reinkopieren.... ;)

C:\WINDOWS\xgatm.txt
C:\WINDOWS\stub78.ini
C:\WINDOWS\stub77.ini
27.12.2005 09:39 26.785 C:\WINDOWS\stub76.ini
27.12.2005 09:39 26.386 C:\WINDOWS\stub75.ini
27.12.2005 09:38 26.446 C:\WINDOWS\stub74.ini
27.12.2005 09:38 26.417 C:\WINDOWS\stub73.ini
27.12.2005 09:38 26.300 C:\WINDOWS\stub72.ini
27.12.2005 09:37 26.413 C:\WINDOWS\stub71.ini
27.12.2005 09:36 25.626 C:\WINDOWS\stub70.ini
27.12.2005 09:36 25.949 C:\WINDOWS\stub69.ini
27.12.2005 09:36 25.914 C:\WINDOWS\stub68.ini
27.12.2005 09:35 26.241 C:\WINDOWS\stub67.ini
27.12.2005 09:35 26.472 C:\WINDOWS\stub66.ini
27.12.2005 09:34 26.174 C:\WINDOWS\stub65.ini
27.12.2005 09:33 24.912 C:\WINDOWS\stub64.ini
27.12.2005 09:33 25.074 C:\WINDOWS\stub63.ini
27.12.2005 09:32 25.293 C:\WINDOWS\stub62.ini
27.12.2005 09:32 25.066 C:\WINDOWS\stub61.ini
27.12.2005 09:32 25.594 C:\WINDOWS\stub60.ini
27.12.2005 09:32 25.271 C:\WINDOWS\stub59.ini
27.12.2005 09:31 26.307 C:\WINDOWS\stub58.ini
27.12.2005 09:28 25.008 C:\WINDOWS\stub57.ini
27.12.2005 09:27 25.158 C:\WINDOWS\stub56.ini
27.12.2005 09:26 25.293 C:\WINDOWS\stub55.ini
27.12.2005 09:26 25.311 C:\WINDOWS\stub54.ini
27.12.2005 09:25 25.635 C:\WINDOWS\stub53.ini
27.12.2005 09:25 25.546 C:\WINDOWS\stub52.ini
27.12.2005 09:24 25.592 C:\WINDOWS\stub51.ini
27.12.2005 09:23 24.667 C:\WINDOWS\stub50.ini
27.12.2005 09:22 24.795 C:\WINDOWS\stub49.ini
27.12.2005 09:21 24.864 C:\WINDOWS\stub48.ini
27.12.2005 09:20 24.921 C:\WINDOWS\stub47.ini
27.12.2005 09:20 25.352 C:\WINDOWS\stub46.ini
27.12.2005 09:19 24.766 C:\WINDOWS\stub45.ini
27.12.2005 09:19 24.710 C:\WINDOWS\stub44.ini
27.12.2005 09:18 25.043 C:\WINDOWS\stub43.ini
27.12.2005 09:15 24.914 C:\WINDOWS\stub42.ini
27.12.2005 09:09 25.035 C:\WINDOWS\stub41.ini
27.12.2005 09:08 24.703 C:\WINDOWS\stub40.ini
27.12.2005 09:07 24.420 C:\WINDOWS\stub39.ini
27.12.2005 09:07 24.711 C:\WINDOWS\stub38.ini
27.12.2005 09:06 24.442 C:\WINDOWS\stub37.ini
27.12.2005 09:06 24.735 C:\WINDOWS\stub36.ini
27.12.2005 09:05 24.305 C:\WINDOWS\stub35.ini
27.12.2005 08:59 24.912 C:\WINDOWS\stub34.ini
27.12.2005 08:59 24.391 C:\WINDOWS\stub33.ini
27.12.2005 08:59 24.500 C:\WINDOWS\stub32.ini
27.12.2005 08:55 24.410 C:\WINDOWS\stub31.ini
27.12.2005 08:52 24.809 C:\WINDOWS\stub30.ini
27.12.2005 08:40 24.364 C:\WINDOWS\stub29.ini
27.12.2005 08:40 24.101 C:\WINDOWS\stub28.ini
27.12.2005 08:39 24.565 C:\WINDOWS\stub27.ini
27.12.2005 08:39 23.818 C:\WINDOWS\stub26.ini
27.12.2005 08:39 23.904 C:\WINDOWS\stub25.ini
27.12.2005 08:33 24.085 C:\WINDOWS\stub23.ini
27.12.2005 08:33 23.580 C:\WINDOWS\stub24.ini
27.12.2005 08:27 23.060 C:\WINDOWS\stub22.ini
27.12.2005 06:22 23.685 C:\WINDOWS\stub20.ini
27.12.2005 06:22 23.219 C:\WINDOWS\stub21.ini
27.12.2005 06:18 22.835 C:\WINDOWS\stub19.ini
27.12.2005 06:17 23.622 C:\WINDOWS\stub16.ini
27.12.2005 06:17 22.118 C:\WINDOWS\stub18.ini
27.12.2005 06:17 23.395 C:\WINDOWS\stub17.ini
27.12.2005 06:15 23.264 C:\WINDOWS\stub15.ini
27.12.2005 05:53 23.847 C:\WINDOWS\stub14.ini
27.12.2005 05:50 23.745 C:\WINDOWS\stub13.ini
27.12.2005 05:47 23.567 C:\WINDOWS\stub12.ini
27.12.2005 05:43 23.501 C:\WINDOWS\stub11.ini
27.12.2005 05:10 23.416 C:\WINDOWS\stub10.ini
27.12.2005 05:00 23.496 C:\WINDOWS\stub9.ini
27.12.2005 04:59 23.318 C:\WINDOWS\stub8.ini
C:\WINDOWS\stub7.ini
C:\WINDOWS\stub6.ini
C:\WINDOWS\stub4.ini
C:\WINDOWS\stub5.ini
C:\WINDOWS\stub3.ini
C:\WINDOWS\stub2.ini
C:\WINDOWS\stub1.ini
C:\WINDOWS\logs1.ini

