Winhound bzw. file://C:\WINDOWS\warnhp.html.Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
29.12.2005, 21:06
Ehrenmitglied
Beiträge: 29434 |
||
|
||
29.12.2005, 21:23
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#2
gehe in die Registry
Start-->Ausfuehren--> regedit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ FriendlyName" = "Warning homepage" <--loeschen "Source" = "C:\WINDOWS\warnhp.html" <--loeschen ------------------------------------------------------------------------------------ KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot / Process all in List )--> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" ohne das Datum reinkopieren.... C:\WINDOWS\xgatm.txt C:\WINDOWS\stub78.ini C:\WINDOWS\stub77.ini 27.12.2005 09:39 26.785 C:\WINDOWS\stub76.ini 27.12.2005 09:39 26.386 C:\WINDOWS\stub75.ini 27.12.2005 09:38 26.446 C:\WINDOWS\stub74.ini 27.12.2005 09:38 26.417 C:\WINDOWS\stub73.ini 27.12.2005 09:38 26.300 C:\WINDOWS\stub72.ini 27.12.2005 09:37 26.413 C:\WINDOWS\stub71.ini 27.12.2005 09:36 25.626 C:\WINDOWS\stub70.ini 27.12.2005 09:36 25.949 C:\WINDOWS\stub69.ini 27.12.2005 09:36 25.914 C:\WINDOWS\stub68.ini 27.12.2005 09:35 26.241 C:\WINDOWS\stub67.ini 27.12.2005 09:35 26.472 C:\WINDOWS\stub66.ini 27.12.2005 09:34 26.174 C:\WINDOWS\stub65.ini 27.12.2005 09:33 24.912 C:\WINDOWS\stub64.ini 27.12.2005 09:33 25.074 C:\WINDOWS\stub63.ini 27.12.2005 09:32 25.293 C:\WINDOWS\stub62.ini 27.12.2005 09:32 25.066 C:\WINDOWS\stub61.ini 27.12.2005 09:32 25.594 C:\WINDOWS\stub60.ini 27.12.2005 09:32 25.271 C:\WINDOWS\stub59.ini 27.12.2005 09:31 26.307 C:\WINDOWS\stub58.ini 27.12.2005 09:28 25.008 C:\WINDOWS\stub57.ini 27.12.2005 09:27 25.158 C:\WINDOWS\stub56.ini 27.12.2005 09:26 25.293 C:\WINDOWS\stub55.ini 27.12.2005 09:26 25.311 C:\WINDOWS\stub54.ini 27.12.2005 09:25 25.635 C:\WINDOWS\stub53.ini 27.12.2005 09:25 25.546 C:\WINDOWS\stub52.ini 27.12.2005 09:24 25.592 C:\WINDOWS\stub51.ini 27.12.2005 09:23 24.667 C:\WINDOWS\stub50.ini 27.12.2005 09:22 24.795 C:\WINDOWS\stub49.ini 27.12.2005 09:21 24.864 C:\WINDOWS\stub48.ini 27.12.2005 09:20 24.921 C:\WINDOWS\stub47.ini 27.12.2005 09:20 25.352 C:\WINDOWS\stub46.ini 27.12.2005 09:19 24.766 C:\WINDOWS\stub45.ini 27.12.2005 09:19 24.710 C:\WINDOWS\stub44.ini 27.12.2005 09:18 25.043 C:\WINDOWS\stub43.ini 27.12.2005 09:15 24.914 C:\WINDOWS\stub42.ini 27.12.2005 09:09 25.035 C:\WINDOWS\stub41.ini 27.12.2005 09:08 24.703 C:\WINDOWS\stub40.ini 27.12.2005 09:07 24.420 C:\WINDOWS\stub39.ini 27.12.2005 09:07 24.711 C:\WINDOWS\stub38.ini 27.12.2005 09:06 24.442 C:\WINDOWS\stub37.ini 27.12.2005 09:06 24.735 C:\WINDOWS\stub36.ini 27.12.2005 09:05 24.305 C:\WINDOWS\stub35.ini 27.12.2005 08:59 24.912 C:\WINDOWS\stub34.ini 27.12.2005 08:59 24.391 C:\WINDOWS\stub33.ini 27.12.2005 08:59 24.500 C:\WINDOWS\stub32.ini 27.12.2005 08:55 24.410 C:\WINDOWS\stub31.ini 27.12.2005 08:52 24.809 C:\WINDOWS\stub30.ini 27.12.2005 08:40 24.364 C:\WINDOWS\stub29.ini 27.12.2005 08:40 24.101 C:\WINDOWS\stub28.ini 27.12.2005 08:39 24.565 C:\WINDOWS\stub27.ini 27.12.2005 08:39 23.818 C:\WINDOWS\stub26.ini 27.12.2005 08:39 23.904 C:\WINDOWS\stub25.ini 27.12.2005 08:33 24.085 C:\WINDOWS\stub23.ini 27.12.2005 08:33 23.580 C:\WINDOWS\stub24.ini 27.12.2005 08:27 23.060 C:\WINDOWS\stub22.ini 27.12.2005 06:22 23.685 C:\WINDOWS\stub20.ini 27.12.2005 06:22 23.219 C:\WINDOWS\stub21.ini 27.12.2005 06:18 22.835 C:\WINDOWS\stub19.ini 27.12.2005 06:17 23.622 C:\WINDOWS\stub16.ini 27.12.2005 06:17 22.118 C:\WINDOWS\stub18.ini 27.12.2005 06:17 23.395 C:\WINDOWS\stub17.ini 27.12.2005 06:15 23.264 C:\WINDOWS\stub15.ini 27.12.2005 05:53 23.847 C:\WINDOWS\stub14.ini 27.12.2005 05:50 23.745 C:\WINDOWS\stub13.ini 27.12.2005 05:47 23.567 C:\WINDOWS\stub12.ini 27.12.2005 05:43 23.501 C:\WINDOWS\stub11.ini 27.12.2005 05:10 23.416 C:\WINDOWS\stub10.ini 27.12.2005 05:00 23.496 