explorer öffnet weiterhin seiten hijackthis schon durchgeführt |
||
---|---|---|
#0
| ||
24.01.2006, 12:02
...neu hier
Beiträge: 4 |
||
|
||
24.01.2006, 14:47
Ehrenmitglied
Beiträge: 29434 |
#2
anand
Gehe in die Registry Start-->Ausfuehren--> regedit bearbeiten--> suchen--> CMDSERVICE Klicke auf Bearbeiten -- Berechtigung und klicke dann auf Vollzugriff -- [Übernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlüssel und versuche diesen zu löschen. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O4 - HKCU\..\Run: [rmkw] C:\PROGRA~1\GEMEIN~1\rmkw\rmkwm.exe O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\ O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\gp2sl3f71.dll KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\FmleProcess.dll C:\WINDOWS\system32\gp2sl3f71.dll C:\WINDOWS\system32\kspydoc.log C:\WINDOWS\system32\Sweeper.cfg C:\WINDOWS\system32\q6nulg5916.dll C:\WINDOWS\system32\gp2sl3f71.dll C:\WINDOWS\system32\Uninstall.ico C:\WINDOWS\system32\Help.ico C:\WINDOWS\system32\pavas.ico C:\WINDOWS\system32\search.html C:\WINDOWS\system32\msctl32.dll C:\WINDOWS\system32\z14.exe C:\WINDOWS\inet20099\winlogon.exe C:\WINDOWS\inet20099\services.exe C:\WINDOWS\inet20099\socks.exe C:\windows\winsysupd.exe C:\windows\winsysban.exe C:\WINDOWS\system32\cmd32.exe C:\WINDOWS\system32\paytime.exe C:\WINDOWS\system32\efsdfgxg.exe C:\WINDOWS\winsysupd1.dat C:\WINDOWS\drsmartload.dat C:\WINDOWS\tool1.exe C:\WINDOWS\uniq C:\winstall.exe C:\drsmartload1.exe PC neustarten loesche: C:\PROGRAMME\GEMEINSAME DATEIEN\rmkw C:\WINDOWS\inet20099 loesche, falls du es findest: C:\Dokumente und Einstellungen\All Users\Dokumente\bcvsrv32.exe C:\Dokumente und Einstellungen\All Users\Dokumente\CRSS.EXE C:\Dokumente und Einstellungen\All Users\Dokumente\install.exe C:\Dokumente und Einstellungen\All Users\Dokumente\ip.exe C:\Dokumente und Einstellungen\All Users\Dokumente\nvagNT.exe C:\Dokumente und Einstellungen\All Users\Dokumente\scvsrv32.exe C:\Dokumente und Einstellungen\All Users\Dokumente\stone.exe C:\Dokumente und Einstellungen\All Users\Dokumente\wiinsvc.exe C:\Dokumente und Einstellungen\All Users\Dokumente\Xi.exe Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe Save it on your desktop. Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil Close all windows, open the win32delfkil folder and double click on fix.bat. arbeite das bitte ab http://virus-protect.org/artikel/tools/smitfrautfix.html Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. L2mfix --> arbeite Option 2 ab und nach Neustart und scan poste den scanreport http://virus-protect.org/l2mfix.html ----------------------------------------------------------------------------------- Information: http://virus-protect.org/artikel/spyware/delf.html http://virus-protect.org/artikel/spyware/inet20002.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.01.2006, 15:40
...neu hier
Themenstarter Beiträge: 4 |
#3
SmitFraudFix v2.15
Rapport fait à 15:38:43,65 le 24.01.2006 Executé à partir de C:\Dokumente und Einstellungen\Dursun\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Dokumente und Einstellungen\Dursun\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport |
|
|
||
24.01.2006, 15:41
Ehrenmitglied
Beiträge: 29434 |
#4
ich habe noch was veraendert...schaue noch mal alles durch und arbeite alles ab.
