yyy102.html .... Popups |
||
---|---|---|
#0
| ||
10.01.2006, 22:47
...neu hier
Beiträge: 1 |
||
|
||
11.01.2006, 17:42
Ehrenmitglied
Beiträge: 29434 |
#2
moLox
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als list.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.--> die list.bat doppelt klicken--> kopiere den Text, der erscheint cd\ dir "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders" >> files.txt notepad files.txt ---------------------------------------------------------------------------- öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank 1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F0 - system.ini: Shell=Explorer.exe C:\windows\system32\jmsiexec16.exe F1 - win.ini: run=C:\windows\system32\jmsiexec16.exe O4 - HKLM\..\RunServices: [GLSetIT31] C:\windows\system32\jmsiexec16.exe O4 - HKCU\..\Run: [Shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe" O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\en84l1lq1.dll O21 - SSODL: fldrsys - {4C75BFAC-AB00-4339-809E-B6EB967B1D31} - fldrsys.dll (file missing) O23 - Service: Nakido - Unknown owner - C:\WINDOWS\System32\nakido.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing) PC neustarten Registry Search Tool http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip eventuelle Meldung vom Virenscanner --- > warnmeldung:bösartiges skript entdeckt --> ignorieren Doppelklick:regsrch.vbs reinkopieren: Nakido Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html kopiere die 4 Textdateien (3 Monate) http://virus-protect.org/datfindbat.html -------------------------------------------------------------------- ist fuer mich-> Spyware ??? O23 - Service: Nakido - Unknown owner - C:\WINDOWS\System32\nakido.exe firegraphic.com/ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
die Häufigkeit senkte sich , jedoch tauchen immer noch vereinzelte auf ..
Logfile of HijackThis v1.99.1
Scan saved at 22:53:02, on 10.01.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\GFI\LANguard Network Security Scanner 3\sscansvc.exe
C:\WINDOWS\System32\nakido.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Fast.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\ICQPlus\vplus.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ICQLITE\ICQLITE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Steffen\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://127.0.0.1:3128/ken2000.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.120.1:3128;gopher=192.168.120.1:3128;http=192.168.120.1:3128;https=192.168.120.1:3128;socks=192.168.120.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F0 - system.ini: Shell=Explorer.exe C:\windows\system32\jmsiexec16.exe
F1 - win.ini: run=C:\windows\system32\jmsiexec16.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\RunServices: [GLSetIT31] C:\windows\system32\jmsiexec16.exe
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programme\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRA~1\ICQLITE\ICQLITE.EXE -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://127.0.0.1:3128/ken2000.html
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FADBD6-C2C0-4267-AFAF-48FEB46C5A31}: NameServer = 192.168.120.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\en84l1lq1.dll
O20 - Winlogon Notify: WB - C:\Programme\Stardock\Object Desktop\ThemeManager\fastload.dll
O21 - SSODL: fldrsys - {4C75BFAC-AB00-4339-809E-B6EB967B1D31} - fldrsys.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: GFI LANguard N.S.S. Scheduled Scans Service (lnss_sscans) - GFI Software Ltd. - C:\Programme\GFI\LANguard Network Security Scanner 3\sscansvc.exe
O23 - Service: Nakido - Unknown owner - C:\WINDOWS\System32\nakido.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)