C:\WINDOWS\stub9.ini 27.12.2005 04:59 23.318 C:\WINDOWS\stub8.ini C:\WINDOWS\stub7.ini C:\WINDOWS\stub6.ini C:\WINDOWS\stub4.ini C:\WINDOWS\stub5.ini C:\WINDOWS\stub3.ini C:\WINDOWS\stub2.ini C:\WINDOWS\stub1.ini C:\WINDOWS\logs1.ini C:\WINDOWS\jaubc.dat C:\WINDOWS\ubyty.dat C:\WINDOWS\igzod.dat C:\WINDOWS\hdkctnts.ini C:\WINDOWS\egifx.dat C:\StubInstaller.exe C:\WINDOWS\system32\asfiles.txt C:\WINDOWS\system32\Uninstall.ico C:\WINDOWS\system32\Help.ico C:\WINDOWS\system32\Open.ico C:\WINDOWS\system32\AddQuit.ico C:\WINDOWS\system32\IE.ico C:\WINDOWS\system32\Desktop.ico C:\WINDOWS\system32\Quick.ico C:\WINDOWS\system32\gatmy.dll C:\WINDOWS\system32\d3aq32.exe C:\WINDOWS\system32\ufheh.log C:\WINDOWS\system32\wykin.dat C:\WINDOWS\system32\beplo.dat PC neustarten öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [stnospy] C:\Programme\SinEspias\no-spy.exe /autorun PC neustarten ------------------------------------------------------------------------- ADSSpy--> scanne und loesche alle Streams, die erscheinen http://virus-protect.org/artikel/tools/ADSSpy.exe stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html sichere vorher wichtige Dokumente von World (WRD0000.doc) SmitRem2.8---> noch einmal http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 laden--> in den abgesicherten Modus booten --> öffne smitRem folder --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste sie deaktiviere die Systemwiederherstellung (dann wieder aktivieren) http://virus-protect.org/systemwiederherstellung.html deinstalliere/loesche C:\Programme\WinHound C:\Programme\SinEspias Counterspy http://virus-protect.org/counterspy.html - nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html C:\WINDOWS\win.tmp ----------------------------------------------------- Info http://virus-protect.org/artikel/spyware/trojanagenteo.html -------------------------------------------------------- __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.12.2005, 19:27
...neu hier
Beiträge: 8 |
#3
Hallo Sabina,
vielen vielen Dank. Bis jetzt ist der weisse Hintergrund noch da. Heul!!! Den folgenden Schritt habe ich leider nicht verstanden. Bei welcher Datei soll ich doppel klicken? Wo ist Submit? Bin halt kein Experte. Jetzt wünsche ich dir aber erstmal einen guten Rutsch und die besten Wünsche für das neue Jahr. Vielleicht können wir mein Problem im neuen Jahr lösen. Schöne Grüße Martin Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html C:\WINDOWS\win.tmp Habe nur win.ini gefunden und diese dann geprüft: This is a report processed by VirusTotal on 12/31/2005 at 11:17:10 (CET) after scanning the file "win.ini" file. Antivirus Version Update Result AntiVir 6.33.0.70 12.30.2005 no virus found Avast 4.6.695.0 12.30.2005 no virus found AVG 718 12.30.2005 no virus found Avira 6.33.0.70 12.30.2005 no virus found BitDefender 7.2 12.31.2005 no virus found CAT-QuickHeal 8.00 12.31.2005 no virus found ClamAV devel-20051123 12.29.2005 no virus found DrWeb 4.33 12.30.2005 no virus found eTrust-Iris 7.1.194.0 12.30.2005 no virus found eTrust-Vet 12.4.1.0 12.31.2005 no virus found Ewido 3.5 12.30.2005 no virus found Fortinet 2.54.0.0 12.31.2005 no virus found F-Prot 3.16c 12.30.2005 no virus found Ikarus 0.2.59.0 12.30.2005 no virus found Kaspersky 4.0.2.24 12.31.2005 no virus found McAfee 4663 12.30.2005 no virus found NOD32v2 1.1347 12.30.2005 no virus found Norman 5.70.10 12.31.2005 no virus found Panda 9.0.0.4 12.30.2005 no virus found Sophos 4.01.0 12.30.2005 no virus found Symantec 8.0 12.31.2005 no virus found TheHacker 5.9.1.064 12.29.2005 no virus found UNA 1.83 12.30.2005 no virus found VBA32 3.10.5 12.30.2005 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 748 'explorer.exe' Killing PID 748 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! Dieser Beitrag wurde am 31.12.2005 um 11:32 Uhr von Albs111 editiert.