das LOG von L2mfix postest du dann __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.01.2006, 16:06
...neu hier
Themenstarter Beiträge: 4 |
#5
L2mfix 010406
Creating Account. Der Befehl wurde erfolgreich ausgefhrt. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 596 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 668 'winlogon.exe' Killing PID 668 'winlogon.exe' Killing PID 668 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 3620 'explorer.exe' Killing PID 3620 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administratoren ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Desktop.ini sucessfully removed Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\q6nulg5916.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DB998F0C-A986-4C93-91B5-1C3EC5D96CB7}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB998F0C-A986-4C93-91B5-1C3EC5D96CB7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DB998F0C-A986-4C93-91B5-1C3EC5D96CB7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB998F0C-A986-4C93-91B5-1C3EC5D96CB7}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{DB998F0C-A986-4C93-91B5-1C3EC5D96CB7}"=- [-HKEY_CLASSES_ROOT\CLSID\{DB998F0C-A986-4C93-91B5-1C3EC5D96CB7}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/DB998F0C-A986-4C93-91B5-1C3EC5D96CB7.reg (188 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 87%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) und hier das hijacklog Logfile of HijackThis v1.99.1 Scan saved at 16:06:17, on 24.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\htpatch.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Messenger\msmsgs.exe C:\Programme\Novosoft\Handy Backup 3.5\hbagent.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\Telefonauskunft für den PC\Telefonauskunft für den PC 2004\KSTART32.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Dursun\Desktop\HijackThis.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MBGroup] C:\BSA\VPMSRun\dll.32\MBGroup.exe C:\BSA\VPMSRun\VFrame32\Menu\MenuBera.ini C:\BSA\VPMSRun\dll.32\mb.log O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\GEMEIN~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [Handy Backup 3.5] C:\Programme\Novosoft\Handy Backup 3.5\hbagent.exe /logon O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Programme\AdwareFilter\adwarefilter.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Telefonauskunft für den PC 2004 - Schnellstarter.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137757568129 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137757545941 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://de.bigfishgames.com/games/en_luxor/online/2/mjolauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4677/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{521674B7-A14F-4362-92A6-DE51C1E80C45}: NameServer = 192.168.121.252,192.168.121.253 O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\q6nulg5916.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
|
||
24.01.2006, 23:53
Ehrenmitglied
Beiträge: 29434 |
#6
Zitat 192.168.121.252,192.168.121.253fixe mit dem HijackThis...damit wird deine Internetverbindung geloescht...du musst dann eine neue erstellen O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{521674B7-A14F-4362-92A6-DE51C1E80C45}: NameServer = 192.168.121.252,192.168.121.253 O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\q6nulg5916.dll (file missing) pc neustarten Download FixWareout: http://swandog46.geekstogo.com/Fixwareout.exe Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt Winpfind http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.01.2006, 10:09
...neu hier
Themenstarter Beiträge: 4 |
#7
Fixwareout ver 1.003