C:\WINDOWS\jaubc.dat
C:\WINDOWS\ubyty.dat
C:\WINDOWS\igzod.dat
C:\WINDOWS\hdkctnts.ini
C:\WINDOWS\egifx.dat
C:\StubInstaller.exe

C:\WINDOWS\system32\asfiles.txt
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\Open.ico
C:\WINDOWS\system32\AddQuit.ico
C:\WINDOWS\system32\IE.ico
C:\WINDOWS\system32\Desktop.ico
C:\WINDOWS\system32\Quick.ico
C:\WINDOWS\system32\gatmy.dll
C:\WINDOWS\system32\d3aq32.exe
C:\WINDOWS\system32\ufheh.log
C:\WINDOWS\system32\wykin.dat
C:\WINDOWS\system32\beplo.dat

PC neustarten

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [stnospy] C:\Programme\SinEspias\no-spy.exe /autorun

PC neustarten

-------------------------------------------------------------------------

ADSSpy--> scanne und loesche alle Streams, die erscheinen
http://virus-protect.org/artikel/tools/ADSSpy.exe

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html
sichere vorher wichtige Dokumente von World (WRD0000.doc)

SmitRem2.8---> noch einmal
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

laden--> in den abgesicherten Modus booten --> öffne smitRem folder --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste sie

deaktiviere die Systemwiederherstellung (dann wieder aktivieren)
http://virus-protect.org/systemwiederherstellung.html

deinstalliere/loesche
C:\Programme\WinHound
C:\Programme\SinEspias

Counterspy
http://virus-protect.org/counterspy.html

- nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove
*Quarantaine

wähle immer Remove und starte den PC neu

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\win.tmp



-----------------------------------------------------

Info
http://virus-protect.org/artikel/spyware/trojanagenteo.html

--------------------------------------------------------
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.12.2005, 19:27
...neu hier

Beiträge: 8
#3 Hallo Sabina,

vielen vielen Dank.
Bis jetzt ist der weisse Hintergrund noch da. Heul!!!
Den folgenden Schritt habe ich leider nicht verstanden. Bei welcher Datei soll ich doppel klicken? Wo ist Submit? Bin halt kein Experte.
Jetzt wünsche ich dir aber erstmal einen guten Rutsch und die besten Wünsche für das neue Jahr. Vielleicht können wir mein Problem im neuen Jahr lösen.