|
|
|
||
31.12.2005, 13:32
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#4
Albs111
wenn du alles mit der killbox geloescht hast,und die Streams mit ADSSpy geloescht sind: multiavtool http://virus-protect.org/multiavtool.html klicke "3" McAfee -- es erscheint ein leeres DOS-Fenster. - man muss eingeben, was gescannt werden soll - C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen: - C:\Windows - C:\ poste die scanreporte --------------------------------------------- dann sehen wir weiter.............. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 11:56
...neu hier
Beiträge: 8 |
#5
Hallo Sabina,
erstmal wünsche ich dir ein frohes, gesundes und erfolgreiches neues Jahr. Für das Doppelpostens muss ich mich noch entschuldigen. Der weisse Bildschirm ist noch da. Folgend die Scanreports. mfg Martin Virus Scan Report File Virus Scan Information McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4664 created Jan 01 2006 Scanning for 168331 viruses, trojans and variants. Virus Scan Results 01/02/2006 11:39:52 Options: "C:\WINDOWS\SYSTEM32" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [WXPPR] Scanning C:\WINDOWS\SYSTEM32\*.* Summary report on C:\WINDOWS\SYSTEM32\*.* File(s) Total files: ........... 7701 Clean: ................. 7691 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Time: 00:08.56 Virus Scan Report File Virus Scan Information McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4664 created Jan 01 2006 Scanning for 168331 viruses, trojans and variants. Virus Scan Results 01/02/2006 11:02:01 Options: "C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [WXPPR] Scanning C:\WINDOWS\*.* Summary report on C:\WINDOWS\*.* File(s) Total files: ........... 41761 Clean: ................. 41699 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Time: 00:28.56 Virus Scan Report File Virus Scan Information McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4664 created Jan 01 2006 Scanning for 168331 viruses, trojans and variants. Virus Scan Results 01/02/2006 09:12:58 Options: "C:\" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [WXPPR] Scanning C:\*.* C:\Dokumente und Einstellungen\malbsmeier.BUERO\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-481293e4-258254ad.zip\GETACCESS.CLASS ... Found the Exploit-ByteVerify trojan !!! C:\Programme\PestPatrol\Quarantine\20051227122051.zip\AB SCISSOR.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\BROADBAND COMPARISON.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\CREDIT COUNSELING.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\CREDIT REPORT.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\CRM SOFTWARE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\DEBT CREDIT CARD.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ESCORTS.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\FHA.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\HEALTH INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\HELP DESK SOFTWARE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\INSURANCE HOME.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\LOAN FOR DEBT CONSOLIDATION.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\LOAN FOR PEOPLE WITH BAD CREDIT.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\MARKETING EMAIL.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\MORTGAGE INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\MORTGAGE LIFE INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\NEVADA CORPORATIONS.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ONLINE BETTING SITE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ONLINE GAMBLING CASINO.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ONLINE INSTANT LOAN.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ORDER PHENTERMINE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\PAYROLL ADVANCE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\PERSONAL LOANS ONLINE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\PERSONAL LOANS WITH BAD CREDIT.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\PRESCRIPTION DRUGS RX ONLINE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\REFINANCING MY MORTGAGE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\TAHOE VACATION RENTAL.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\UNSECURED BAD CREDIT LOANS.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\VIDEOS.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\WHAT IS HYDROCODONE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\ONLY SEX WEBSITE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\SEARCH THE WEB.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227122051.zip\SEVEN DAYS OF FREE PORN.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\AB SCISSOR.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\BROADBAND COMPARISON.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\CREDIT COUNSELING.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\CREDIT REPORT.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\CRM SOFTWARE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\DEBT CREDIT CARD.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ESCORTS.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\FHA.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\HEALTH INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\HELP DESK SOFTWARE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\INSURANCE HOME.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\LOAN FOR DEBT CONSOLIDATION.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\LOAN FOR PEOPLE WITH BAD CREDIT.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\MARKETING EMAIL.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\MORTGAGE INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\MORTGAGE LIFE INSURANCE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\NEVADA CORPORATIONS.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ONLINE BETTING SITE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ONLINE GAMBLING CASINO.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ONLINE INSTANT LOAN.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ORDER PHENTERMINE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\PAYROLL ADVANCE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\PERSONAL LOANS ONLINE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\PERSONAL LOANS WITH BAD CREDIT.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\PRESCRIPTION DRUGS RX ONLINE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\REFINANCING MY MORTGAGE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\TAHOE VACATION RENTAL.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\UNSECURED BAD CREDIT LOANS.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\VIDEOS.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\WHAT IS HYDROCODONE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\ONLY SEX WEBSITE.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\SEARCH THE WEB.URL ... Found potentially unwanted program Adware-Url.gen. C:\Programme\PestPatrol\Quarantine\20051227124059.zip\SEVEN DAYS OF FREE PORN.URL ... Found potentially unwanted program Adware-Url.gen. Summary report on C:\*.* File(s) Total files: ........... 285627 Clean: ................. 285474 Possibly Infected: ..... 1 Cleaned: ............... 0 Non-critical Error(s): 2 Time: 01:46.00 |