Last edited 1/12/2006 Post this report in the forums please Reg Entries that were deleted PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Search by size and names... »»»»» Misc files »»»»» Checking for older varients covered by the Rem3 tool WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... aspack 05.10.2004 16:00:00 116224 C:\WINDOWS\FMDUn.EXE ad-w-a-r-e.com 23.01.2006 14:09:40 712079 C:\WINDOWS\setupapi.log Checking %System% folder... PEC2 29.08.2002 11:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 09.06.2005 21:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 09.06.2005 21:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll PTech 12.07.2005 18:04:22 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll PECompact2 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04.01.2006 19:46:40 2836320 C:\WINDOWS\SYSTEM32\MRT.exe aspack 03.08.2004 23:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 03.08.2004 23:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 30.10.2005 20:49:02 42496 C:\WINDOWS\SYSTEM32\swreg.exe PEC2 20.07.1995 R 1371436 C:\WINDOWS\SYSTEM32\VBAR2132.DLL winsync 29.08.2002 11:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 25.01.2006 09:53:12 S 2048 C:\WINDOWS\bootstat.dat 20.01.2006 12:46:52 H 0 C:\WINDOWS\inf\oem16.inf 20.01.2006 12:48:48 H 0 C:\WINDOWS\inf\oem17.inf 01.12.2005 04:44:42 S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat 02.12.2005 01:12:38 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat 03.01.2006 00:09:26 S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat 25.01.2006 09:53:42 H 1024 C:\WINDOWS\system32\config\default.LOG 25.01.2006 09:53:24 H 1024 C:\WINDOWS\system32\config\SAM.LOG 25.01.2006 09:53:42 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 25.01.2006 10:00:20 H 1024 C:\WINDOWS\system32\config\software.LOG 25.01.2006 09:58:48 H 1024 C:\WINDOWS\system32\config\system.LOG 20.01.2006 13:52:24 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 23.01.2006 10:22:00 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8254c256-9404-4fb0-9d77-0929b1bca14b 23.01.2006 10:22:00 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 25.01.2006 09:53:12 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 03.08.2004 23:58:24 70656 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 03.08.2004 23:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 03.08.2004 23:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 03.08.2004 23:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 03.08.2004 23:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 03.08.2004 23:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 03.08.2004 23:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 03.08.2004 23:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 03.08.2004 23:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 03.08.2004 23:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 29.08.2002 11:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 03.08.2004 23:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 29.08.2002 11:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 03.08.2004 23:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 03.08.2004 23:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 03.03.2003 08:44:00 139264 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 03.08.2004 23:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 03.08.2004 23:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl 29.11.2001 15:09:44 475136 C:\WINDOWS\SYSTEM32\slcpappl.cpl Microsoft Corporation 03.08.2004 23:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 29.08.2002 11:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 03.08.2004 23:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 03.08.2004 23:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 29.08.2002 11:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 29.08.2002 11:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 24.02.2005 13:03:12 1939 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk 28.04.2005 08:40:36 665 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AdwareFilter Background Protection.lnk 16.12.2002 17:16:44 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 27.07.2005 12:55:18 1717 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk 05.10.2004 10:34:18 921 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Telefonauskunft für den PC 2004 - Schnellstarter.