Schöne Grüße
Martin

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\win.tmp
Habe nur win.ini gefunden und diese dann geprüft:

This is a report processed by VirusTotal on 12/31/2005 at 11:17:10 (CET) after scanning the file "win.ini" file.
Antivirus Version Update Result
AntiVir 6.33.0.70 12.30.2005 no virus found
Avast 4.6.695.0 12.30.2005 no virus found
AVG 718 12.30.2005 no virus found
Avira 6.33.0.70 12.30.2005 no virus found
BitDefender 7.2 12.31.2005 no virus found
CAT-QuickHeal 8.00 12.31.2005 no virus found
ClamAV devel-20051123 12.29.2005 no virus found
DrWeb 4.33 12.30.2005 no virus found
eTrust-Iris 7.1.194.0 12.30.2005 no virus found
eTrust-Vet 12.4.1.0 12.31.2005 no virus found
Ewido 3.5 12.30.2005 no virus found
Fortinet 2.54.0.0 12.31.2005 no virus found
F-Prot 3.16c 12.30.2005 no virus found
Ikarus 0.2.59.0 12.30.2005 no virus found
Kaspersky 4.0.2.24 12.31.2005 no virus found
McAfee 4663 12.30.2005 no virus found
NOD32v2 1.1347 12.30.2005 no virus found
Norman 5.70.10 12.31.2005 no virus found
Panda 9.0.0.4 12.30.2005 no virus found
Sophos 4.01.0 12.30.2005 no virus found
Symantec 8.0 12.31.2005 no virus found
TheHacker 5.9.1.064 12.29.2005 no virus found
UNA 1.83 12.30.2005 no virus found
VBA32 3.10.5 12.30.2005 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'explorer.exe'
Killing PID 748 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~


~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! ;)
Dieser Beitrag wurde am 31.12.2005 um 11:32 Uhr von Albs111 editiert.
Seitenanfang Seitenende
31.12.2005, 13:32
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#4 Albs111

wenn du alles mit der killbox geloescht hast,und die Streams mit ADSSpy geloescht sind:

multiavtool
http://virus-protect.org/multiavtool.html
klicke "3" McAfee -- es erscheint ein leeres DOS-Fenster.
- man muss eingeben, was gescannt werden soll

- C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\

poste die scanreporte
---------------------------------------------
dann sehen wir weiter..............
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 11:56
...neu hier

Beiträge: 8
#5 Hallo Sabina,
erstmal wünsche ich dir ein frohes, gesundes und erfolgreiches neues Jahr.
Für das Doppelpostens muss ich mich noch entschuldigen.

Der weisse Bildschirm ist noch da. Folgend die Scanreports.

mfg Martin

Virus Scan Report File

Virus Scan Information

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4664 created Jan 01 2006
Scanning for 168331 viruses, trojans and variants.

Virus Scan Results




01/02/2006 11:39:52


Options:
"C:\WINDOWS\SYSTEM32" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: [WXPPR]
Scanning C:\WINDOWS\SYSTEM32\*.*

Summary report on C:\WINDOWS\SYSTEM32\*.*
File(s)
Total files: ........... 7701
Clean: ................. 7691
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 1


Time: 00:08.56


Virus Scan Report File

Virus Scan Information

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4664 created Jan 01 2006
Scanning for 168331 viruses, trojans and variants.

Virus Scan Results




01/02/2006 11:02:01


Options:
"C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: [WXPPR]
Scanning C:\WINDOWS\*.*

Summary report on C:\WINDOWS\*.*
File(s)
Total files: ........... 41761
Clean: ................. 41699
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 1


Time: 00:28.56


Virus Scan Report File

Virus Scan Information

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4664 created Jan 01 2006
Scanning for 168331 viruses, trojans and variants.