|
|
||
02.01.2006, 12:45
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#6
Counterspy
http://virus-protect.org/counterspy.html - nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu--> poste hier den sanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 14:05
...neu hier
Beiträge: 8 |
#7
Noch keine Änderung.
Report: Spyware Scan Details Start Date: 02.01.2006 13:02:50 End Date: 02.01.2006 13:59:03 Total Time: 56 mins 13 secs Detected spyware Looking-For.Home Search Assistant Browser Modifier more information... Details: Home Search Assistant is an Internet Explorer browser helper object that was recently identified by the SpyNet community; research is currently under way to further identify its risks. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 Service 11Fßä #•ºÄÖ`I HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 Class LegacyDriver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1} |
|
|
||
02.01.2006, 14:19
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#8
kopiere hier noch mal die 4 Textdateien von datfindbat
+ das Log (komplett) vom Silentrunner http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 14:41
...neu hier
Beiträge: 8 |
#9
Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809 Verzeichnis von C:\WINDOWS\system32 02.01.2006 07:58 2.278 wpa.dbl 31.12.2005 11:26 12.472 appldiag 27.12.2005 11:46 664.064 wininet.dll 19.12.2005 08:35 7.006 jupdate-1.5.0_06-b05.log 09.12.2005 01:21 2.723.680 MRT.exe 08.12.2005 08:21 4.162 ModemLog_AVM ISDN Custom Config.txt 08.12.2005 08:21 4.610 ModemLog_AVM ISDN BTX.txt 08.12.2005 08:21 4.660 ModemLog_AVM ISDN Analog Modem (V.32bis).txt 08.12.2005 08:21 4.620 ModemLog_AVM ISDN FAX (G3).txt 08.12.2005 08:21 4.630 ModemLog_AVM ISDN - ISDN (X.75).txt 08.12.2005 08:21 4.632 ModemLog_AVM ISDN Mailbox (X.75).txt 08.12.2005 08:21 4.672 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt 08.12.2005 08:21 4.642 ModemLog_AVM ISDN RAS (PPP over ISDN).txt 08.12.2005 08:21 4.652 ModemLog_AVM ISDN Internet (PPP over ISDN).txt 15.11.2005 08:07 5.618 jupdate-1.5.0_05-b05.log 14.11.2005 13:53 3.534 jupdate-1.5.0_03-b07.log 10.11.2005 13:03 127.078 javaws.exe 10.11.2005 13:03 49.265 jpicpl32.cpl 10.11.2005 11:27 49.250 javaw.exe 10.11.2005 11:27 49.248 java.exe 09.11.2005 13:31 360.136 FNTCACHE.DAT 31.10.2005 08:08 39.992 perfc009.dat 31.10.2005 08:08 311.604 perfh009.dat 31.10.2005 08:08 316.594 perfh007.dat 31.10.2005 08:08 48.156 perfc007.dat 31.10.2005 08:08 723.568 PerfStringBackup.INI 20.10.2005 23:25 1.094.144 esent.dll 20.10.2005 15:37 24.924 openports.dll 20.10.2005 15:37 40.960 SDelete.dll 13.10.2005 00:11 15.584 spmsg.dll 11.10.2005 16:19 1.675 shutdown.log 06.10.2005 04:18 280.064 gdi32.dll 06.10.2005 04:08 1.839.616 win32k.sys Datentr„ger in Laufwerk C: ist WXPPR Volumeseriennummer: 2CCB-E809 Verzeichnis von C:\DOKUME~1\MALBSM~1.BUE\LOKALE~1\Temp 02.01.2006 14:26 512 ~DF43B9.tmp 02.01.2006 14:21 77.824 ALBSMEIER_DB2796.XXX 02.01.2006 14:15 206 jusched.log 02.01.2006 14:11 1.212.416 ~DF7778.tmp 02.01.2006 14:10 512 ~DF7958.tmp 02.01.2006 14:10 57.856 ~WRC0003.tmp 02.01.2006 14:07 16.384 ~WRF0002.tmp 02.01.2006 14:07 4.096 ~WRS0001.tmp 02.01.2006 14:06 692 dfupdate.ini 02.01.2006 14:06 506 ~WRD0000.doc 02.01.2006 14:06 512 ~DFA57C.tmp 02.01.2006 14:06 512 ~DFA159.tmp 02.01.2006 14:06 512 ~DF994A.tmp 02.01.2006 14:06 64 ALBSMEIER_DB2796.ldb 02.01.2006 14:05 0 JET7.tmp 02.01.2006 14:05 224 WCESCOMM.LOG 02.01.2006 14:05 49.152 ~DF4E2C.tmp 02.01.2006 14:05 16.384 ~DFFAA5.tmp 02.01.2006 14:05 32.768 ~DFEA23.tmp 02.01.2006 14:05 16.384 ~DF1E5.tmp 20 Datei(en) 1.487.516 Bytes 0 Verzeichnis(se), 5.322.838.016 Bytes frei Datentr„ger in Laufwerk C: ist WXPPR Volumeseriennummer: 2CCB-E809 Verzeichnis von C:\WINDOWS 02.01.2006 14:04 0 0.log 02.01.2006 14:04 1.203.188 WindowsUpdate.log 02.01.2006 14:04 2.048 bootstat.dat 02.01.2006 14:03 32.622 SchedLgU.Txt 02.01.2006 11:37 88 Oce6x.INI 30.12.2005 19:17 240 setupact.log 30.12.2005 19:14 490.166 ntbtlog.txt 30.12.2005 13:52 532 KTEL.INI 29.12.2005 10:58 0 setuperr.log 29.12.2005 09:28 849 win.ini 29.12.2005 09:26 25.824 setupapi.log 23.12.2005 12:48 54.156 QTFont.qfn 18.12.2005 11:52 26.680 F„cher.bmp 18.12.2005 11:52 16.730 Feder.bmp 18.12.2005 09:37 832 unins000.dat 18.12.2005 09:37 28 SYS386E.DAT 18.12.2005 09:37 122 telephon.ini 18.12.2005 09:37 11.388 udtai.dat 18.12.2005 09:37 65.978 Seifenblase.bmp 18.12.2005 09:37 746 ST6UNST.001 18.12.2005 09:37 65.832 Santa Fe-Stuck.bmp 18.12.2005 03:25 1.272 Blaue Spitzen 16.bmp 17.12.2005 11:47 69.416 Unnero.cfg 08.12.2005 08:21 5.688 ModemLog_GPRS via COM.txt 07.12.2005 06:29 197.761 fgtpd.txt 30.11.2005 08:23 0 logs2.ini 19.07.2005 12:30 440 Sfirm32.ini 19.07.2005 12:30 171 Uno.ini 13.07.2005 11:12 1.196 MpsKe.INI Datentr„ger in Laufwerk C: ist WXPPR Volumeseriennummer: 2CCB-E809 Verzeichnis von C:\ 02.01.2006 14:33 0 sys.txt 02.01.2006 14:33 8.172 system.txt 02.01.2006 14:33 1.242 systemtemp.txt 02.01.2006 14:33 115.707 system32.txt 02.01.2006 14:04 805.306.368 pagefile.sys 02.01.2006 14:02 40.448 Normal.dot 30.12.2005 19:17 1.379 smitfiles.txt 26.07.2005 14:22 27.136 Sehr geehrter Herr Lux.doc "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Iomega Active Disk" = "C:\Programme\Iomega\AutoDisk\AD2KClient.exe" ["Iomega Corporation"] "H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS] "UIWatcher" = "C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe" ["ashampoo GmbH & Co. KG"] "MailWasher" = "C:\Programme\MailWasher Pro\MailWasher.exe" ["eCOSM"] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Iomega Startup Options" = "C:\Programme\Iomega\Common\ImgStart.exe" ["Iomega Corporation"] "Iomega Drive Icons" = "C:\Programme\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"] "PPMemCheck" = "C:\Programme\PestPatrol\PPMemCheck.exe" [null data] "PestPatrol Control Center" = "C:\Programme\PestPatrol\PPControl.exe" ["Computer Associates International"] "CookiePatrol" = "C:\Programme\PestPatrol\CookiePatrol.exe" ["Computer Associates International"] "ISDN_Monitor" = "C:\Programme\klickIdent Profi Plus Januar 2004\klickIdentPP.exe" [empty string] "mwavscan" = ""C:\DOKUME~1\MALBSM~1.BUE\LOKALE~1\Temp\mwavscan.com" /s" [file not found] "mspwr" = "C:\WINDOWS\System32\pupxpman.exe" [null data] "PwrUpTweakMe" = "C:\WINDOWS\System32\PUPXPTWK.EXE /TWEAK" [null data] "T-DSL SpeedMgr" = ""C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"" ["T-Systems Nova, Berkom"] "SfWinStartInfo" = "C:\SFIRM32\sfWinStartupInfo.exe" ["BIVG Hannover"] "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "BOL Master" = "E:\Setup.exe" [file not found] "BusinessOnline Log" = ""C:\Programme\T-DSL Business\bolog.exe"" ["T-Systems Nova GmbH"] "eBayToolbar" = "C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe" ["eBay"] "T-Online Dialerschutz-Software" = ""C:\Programme\T-Online\Dialerschutz-Software\defender.exe"" ["T-Online International AG"] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "SSBkgdUpdate" = ""C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."] "PDF Converter Registry Controller" = ""C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFConv\\RegistryController.exe"" ["ScanSoft, Inc."