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 16.12.2002 17:05:44 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini Checking files in %USERPROFILE%\Startup folder... 16.12.2002 17:16:44 HS 84 C:\Dokumente und Einstellungen\Dursun\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 16.12.2002 17:05:44 HS 62 C:\Dokumente und Einstellungen\Dursun\Anwendungsdaten\desktop.ini 30.11.2005 16:16:00 102184 C:\Dokumente und Einstellungen\Dursun\Anwendungsdaten\GDIPFONTCACHEV1.DAT 20.01.2006 09:48:10 68458 C:\Dokumente und Einstellungen\Dursun\Anwendungsdaten\wklnhst.dat »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EasyCryptoMenu {A0752120-6D75-D111-B5B1-0800095A2318} = C:\WINDOWS\System32\tsseCryp.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Handy Backup {F70E776E-E75D-444D-B982-ADA472624D8E} = C:\Programme\Novosoft\Handy Backup 3.5\hbshell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EasyCryptoMenu {A0752120-6D75-D111-B5B1-0800095A2318} = C:\WINDOWS\System32\tsseCryp.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Handy Backup {F70E776E-E75D-444D-B982-ADA472624D8E} = C:\Programme\Novosoft\Handy Backup 3.5\hbshell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC} PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} Real.com = C:\WINDOWS\System32\Shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} ButtonText = Spyware Doctor : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} ButtonText = Real.com : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar2.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar2.dll {51CE7A05-9C90-433B-8BEC-73973997F6F2} = : {1028F737-81E7-452B-A860-E50CAD90A08C} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz nwiz.exe /installquiet HTpatch C:\WINDOWS\htpatch.exe EM_EXEC C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE VOBRegCheck C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg Microsoft Works Update Detection C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe MBGroup C:\BSA\VPMSRun\dll.32\MBGroup.exe C:\BSA\VPMSRun\VFrame32\Menu\MenuBera.ini C:\BSA\VPMSRun\dll.32\mb.log TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot IMPALARM FreePDF Assistant C:\Programme\FreePDF_XP\fpassist.exe NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe OSSelectorReinstall C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe AVGCtrl "C:\Programme\AVPersonal\AVGNT.EXE" /min [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] MSMSGS "C:\Programme\Messenger\msmsgs.exe" /background Update Service C:\PROGRA~1\GEMEIN~1\TEKNUM~1\update.exe /startup Handy Backup 3.5 C:\Programme\Novosoft\Handy Backup 3.5\hbagent.exe /logon SpybotSD TeaTimer C:\Programme\Spybot - Search & Destroy\TeaTimer.exe Spyware Doctor "C:\Programme\Spyware Doctor\swdoctor.exe" /Q [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 25.01.2006 10:05:46 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\system32\search.html diese beiden einträge hab ich aus der hijackthis liste gelöscht nach dem winfix nochmal nen hijackthis gemacht hat! hoffe das war jetzt nicht falsch ! übrigens diese nervigen seiten die sich von selbst laden sind schon weg |
|
|
||
25.01.2006, 12:47
Ehrenmitglied
Beiträge: 29434 |
#8
loesche:
C:\WINDOWS\setupapi.log -->(ist vom Look2Me) Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html C:\WINDOWS\FMDUn.EXE C:\Dokumente und Einstellungen\Dursun\Anwendungsdaten\wklnhst.dat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Scan saved at 11:55:51, on 24.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Novosoft\Handy Backup 3.5\hbagent.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Telefonauskunft für den PC\Telefonauskunft für den PC 2004\KSTART32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Dursun\LOKALE~1\Temp\Rar$EX07.343\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\system32\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.immobilienscout24.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\system32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MBGroup] C:\BSA\VPMSRun\dll.32\MBGroup.exe C:\BSA\VPMSRun\VFrame32\Menu\MenuBera.ini C:\BSA\VPMSRun\dll.32\mb.log