Virus Scan Results




01/02/2006 09:12:58


Options:
"C:\" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: [WXPPR]
Scanning C:\*.*
C:\Dokumente und Einstellungen\malbsmeier.BUERO\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-481293e4-258254ad.zip\GETACCESS.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\AB SCISSOR.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\BROADBAND COMPARISON.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\CREDIT COUNSELING.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\CREDIT REPORT.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\CRM SOFTWARE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\DEBT CREDIT CARD.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ESCORTS.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\FHA.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\HEALTH INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\HELP DESK SOFTWARE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\INSURANCE HOME.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\LOAN FOR DEBT CONSOLIDATION.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\LOAN FOR PEOPLE WITH BAD CREDIT.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\MARKETING EMAIL.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\MORTGAGE INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\MORTGAGE LIFE INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\NEVADA CORPORATIONS.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ONLINE BETTING SITE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ONLINE GAMBLING CASINO.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ONLINE INSTANT LOAN.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ORDER PHENTERMINE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\PAYROLL ADVANCE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\PERSONAL LOANS ONLINE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\PERSONAL LOANS WITH BAD CREDIT.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\PRESCRIPTION DRUGS RX ONLINE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\REFINANCING MY MORTGAGE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\TAHOE VACATION RENTAL.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\UNSECURED BAD CREDIT LOANS.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\VIDEOS.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\WHAT IS HYDROCODONE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ONLY SEX WEBSITE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\SEARCH THE WEB.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227122051.zip\SEVEN DAYS OF FREE PORN.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\AB SCISSOR.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\BROADBAND COMPARISON.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\CREDIT COUNSELING.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\CREDIT REPORT.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\CRM SOFTWARE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\DEBT CREDIT CARD.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ESCORTS.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\FHA.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\HEALTH INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\HELP DESK SOFTWARE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\INSURANCE HOME.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\LOAN FOR DEBT CONSOLIDATION.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\LOAN FOR PEOPLE WITH BAD CREDIT.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\MARKETING EMAIL.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\MORTGAGE INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\MORTGAGE LIFE INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\NEVADA CORPORATIONS.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ONLINE BETTING SITE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ONLINE GAMBLING CASINO.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ONLINE INSTANT LOAN.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ORDER PHENTERMINE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\PAYROLL ADVANCE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\PERSONAL LOANS ONLINE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\PERSONAL LOANS WITH BAD CREDIT.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\PRESCRIPTION DRUGS RX ONLINE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\REFINANCING MY MORTGAGE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\TAHOE VACATION RENTAL.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\UNSECURED BAD CREDIT LOANS.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\VIDEOS.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\WHAT IS HYDROCODONE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ONLY SEX WEBSITE.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\SEARCH THE WEB.URL ... Found potentially unwanted program Adware-Url.gen.
C:\Programme\PestPatrol\Quarantine\20051227124059.zip\SEVEN DAYS OF FREE PORN.URL ... Found potentially unwanted program Adware-Url.gen.

Summary report on C:\*.*
File(s)
Total files: ........... 285627
Clean: ................. 285474
Possibly Infected: ..... 1
Cleaned: ............... 0
Non-critical Error(s): 2


Time: 01:46.00
Seitenanfang Seitenende
02.01.2006, 12:45
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#6 Counterspy
http://virus-protect.org/counterspy.html

- nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove
*Quarantaine

wähle immer Remove und starte den PC neu--> poste hier den sanreport ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 14:05
...neu hier

Beiträge: 8
#7 Noch keine Änderung.
Report:

Spyware Scan Details
Start Date: 02.01.2006 13:02:50
End Date: 02.01.2006 13:59:03
Total Time: 56 mins 13 secs

Detected spyware

Looking-For.Home Search Assistant Browser Modifier more information...
Details: Home Search Assistant is an Internet Explorer browser helper object that was recently identified by the SpyNet community; research is currently under way to further identify its risks.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 Service 11Fßä #•ºÄÖ`I
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 Class LegacyDriver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1}
Seitenanfang Seitenende
02.01.2006, 14:19
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#8 kopiere hier noch mal die 4 Textdateien von datfindbat
+
das Log (komplett) vom Silentrunner
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 14:41
...neu hier