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "SunServer" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Programme\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\(Default) = "eBay Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\eBay\eBay Toolbar2\eBayTB.dll" [null data] {601ED020-FB6C-11D3-87D8-0050DA59922B}\(Default) = "Ipswitch.WsftpBrowserHelper" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"] "{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile ContextMenuHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"] "{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile PropertySheetHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Siemens Data Suite\DES\DESShellExt.dll" ["Siemens AG"] "{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}" = "SafeErase" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\OO Software\SafeErase\oosesh.dll" ["O&O Software GmbH"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\eBay\eBay Toolbar2\eBayTB.dll" [null data] "{F880B6ED-582C-4750-BDEB-907CE61ABA64}" = "ScanSoft PDF Converter 2.0 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFConv\ShellExt20.dll" ["ScanSoft, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{076394AD-7FDD-44EF-A075-32C68DBAB99B}" = "*i" (unwritable string) -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" ["Sunbelt Software"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] SafeErase\(Default) = "{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\OO Software\SafeErase\oosesh.dll" ["O&O Software GmbH"] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Ipswitch\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] Zeon.ShellExt\(Default) = "{B8E8494C-9300-48AC-BD8E-EDED185E5A04}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFCre\PDF Create! 2\Plugin\ZnShellExt.dll" ["ScanSoft, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] SafeErase\(Default) = "{E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\OO Software\SafeErase\oosesh.dll" ["O&O Software GmbH"] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Ipswitch\WS_FTP Pro\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Active Desktop web content: HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "FriendlyName" = "" "Source" = "" "SubscribedURL" = "" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmarque.scr" [MS] Startup items in "malbsmeier" & "All Users" startup folders: ------------------------------------------------------------ C:\Dokumente und Einstellungen\malbsmeier.BUERO\Startmenü\Programme\Autostart "FriFon32" -> shortcut to: "C:\Programme\FRITZ!\FriFon32.exe" ["AVM Berlin"] INFECTION WARNING! "OUTLOOK.EXE" [MS] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "ISDNWatch" -> shortcut to: "C:\Programme\FRITZ!\IWatch.exe" [empty string] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "SFIRM32 Automat" -> shortcut to: "C:\SFIRM32\SFAutomat.exe /D"C:\SFIRM32"" ["BIVG Hannover"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{92085AD4-F48A-450D-BD93-B28CC7DF67CE}" = "eBay Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\eBay\eBay Toolbar2\eBayTB.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {005F0536-3352-472A-AF4E-B0D82BB217F0}\ "ButtonText" = "Klicke hier um das Projekt xp-AntiSpy zu unterstützen" "MenuText" = "Unterstützung für xp-AntiSpy" "Exec" = "C:\Programme\xp-AntiSpy\sponsoring\sponsor.html" [null data] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ "ButtonText" = "Spyware Doctor" "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Missing lines (compared with English-language version): [Strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ DefWatch, DefWatch, "C:\Programme\NavNT\defwatch.exe" ["Symantec Corporation"] Dialerschutz Dienst, DFSVC, "C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe" [null data] InterBase Guardian, InterBaseGuardian, "C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe -s" ["Inprise Corporation"] InterBase Server, InterBaseServer, "C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe -s -g" ["Inprise Corporation"] Iomega Activity Disk2, Iomega Activity Disk2, ""C:\PROGRA~1\Iomega\System32\ActivityDisk.exe"" ["Iomega Corporation"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] Norton AntiVirus Client, Norton AntiVirus Server, "C:\Programme\NavNT\rtvscan.exe" ["Symantec Corporation"] SAPDB: CARDTEAM, SAP DBTech-CARDTEAM, "C:\PROGRAMME\SAPDB\DEPEND\pgm\kernel.exe" ["SAP AG"] TSMService, TSMService, ""C:\Programme\T-DSL SpeedManager\tsmsvc.exe"" ["T-Systems Nova, Berkom"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] XServer, XServer, "c:\programme\sapdb\indep_prog\pgm\serv.exe" ["SAP AG"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ FRITZ!fax Color Port Monitor\Driver = "FritzColorPort.dll" ["AVM Berlin GmbH"] FRITZ!fax Port Monitor\Driver = "FritzPort.dll" ["AVM Berlin GmbH"] hpzlnt04\Driver = "hpzlnt04.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 40 seconds, including 9 seconds for message boxes) |
|
|
||
02.01.2006, 14:50
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#10
loesche:
C:\WINDOWS\logs2.ini --> (das einzige, was ich noch gefunden habe...) C:\WINDOWS\udtai.dat dann beschreibe genau, was es noch fuer Beschwerden mit dem Desktop gibt.... Zitat weissen Hintergrund------------------------------------------------------------------------ mache einen Onlinescan mit Kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 15:14
...neu hier
Beiträge: 8 |
#11
Also, wenn der PC hoch fährt und ich mein Windows Passwort eingegeben habe, erscheint mein Desktop. Dann fährt unten die Startleiste an und ein paar Sekunden später zuckt es ein bisschen auf dem Bildschirm und der Desktophintergrund wird weiß. Ansonsten läuft alles normal. Ich bete, dass du das Problem gelöst bekommst. Und an dieser Stelle noch mal vielen Dank für deine Unterstützung.