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\system32\efsdfgxg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\GEMEIN~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Handy Backup 3.5] C:\Programme\Novosoft\Handy Backup 3.5\hbagent.exe /logon
O4 - HKCU\..\Run: [rmkw] C:\PROGRA~1\GEMEIN~1\rmkw\rmkwm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Programme\AdwareFilter\adwarefilter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Telefonauskunft für den PC 2004 - Schnellstarter.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137757568129
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137757545941
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://de.bigfishgames.com/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4677/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{521674B7-A14F-4362-92A6-DE51C1E80C45}: NameServer = 192.168.121.252,192.168.121.253
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\dnr8019ue.dll
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
werd das teil einfach nicht los! wäre nett wenn mir einer weiterhilft und mir sagt welche kästchen ich bei hijackthis anklicken muss
Logfile of HijackThis v1.99.1
Scan saved at 12:48:52, on 24.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Novosoft\Handy Backup 3.5\hbagent.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Telefonauskunft für den PC\Telefonauskunft für den PC 2004\KSTART32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Dokumente und Einstellungen\Dursun\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.immobilienscout24.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MBGroup] C:\BSA\VPMSRun\dll.32\MBGroup.exe C:\BSA\VPMSRun\VFrame32\Menu\MenuBera.ini C:\BSA\VPMSRun\dll.32\mb.log
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\GEMEIN~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Handy Backup 3.5] C:\Programme\Novosoft\Handy Backup 3.5\hbagent.exe /logon
O4 - HKCU\..\Run: [rmkw] C:\PROGRA~1\GEMEIN~1\rmkw\rmkwm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Programme\AdwareFilter\adwarefilter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Telefonauskunft für den PC 2004 - Schnellstarter.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137757568129
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137757545941
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://de.bigfishgames.com/games/en_luxor/online/2/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4677/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{521674B7-A14F-4362-92A6-DE51C1E80C45}: NameServer = 192.168.121.252,192.168.121.253
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\gp2sl3f71.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
hier die neue logdatei...hab paar sachen selbst gelöscht
aber das problem is leider immer noch da...es öffnen sich weiterhin seiten
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: 24B7-9BCF
Verzeichnis von C:\WINDOWS\system32
24.01.2006 12:48 237.233 guard.tmp
24.01.2006 12:46 237.233 FmleProcess.dll
24.01.2006 12:44 346.648 kspydoc.log
24.01.2006 12:44 0 Sweeper.cfg
24.01.2006 12:34 233.933 q6nulg5916.dll
24.01.2006 12:23 237.233 gp2sl3f71.dll
23.01.2006 13:40 2.550 Uninstall.ico
23.01.2006 13:40 1.406 Help.ico
23.01.2006 13:40 30.590 pavas.ico
23.01.2006 10:38 1.170 wpa.dbl
20.01.2006 14:44 329.434 perfh009.dat
20.01.2006 14:44 47.506 perfc009.dat
20.01.2006 14:44 339.230 perfh007.dat
20.01.2006 14:44 58.262 perfc007.dat
20.01.2006 14:44 782.960 PerfStringBackup.INI
20.01.2006 14:38 371.280 FNTCACHE.DAT
20.01.2006 10:41 827.392 FLASH.OCX
20.01.2006 10:41 14.622 muzika.xm
19.01.2006 09:13 636 search.html
18.01.2006 14:11 68.096 msctl32.dll
18.01.2006 14:09 210 z14.exe
04.01.2006 19:46 2.836.320 MRT.exe
29.12.2005 03:54 280.064 gdi32.dll
05.12.2005 15:26 135.168 snapapi.dll
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 1.022.464 browseui.dll
24.11.2005 00:58 3.013.632 mshtml.dll
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 251.392 iepeers.dll
21.10.2005 04:40 205.312 dxtrans.dll
21.10.2005 04:40 55.808 extmgr.dll