Beiträge: 8
#9 Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809

Verzeichnis von C:\WINDOWS\system32

02.01.2006 07:58 2.278 wpa.dbl
31.12.2005 11:26 12.472 appldiag
27.12.2005 11:46 664.064 wininet.dll
19.12.2005 08:35 7.006 jupdate-1.5.0_06-b05.log
09.12.2005 01:21 2.723.680 MRT.exe
08.12.2005 08:21 4.162 ModemLog_AVM ISDN Custom Config.txt
08.12.2005 08:21 4.610 ModemLog_AVM ISDN BTX.txt
08.12.2005 08:21 4.660 ModemLog_AVM ISDN Analog Modem (V.32bis).txt
08.12.2005 08:21 4.620 ModemLog_AVM ISDN FAX (G3).txt
08.12.2005 08:21 4.630 ModemLog_AVM ISDN - ISDN (X.75).txt
08.12.2005 08:21 4.632 ModemLog_AVM ISDN Mailbox (X.75).txt
08.12.2005 08:21 4.672 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt
08.12.2005 08:21 4.642 ModemLog_AVM ISDN RAS (PPP over ISDN).txt
08.12.2005 08:21 4.652 ModemLog_AVM ISDN Internet (PPP over ISDN).txt
15.11.2005 08:07 5.618 jupdate-1.5.0_05-b05.log
14.11.2005 13:53 3.534 jupdate-1.5.0_03-b07.log
10.11.2005 13:03 127.078 javaws.exe
10.11.2005 13:03 49.265 jpicpl32.cpl
10.11.2005 11:27 49.250 javaw.exe
10.11.2005 11:27 49.248 java.exe
09.11.2005 13:31 360.136 FNTCACHE.DAT
31.10.2005 08:08 39.992 perfc009.dat
31.10.2005 08:08 311.604 perfh009.dat
31.10.2005 08:08 316.594 perfh007.dat
31.10.2005 08:08 48.156 perfc007.dat
31.10.2005 08:08 723.568 PerfStringBackup.INI
20.10.2005 23:25 1.094.144 esent.dll
20.10.2005 15:37 24.924 openports.dll
20.10.2005 15:37 40.960 SDelete.dll
13.10.2005 00:11 15.584 spmsg.dll
11.10.2005 16:19 1.675 shutdown.log
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys


Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809

Verzeichnis von C:\DOKUME~1\MALBSM~1.BUE\LOKALE~1\Temp

02.01.2006 14:26 512 ~DF43B9.tmp
02.01.2006 14:21 77.824 ALBSMEIER_DB2796.XXX
02.01.2006 14:15 206 jusched.log
02.01.2006 14:11 1.212.416 ~DF7778.tmp
02.01.2006 14:10 512 ~DF7958.tmp
02.01.2006 14:10 57.856 ~WRC0003.tmp
02.01.2006 14:07 16.384 ~WRF0002.tmp
02.01.2006 14:07 4.096 ~WRS0001.tmp
02.01.2006 14:06 692 dfupdate.ini
02.01.2006 14:06 506 ~WRD0000.doc
02.01.2006 14:06 512 ~DFA57C.tmp
02.01.2006 14:06 512 ~DFA159.tmp
02.01.2006 14:06 512 ~DF994A.tmp
02.01.2006 14:06 64 ALBSMEIER_DB2796.ldb
02.01.2006 14:05 0 JET7.tmp
02.01.2006 14:05 224 WCESCOMM.LOG
02.01.2006 14:05 49.152 ~DF4E2C.tmp
02.01.2006 14:05 16.384 ~DFFAA5.tmp
02.01.2006 14:05 32.768 ~DFEA23.tmp
02.01.2006 14:05 16.384 ~DF1E5.tmp
20 Datei(en) 1.487.516 Bytes
0 Verzeichnis(se), 5.322.838.016 Bytes frei


Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809

Verzeichnis von C:\WINDOWS

02.01.2006 14:04 0 0.log
02.01.2006 14:04 1.203.188 WindowsUpdate.log
02.01.2006 14:04 2.048 bootstat.dat
02.01.2006 14:03 32.622 SchedLgU.Txt
02.01.2006 11:37 88 Oce6x.INI
30.12.2005 19:17 240 setupact.log
30.12.2005 19:14 490.166 ntbtlog.txt
30.12.2005 13:52 532 KTEL.INI
29.12.2005 10:58 0 setuperr.log
29.12.2005 09:28 849 win.ini
29.12.2005 09:26 25.824 setupapi.log
23.12.2005 12:48 54.156 QTFont.qfn
18.12.2005 11:52 26.680 F„cher.bmp
18.12.2005 11:52 16.730 Feder.bmp
18.12.2005 09:37 832 unins000.dat
18.12.2005 09:37 28 SYS386E.DAT
18.12.2005 09:37 122 telephon.ini
18.12.2005 09:37 11.388 udtai.dat
18.12.2005 09:37 65.978 Seifenblase.bmp
18.12.2005 09:37 746 ST6UNST.001
18.12.2005 09:37 65.832 Santa Fe-Stuck.bmp
18.12.2005 03:25 1.272 Blaue Spitzen 16.bmp
17.12.2005 11:47 69.416 Unnero.cfg
08.12.2005 08:21 5.688 ModemLog_GPRS via COM.txt
07.12.2005 06:29 197.761 fgtpd.txt
30.11.2005 08:23 0 logs2.ini
19.07.2005 12:30 440 Sfirm32.ini
19.07.2005 12:30 171 Uno.ini
13.07.2005 11:12 1.196 MpsKe.INI

Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809

Verzeichnis von C:\

02.01.2006 14:33 0 sys.txt
02.01.2006 14:33 8.172 system.txt
02.01.2006 14:33 1.242 systemtemp.txt
02.01.2006 14:33 115.707 system32.txt
02.01.2006 14:04 805.306.368 pagefile.sys
02.01.2006 14:02 40.448 Normal.dot
30.12.2005 19:17 1.379 smitfiles.txt
26.07.2005 14:22 27.136 Sehr geehrter Herr Lux.doc