Den Kaspersky Report liefer ich gleich nach, dauert ja etwas. Grüße Martin |
|
|
||
02.01.2006, 15:23
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#12
Zitat Sabina postete __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 15:30
...neu hier
Beiträge: 8 |
#13
Hallo Sabina,
hab gerad einen Luftsprung gemacht. Nachdem ich das Häckchen entfernt habe, war alles wieder normal. Soll ich den Kapersky trotzdem noch durchführen? Vielen vielen Dank!!!!!!!! |
|
|
||
02.01.2006, 15:36
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#14
Zitat Albs111 posteteJa natuerlich musst du den scan noch machen..... ich traue dem hier nicht: 27.12.2005 11:46 664.064 wininet.dll (darf nicht geloescht werden !!!! ) und Kaspersky wird es ueberpruefen..... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 18:34
...neu hier
Beiträge: 8 |
#15
Hab den Scan in gebückter Haltung gemacht :-) Hat auch ein bischen gedauert und ist auch einiges bei heraus gekommen. Was ist denn zu tun?
Grüße ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, January 02, 2006 18:35:20 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 2/01/2006 Kaspersky Anti-Virus database records: 158433 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ L:\ M:\ O:\ Scan Statistics: Total number of scanned objects: 113396 Number of viruses found: 47 Number of infected objects: 1115 Number of suspicious objects: 44 Duration of the scan process: 10033 sec Infected Object Name - Virus Name C:\Dokumente und Einstellungen\Administrator.BUERO\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst/Persönliche Ordner/Bestandskunden1/18 Dec 2001 15:29 from Druckerei Baginski:Re:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload C:\Dokumente und Einstellungen\Administrator.BUERO\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00740000.VBN Infected: Exploit.Java.ByteVerify C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00740001.VBN Infected: Exploit.HTML.ObjData C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00740002.VBN Infected: Exploit.Java.ByteVerify C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00740003.VBN Suspicious: Exploit.HTML.Mht ... ... |
|
|
||
Volumeseriennummer: 2CCB-E809
Verzeichnis von C:\
29.12.2005 10:44 0 sys.txt
29.12.2005 10:43 12.140 system.txt
29.12.2005 10:42 1.174 systemtemp.txt
29.12.2005 10:42 116.034 system32.txt
29.12.2005 10:08 39.424 Normal.dot
29.12.2005 08:22 805.306.368 pagefile.sys
28.12.2005 16:40 1.347 smitfiles.txt
31.10.2005 16:56 700.416 StubInstaller.exe
26.07.2005 14:22 27.136 Sehr geehrter Herr Lux.doc
26.07.2005 14:16 62.464 Sehr geehrter Herr Paucar.doc
11.07.2005 07:39 8.211 mxfilerelatedcache.mxc2
17.06.2005 15:40 36.352 ~WRL1615.tmp
18.05.2005 12:19 3.202 TDSLCheck.txt
16.02.2005 08:44 1.176 IWATCH.CAP
27.01.2005 13:57 2.112 SFIRM.siz
25.11.2004 17:01 12.842.424 temp.mpg
08.11.2004 09:08 9.728 Thumbs.db
08.11.2004 09:07 192.574 Paula1.JPG
08.11.2004 09:06 192.602 Paula.JPG
10.10.2004 16:14 47.564 ntdetect.com
10.10.2004 16:14 251.184 ntldr
24.09.2004 13:35 192 boot.ini
17.08.2004 07:10 162 ~$Normal.dot
13.08.2004 12:41 26.112 Nach fakturierten Rechnungen.doc
20.07.2004 07:03 1.084 vlist.log
05.07.2004 11:46 142 DeleteAtReboot.bat
01.07.2004 10:10 550 IWATCH.TXT
01.07.2004 09:59 67.893 _NavCClt.Log
11.06.2004 14:29 2.348 cibpdfinstall.log
05.02.2004 08:32 2.112 SFIRM.bak
04.08.2003 13:30 2.101 gprs_log.txt
18.06.2003 14:33 405 log.txt
17.06.2003 08:12 13.030 PDOXUSRS.NET
23.11.2002 12:32 1.120 INSTALL.LOG
18.11.2002 13:48 84 RobotError.log
16.11.2002 11:21 0 temp.html
31.10.2002 17:02 144.449 search.log
20.10.2002 14:06 370 detlog.txt
11.07.2002 10:09 0 MSDOS.SYS
11.07.2002 10:09 0 AUTOEXEC.BAT
11.07.2002 10:09 0 CONFIG.SYS
11.07.2002 10:09 0 IO.SYS
18.08.2001 13:00 4.952 bootfont.bin
24.05.2001 12:59 162.304 UNWISE.EXE
44 Datei(en) 820.283.042 Bytes
0 Verzeichnis(se), 3.002.478.592 Bytes frei
Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809
Verzeichnis von C:\WINDOWS
29.12.2005 10:19 88 Oce6x.INI
29.12.2005 09:28 849 win.ini
29.12.2005 09:26 25.824 setupapi.log
29.12.2005 09:20 599 KTEL.INI
29.12.2005 08:22 1.100.405 WindowsUpdate.log
29.12.2005 08:22 2.048 bootstat.dat
28.12.2005 16:34 32.622 SchedLgU.Txt
27.12.2005 12:36 0 xgatm.txt
27.12.2005 09:40 25.812 stub78.ini
27.12.2005 09:40 25.329 stub77.ini
27.12.2005 09:39 26.785 stub76.ini
27.12.2005 09:39 26.386 stub75.ini
27.12.2005 09:38 26.446 stub74.ini
27.12.2005 09:38 26.417 stub73.ini
27.12.2005 09:38 26.300 stub72.ini
27.12.2005 09:37 26.413 stub71.ini