21.10.2005 04:40 152.064 cdfview.dll
20.10.2005 23:25 1.094.144 esent.dll
17.10.2005 22:20 118.272 t2embed.dll
17.10.2005 22:20 80.896 fontsub.dll
13.10.2005 00:11 15.584 spmsg.dll
06.10.2005 04:08 1.839.616 win32k.sys
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: 24B7-9BCF
Verzeichnis von C:\DOKUME~1\Dursun\LOKALE~1\Temp
24.01.2006 13:05 16.384 Perflib_Perfdata_20c.dat
24.01.2006 13:04 16.384 ~DFA134.tmp
17.01.2006 22:24 104 DFC5A2B2.TMP
3 Datei(en) 32.872 Bytes
0 Verzeichnis(se), 51.498.496.000 Bytes frei
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: 24B7-9BCF
Verzeichnis von C:\WINDOWS
24.01.2006 13:04 900.525 WindowsUpdate.log
24.01.2006 12:46 0 0.log
24.01.2006 12:45 2.048 bootstat.dat
24.01.2006 12:43 32.630 SchedLgU.Txt
24.01.2006 12:18 155 winamp.ini
23.01.2006 14:09 712.079 setupapi.log
23.01.2006 14:02 410 KTEL.INI
23.01.2006 13:57 1.081 win.tmp
23.01.2006 13:57 1.081 win.ini
20.01.2006 13:54 99.654 comsetup.log
20.01.2006 13:54 42.762 iis6.log
20.01.2006 13:54 109.108 tsoc.log
20.01.2006 13:54 1.374 imsins.log
20.01.2006 13:54 15.158 ocmsn.log
20.01.2006 13:54 59.670 ntdtcsetup.log
20.01.2006 13:54 32.929 KB899587.log
20.01.2006 13:54 143.642 ocgen.log
20.01.2006 13:54 13.795 msgsocm.log
20.01.2006 13:54 263.756 FaxSetup.log
20.01.2006 13:53 15.268 updspapi.log
20.01.2006 13:53 1.374 imsins.BAK
20.01.2006 13:53 32.429 KB896422.log
20.01.2006 13:52 32.191 KB885835.log
20.01.2006 13:51 30.850 KB885836.log
20.01.2006 13:51 31.850 KB885250.log
20.01.2006 13:51 31.910 KB901017.log
20.01.2006 13:50 32.066 KB899591.log
20.01.2006 13:50 32.440 KB896424.log
20.01.2006 13:50 32.638 KB893756.log
20.01.2006 13:49 29.675 KB896423.log
20.01.2006 13:49 29.905 KB873339.log
20.01.2006 13:49 29.907 KB888113.log
20.01.2006 13:48 30.534 KB887742.log
20.01.2006 13:48 32.604 KB896358.log
20.01.2006 13:48 25.144 KB910437.log
20.01.2006 13:47 20.979 KB898458.log
20.01.2006 13:47 39.857 KB905915.log
20.01.2006 13:45 24.513 KB891781.log
20.01.2006 13:45 35.699 KB902400.log
20.01.2006 13:43 2.068 vminst.log
20.01.2006 13:42 21.619 KB890046.log
20.01.2006 13:41 20.872 KB893066.log
20.01.2006 13:41 21.195 KB905414.log
20.01.2006 13:41 20.421 KB901214.log
20.01.2006 13:41 19.445 KB888302.log
20.01.2006 13:40 22.034 KB900725.log
20.01.2006 13:40 18.533 KB912919.log
20.01.2006 13:40 12.669 KB886185.log
20.01.2006 13:40 9.802 KB885884.log
20.01.2006 13:40 17.725 KB904706.log
20.01.2006 13:40 18.190 KB905749.log
20.01.2006 13:40 17.157 KB896428.log
20.01.2006 13:38 18.442 KB894391.log
20.01.2006 13:38 16.285 KB908519.log
20.01.2006 13:37 19.807 KB890859.log
20.01.2006 12:54 9.043 KB898461.log
20.01.2006 12:53 12.362 KB893803v2.log
20.01.2006 12:53 1.239 avmcoins.log
19.01.2006 10:26 282 system.ini
19.01.2006 10:26 282 system.tmp
19.01.2006 09:14 0 winsysupd1.dat
19.01.2006 09:13 8.928 ModemLog_Aztech CNR V.92 Modem.txt
18.01.2006 14:13 43 drsmartload.dat
18.01.2006 14:11 74.752 tool1.exe
18.01.2006 14:09 0 uniq
18.01.2006 13:29 449 wiadebug.log
18.01.2006 13:28 50 wiaservc.log
12.01.2006 10:35 107.132 UninstallFirefox.exe
12.01.2006 10:34 4.793 mozver.dat
09.01.2006 11:49 116 NeroDigital.ini
03.01.2006 17:45 1.989 uninstall_nmon.vbs
15.12.2005 13:57 6.363 wmsetup.log
14.12.2005 09:34 125 cdplayer.ini
14.11.2005 10:39 0 nsreg.dat
29.08.2005 09:09 241 BUHL.INI
05.08.2005 15:56 206.518 setupact.log
05.08.2005 10:31 395 DINFO.INI
27.07.2005 12:55 712 ODBC.INI
27.07.2005 08:26 6.124 KB887472.log
27.05.2005 00:22 10.752 hh.exe
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: 24B7-9BCF
Verzeichnis von C:\
24.01.2006 13:18 0 sys.txt
24.01.2006 13:17 27.397 system.txt
24.01.2006 13:17 395 systemtemp.txt
24.01.2006 13:17 115.601 system32.txt
24.01.2006 12:45 267.964.416 hiberfil.sys
24.01.2006 12:45 188.743.680 pagefile.sys
18.01.2006 14:11 12.288 drsmartload1.exe
12.10.2004 13:26 30.024 dLib.log
11.10.2004 12:32 1.244.929 rckseite.jpg
11.10.2004 09:52 1.119.205 visiten-front.jpg
cleanup wurde vorher auch durchgeführt....hab das hijackthis log übrigens mit www.hijackthis.de ausgewertet weiss nich ob ich da was vergessen hab!