"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Iomega Active Disk" = "C:\Programme\Iomega\AutoDisk\AD2KClient.exe" ["Iomega Corporation"]
"H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"UIWatcher" = "C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe" ["ashampoo GmbH & Co. KG"]
"MailWasher" = "C:\Programme\MailWasher Pro\MailWasher.exe" ["eCOSM"]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Iomega Startup Options" = "C:\Programme\Iomega\Common\ImgStart.exe" ["Iomega Corporation"]
"Iomega Drive Icons" = "C:\Programme\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"]
"PPMemCheck" = "C:\Programme\PestPatrol\PPMemCheck.exe" [null data]
"PestPatrol Control Center" = "C:\Programme\PestPatrol\PPControl.exe" ["Computer Associates International"]
"CookiePatrol" = "C:\Programme\PestPatrol\CookiePatrol.exe" ["Computer Associates International"]
"ISDN_Monitor" = "C:\Programme\klickIdent Profi Plus Januar 2004\klickIdentPP.exe" [empty string]
"mwavscan" = ""C:\DOKUME~1\MALBSM~1.BUE\LOKALE~1\Temp\mwavscan.com" /s" [file not found]
"mspwr" = "C:\WINDOWS\System32\pupxpman.exe" [null data]
"PwrUpTweakMe" = "C:\WINDOWS\System32\PUPXPTWK.EXE /TWEAK" [null data]
"T-DSL SpeedMgr" = ""C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"" ["T-Systems Nova, Berkom"]
"SfWinStartInfo" = "C:\SFIRM32\sfWinStartupInfo.exe" ["BIVG Hannover"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"BOL Master" = "E:\Setup.exe" [file not found]
"BusinessOnline Log" = ""C:\Programme\T-DSL Business\bolog.exe"" ["T-Systems Nova GmbH"]
"eBayToolbar" = "C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe" ["eBay"]
"T-Online Dialerschutz-Software" = ""C:\Programme\T-Online\Dialerschutz-Software\defender.exe"" ["T-Online International AG"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SSBkgdUpdate" = ""C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."]
"PDF Converter Registry Controller" = ""C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFConv\\RegistryController.exe"" ["ScanSoft, Inc."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SunServer" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Programme\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\(Default) = "eBay Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\eBay\eBay Toolbar2\eBayTB.dll" [null data]
{601ED020-FB6C-11D3-87D8-0050DA59922B}\(Default) = "Ipswitch.WsftpBrowserHelper"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile ContextMenuHandler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile PropertySheetHandler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"]
"{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}" = "SafeErase"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\OO Software\SafeErase\oosesh.dll" ["O&O Software GmbH"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\eBay\eBay Toolbar2\eBayTB.dll" [null data]
"{F880B6ED-582C-4750-BDEB-907CE61ABA64}" = "ScanSoft PDF Converter 2.0 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFConv\ShellExt20.dll" ["ScanSoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{076394AD-7FDD-44EF-A075-32C68DBAB99B}" = "*i" (unwritable string)
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" ["Sunbelt Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
SafeErase\(Default) = "{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\OO Software\SafeErase\oosesh.dll" ["O&O Software GmbH"]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Ipswitch\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]
Zeon.ShellExt\(Default) = "{B8E8494C-9300-48AC-BD8E-EDED185E5A04}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFCre\PDF Create! 2\Plugin\ZnShellExt.dll" ["ScanSoft, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
SafeErase\(Default) = "{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\OO Software\SafeErase\oosesh.dll" ["O&O Software GmbH"]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Ipswitch\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = ""
"SubscribedURL" = ""


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmarque.scr" [MS]


Startup items in "malbsmeier" & "All Users" startup folders:
------------------------------------------------------------

C:\Dokumente und Einstellungen\malbsmeier.BUERO\Startmenü\Programme\Autostart
"FriFon32" -> shortcut to: "C:\Programme\FRITZ!\FriFon32.exe" ["AVM Berlin"]
INFECTION WARNING! "OUTLOOK.EXE" [MS]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"ISDNWatch" -> shortcut to: "C:\Programme\FRITZ!\IWatch.exe" [empty string]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"SFIRM32 Automat" -> shortcut to: "C:\SFIRM32\SFAutomat.exe /D"C:\SFIRM32"" ["BIVG Hannover"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\eBay\eBay Toolbar2\eBayTB.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{005F0536-3352-472A-AF4E-B0D82BB217F0}\
"ButtonText" = "Klicke hier um das Projekt xp-AntiSpy zu unterstützen"
"MenuText" = "Unterstützung für xp-AntiSpy"
"Exec" = "C:\Programme\xp-AntiSpy\sponsoring\sponsor.html" [null data]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

DefWatch, DefWatch, "C:\Programme\NavNT\defwatch.exe" ["Symantec Corporation"]
Dialerschutz Dienst, DFSVC, "C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe" [null data]
InterBase Guardian, InterBaseGuardian, "C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe -s" ["Inprise Corporation"]
InterBase Server, InterBaseServer, "C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe -s -g" ["Inprise Corporation"]
Iomega Activity Disk2, Iomega Activity Disk2, ""C:\PROGRA~1\Iomega\System32\ActivityDisk.exe"" ["Iomega Corporation"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Client, Norton AntiVirus Server, "C:\Programme\NavNT\rtvscan.exe" ["Symantec Corporation"]
SAPDB: CARDTEAM, SAP DBTech-CARDTEAM, "C:\PROGRAMME\SAPDB\DEPEND\pgm\kernel.exe" ["SAP AG"]
TSMService, TSMService, ""C:\Programme\T-DSL SpeedManager\tsmsvc.exe"" ["T-Systems Nova, Berkom"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
XServer, XServer, "c:\programme\sapdb\indep_prog\pgm\serv.exe" ["SAP AG"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\