27.12.2005 09:36 25.626 stub70.ini
27.12.2005 09:36 25.949 stub69.ini
27.12.2005 09:36 25.914 stub68.ini
27.12.2005 09:35 26.241 stub67.ini
27.12.2005 09:35 26.472 stub66.ini
27.12.2005 09:34 26.174 stub65.ini
27.12.2005 09:33 24.912 stub64.ini
27.12.2005 09:33 25.074 stub63.ini
27.12.2005 09:32 25.293 stub62.ini
27.12.2005 09:32 25.066 stub61.ini
27.12.2005 09:32 25.594 stub60.ini
27.12.2005 09:32 25.271 stub59.ini
27.12.2005 09:31 26.307 stub58.ini
27.12.2005 09:28 25.008 stub57.ini
27.12.2005 09:27 25.158 stub56.ini
27.12.2005 09:26 25.293 stub55.ini
27.12.2005 09:26 25.311 stub54.ini
27.12.2005 09:25 25.635 stub53.ini
27.12.2005 09:25 25.546 stub52.ini
27.12.2005 09:24 25.592 stub51.ini
27.12.2005 09:23 24.667 stub50.ini
27.12.2005 09:22 24.795 stub49.ini
27.12.2005 09:21 24.864 stub48.ini
27.12.2005 09:20 24.921 stub47.ini
27.12.2005 09:20 25.352 stub46.ini
27.12.2005 09:19 24.766 stub45.ini
27.12.2005 09:19 24.710 stub44.ini
27.12.2005 09:18 25.043 stub43.ini
27.12.2005 09:15 24.914 stub42.ini
27.12.2005 09:09 25.035 stub41.ini
27.12.2005 09:08 24.703 stub40.ini
27.12.2005 09:07 24.420 stub39.ini
27.12.2005 09:07 24.711 stub38.ini
27.12.2005 09:06 24.442 stub37.ini
27.12.2005 09:06 24.735 stub36.ini
27.12.2005 09:05 24.305 stub35.ini
27.12.2005 08:59 24.912 stub34.ini
27.12.2005 08:59 24.391 stub33.ini
27.12.2005 08:59 24.500 stub32.ini
27.12.2005 08:55 24.410 stub31.ini
27.12.2005 08:52 24.809 stub30.ini
27.12.2005 08:40 24.364 stub29.ini
27.12.2005 08:40 24.101 stub28.ini
27.12.2005 08:39 24.565 stub27.ini
27.12.2005 08:39 23.818 stub26.ini
27.12.2005 08:39 23.904 stub25.ini
27.12.2005 08:33 24.085 stub23.ini
27.12.2005 08:33 23.580 stub24.ini
27.12.2005 08:27 23.060 stub22.ini
27.12.2005 06:22 23.685 stub20.ini
27.12.2005 06:22 23.219 stub21.ini
27.12.2005 06:18 22.835 stub19.ini
27.12.2005 06:17 23.622 stub16.ini
27.12.2005 06:17 22.118 stub18.ini
27.12.2005 06:17 23.395 stub17.ini
27.12.2005 06:15 23.264 stub15.ini
27.12.2005 05:53 23.847 stub14.ini
27.12.2005 05:50 23.745 stub13.ini
27.12.2005 05:47 23.567 stub12.ini
27.12.2005 05:43 23.501 stub11.ini
27.12.2005 05:10 23.416 stub10.ini
27.12.2005 05:00 23.496 stub9.ini
27.12.2005 04:59 23.318 stub8.ini
27.12.2005 04:55 23.344 stub7.ini
27.12.2005 04:51 23.619 stub6.ini
27.12.2005 03:12 23.246 stub4.ini
27.12.2005 03:12 23.500 stub5.ini
27.12.2005 02:50 23.166 stub3.ini
27.12.2005 02:45 22.711 stub2.ini
27.12.2005 02:45 22.854 stub1.ini
24.12.2005 23:56 1.199 logs1.ini
23.12.2005 12:48 54.156 QTFont.qfn
21.12.2005 12:49 13.581 jaubc.dat
20.12.2005 19:31 197.761 ubyty.dat
18.12.2005 11:52 2.814 igzod.dat
18.12.2005 11:52 149 hdkctnts.ini
18.12.2005 11:52 16.730 Feder.bmp
18.12.2005 11:52 26.680 F„cher.bmp
18.12.2005 11:52 2.814 egifx.dat
18.12.2005 09:37 832 unins000.dat
18.12.2005 09:37 11.388 udtai.dat
18.12.2005 09:37 28 SYS386E.DAT
18.12.2005 09:37 122 telephon.ini
18.12.2005 09:37 65.832 Santa Fe-Stuck.bmp
18.12.2005 09:37 65.978 Seifenblase.bmp
18.12.2005 09:37 746 ST6UNST.001
18.12.2005 03:25 1.272 Blaue Spitzen 16.bmp
17.12.2005 11:47 69.416 Unnero.cfg
17.12.2005 11:47 790 win.tmp
08.12.2005 08:21 5.688 ModemLog_GPRS via COM.txt
07.12.2005 06:29 197.761 fgtpd.txt
30.11.2005 08:23 0 logs2.ini
19.07.2005 12:30 440 Sfirm32.ini
19.07.2005 12:30 171 Uno.ini
13.07.2005 11:12 1.196 MpsKe.INI
08.07.2005 07:05 22 FLASHKSK.INI
Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809
Verzeichnis von C:\DOKUME~1\MALBSM~1.BUE\LOKALE~1\Temp
29.12.2005 10:38 0 JETA4D0.tmp
29.12.2005 10:32 319 tmpD53.tmp
29.12.2005 10:22 512 ~DF52ED.tmp
29.12.2005 10:20 512 ~DF277A.tmp
29.12.2005 10:20 981.464 mso87DC5.wmf
29.12.2005 10:20 9.728 ~WRS0002.tmp
29.12.2005 10:10 16.384 ~WRF0001.tmp
29.12.2005 10:10 506 ~WRD0000.doc
29.12.2005 10:10 512 ~DF4A6A.tmp
29.12.2005 10:10 512 ~DF471B.tmp
29.12.2005 10:10 512 ~DF399E.tmp
29.12.2005 10:08 1.409 FORD41.tmp
29.12.2005 10:08 8.960 ZTRD40.tmp
29.12.2005 10:06 8.912 ZTRD3E.tmp
29.12.2005 10:06 1.409 FORD3F.tmp
29.12.2005 09:21 975 wcesmgr.log
29.12.2005 09:21 483 outstore.log
29.12.2005 08:36 2.387 WCESCOMM.LOG
29.12.2005 08:24 16.384 ~DF4933.tmp
19 Datei(en) 1.051.880 Bytes
0 Verzeichnis(se), 3.002.511.360 Bytes frei
Datentr„ger in Laufwerk C: ist WXPPR
Volumeseriennummer: 2CCB-E809
Verzeichnis von C:\WINDOWS\system32
29.12.2005 09:28 0 asfiles.txt
29.12.2005 09:25 2.550 Uninstall.ico
29.12.2005 09:25 1.406 Help.ico
29.12.2005 09:25 1.718 Open.ico
29.12.2005 09:25 1.406 AddQuit.ico
29.12.2005 09:25 5.350 IE.ico
29.12.2005 09:25 9.470 Desktop.ico
29.12.2005 09:25 1.718 Quick.ico