FRITZ!fax Color Port Monitor\Driver = "FritzColorPort.dll" ["AVM Berlin GmbH"]
FRITZ!fax Port Monitor\Driver = "FritzPort.dll" ["AVM Berlin GmbH"]
hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 40 seconds, including 9 seconds for message boxes)
Seitenanfang Seitenende
02.01.2006, 14:50
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#10 loesche:
C:\WINDOWS\logs2.ini --> (das einzige, was ich noch gefunden habe...)
C:\WINDOWS\udtai.dat

dann beschreibe genau, was es noch fuer Beschwerden mit dem Desktop gibt....

Zitat

weissen Hintergrund
------------------------------------------------------------------------
mache einen Onlinescan mit Kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 15:14
...neu hier

Beiträge: 8
#11 Also, wenn der PC hoch fährt und ich mein Windows Passwort eingegeben habe, erscheint mein Desktop. Dann fährt unten die Startleiste an und ein paar Sekunden später zuckt es ein bisschen auf dem Bildschirm und der Desktophintergrund wird weiß. Ansonsten läuft alles normal. Ich bete, dass du das Problem gelöst bekommst. Und an dieser Stelle noch mal vielen Dank für deine Unterstützung.
Den Kaspersky Report liefer ich gleich nach, dauert ja etwas.
Grüße Martin
Seitenanfang Seitenende
02.01.2006, 15:23
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#12

Zitat

Sabina postete

loesche:
C:\WINDOWS\logs2.ini
C:\WINDOWS\udtai.dat--> hatte ich uebersehen....

rechtsklick auf den Desktop--> Eigenschaften--> 2.Reiter (Desktop)--> Customize Desktop (keine Ahnung, wie das in Deutsch ist..... ) --> Web--> nimm dort das Haekchen raus, bei Web-Pages (falls es gesetzt ist)

nimm auch das Haekchen bei Active Desktop raus.

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 15:30
...neu hier

Beiträge: 8
#13 Hallo Sabina,

hab gerad einen Luftsprung gemacht. Nachdem ich das Häckchen entfernt habe, war alles wieder normal.
Soll ich den Kapersky trotzdem noch durchführen?

Vielen vielen Dank!!!!!!!!
Seitenanfang Seitenende
02.01.2006, 15:36
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#14

Zitat

Albs111 postete
Hallo Sabina,

hab gerad einen Luftsprung gemacht. Nachdem ich das Häckchen entfernt habe, war alles wieder normal.
Soll ich den Kapersky trotzdem noch durchführen?

Vielen vielen Dank!!!!!!!!
Ja natuerlich musst du den scan noch machen..... ;)

ich traue dem hier nicht: 27.12.2005 11:46 664.064 wininet.dll (darf nicht geloescht werden !!!! ) und Kaspersky wird es ueberpruefen.....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 18:34
...neu hier

Beiträge: 8
#15 Hab den Scan in gebückter Haltung gemacht :-) Hat auch ein bischen gedauert und ist auch einiges bei heraus gekommen. Was ist denn zu tun?

Grüße

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 02, 2006 18:35:20
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/01/2006
Kaspersky Anti-Virus database records: 158433
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
L:\
M:\
O:\

Scan Statistics:
Total number of scanned objects: 113396
Number of viruses found: 47
Number of infected objects: 1115
Number of suspicious objects: 44
Duration of the scan process: 10033 sec

Infected Object Name - Virus Name
C:\Dokumente und Einstellungen\Administrator.BUERO\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst/Persönliche Ordner/Bestandskunden1/18 Dec 2001 15:29 from Druckerei Baginski:Re:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Dokumente und Einstellungen\Administrator.BUERO\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00740000.VBN Infected: Exploit.Java.ByteVerify
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00740001.VBN Infected: Exploit.HTML.ObjData
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00740002.VBN Infected: Exploit.Java.ByteVerify
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00740003.VBN Suspicious: Exploit.HTML.Mht
...
...
Seitenanfang Seitenende