28.12.2005 16:34 11.630 appldiag
27.12.2005 12:36 0 gatmy.dll
27.12.2005 12:36 0 d3aq32.exe
27.12.2005 11:46 664.064 wininet.dll
27.12.2005 08:00 2.278 wpa.dbl
27.12.2005 02:45 13.581 ufheh.log
22.12.2005 15:41 197.761 wykin.dat
19.12.2005 08:35 7.006 jupdate-1.5.0_06-b05.log
09.12.2005 01:21 2.723.680 MRT.exe
08.12.2005 19:46 13.581 beplo.dat
08.12.2005 08:21 4.162 ModemLog_AVM ISDN Custom Config.txt
08.12.2005 08:21 4.610 ModemLog_AVM ISDN BTX.txt
08.12.2005 08:21 4.660 ModemLog_AVM ISDN Analog Modem (V.32bis).txt
08.12.2005 08:21 4.620 ModemLog_AVM ISDN FAX (G3).txt
08.12.2005 08:21 4.630 ModemLog_AVM ISDN - ISDN (X.75).txt
08.12.2005 08:21 4.632 ModemLog_AVM ISDN Mailbox (X.75).txt
08.12.2005 08:21 4.672 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt
08.12.2005 08:21 4.642 ModemLog_AVM ISDN RAS (PPP over ISDN).txt
08.12.2005 08:21 4.652 ModemLog_AVM ISDN Internet (PPP over ISDN).txt
15.11.2005 08:07 5.618 jupdate-1.5.0_05-b05.log
14.11.2005 13:53 3.534 jupdate-1.5.0_03-b07.log
10.11.2005 13:03 127.078 javaws.exe
10.11.2005 13:03 49.265 jpicpl32.cpl
10.11.2005 11:27 49.250 javaw.exe
10.11.2005 11:27 49.248 java.exe
09.11.2005 13:31 360.136 FNTCACHE.DAT
31.10.2005 08:08 311.604 perfh009.dat
31.10.2005 08:08 39.992 perfc009.dat
31.10.2005 08:08 316.594 perfh007.dat
31.10.2005 08:08 48.156 perfc007.dat
31.10.2005 08:08 723.568 PerfStringBackup.INI
20.10.2005 23:25 1.094.144 esent.dll
13.10.2005 00:11 15.584 spmsg.dll
11.10.2005 16:19 1.675 shutdown.log
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
23.09.2005 04:06 8.491.520 shell32.dll
10.09.2005 02:54 2.067.968 cdosys.dll
03.09.2005 00:53 474.112 shlwapi.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
30.08.2005 04:55 1.292.800 quartz.dll
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll
11.08.2005 16:11 65.024 nwwks.dll
Hallo Sabina, auch ich kriege das Problem nicht los. Trotz mehrerer Versuche habe ich es nicht geschafft, den weissen Hintergrund zu entfernen.Ursache ist Winhound bzw. file://C:\WINDOWS\warnhp.html.
Folgend meine Ausdrucke. Vielleicht kannst du mir helfen :-)
Logfile of HijackThis v1.97.7
Scan saved at 11:00:44, on 29.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\NavNT\defwatch.exe
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\NavNT\rtvscan.exe
C:\PROGRAMME\SAPDB\DEPEND\pgm\kernel.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\programme\sapdb\indep_prog\pgm\serv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\Programme\klickIdent Profi Plus Januar 2004\klickIdentPP.exe
C:\Programme\NavNT\vptray.exe
C:\WINDOWS\System32\pupxpman.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\T-DSL Business\bolog.exe
C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Iomega\AutoDisk\AD2KClient.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MailWasher Pro\MailWasher.exe
C:\Programme\Microsoft ActiveSync\WCESMgr.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\malbsmeier.BUERO\Eigene Dateien\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programme\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [ISDN_Monitor] C:\Programme\klickIdent Profi Plus Januar 2004\klickIdentPP.exe
O4 - HKLM\..\Run: [vptray] C:\Programme\NavNT\vptray.exe
O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\MALBSM~1.BUE\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\System32\PUPXPTWK.EXE /TWEAK
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [SfWinStartInfo] C:\SFIRM32\sfWinStartupInfo.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BOL Master] E:\Setup.exe
O4 - HKLM\..\Run: [BusinessOnline Log] "C:\Programme\T-DSL Business\bolog.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [stnospy] C:\Programme\SinEspias\no-spy.exe /autorun
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Programme\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MailWasher] C:\Programme\MailWasher Pro\MailWasher.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: FriFon32.lnk = C:\Programme\FRITZ!\FriFon32.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SFIRM32 Automat.lnk = C:\SFIRM32\SFAutomat.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: PDF in Word öffnen (PDF Converter 2.0) - res://C:\Programme\ScanSoft\PDFConverter 2.0 Professional\PDFConv\IEShellExt.dll /500
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: Mobilen Favoriten erstellen (HKLM)
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38253.4323148148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Folgend die weiteren.....
__________
MfG Sabina
rund um die PC-Sicherheit