about: blank Browser hijacker |
||
---|---|---|
#0
| ||
06.05.2006, 23:19
Member
Beiträge: 25 |
||
|
||
06.05.2006, 23:33
Ehrenmitglied
Beiträge: 29434 |
#2
1.
LSPfix http://www.spychecker.com/program/lspfix.html schreibe ab, welche dll du dort findest. 2. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html PC neustarten 3. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 4. echo.zip entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip 5. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) shhost in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2006, 11:45
Member
Themenstarter Beiträge: 25 |
#3
Hallo Sabina,
erst mal vielen Dank für die Beschreibung!!! Beim letzten Schritt ist dieses herausgekommen: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 07.05.2006 11:39:49 for strings: ; 'shhost' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\shhost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "shhost"="C:\\Programme\\OutLaster\\shhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost] "UninstallString"="C:\\Programme\\OutLaster\\un-shhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\shhost] [HKEY_USERS\S-1-5-21-2157384091-728378468-2993898689-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Programme\\OutLaster\\shhost.exe"="shhost" ; End Of The Log... |
|
|
||
07.05.2006, 12:07
Ehrenmitglied
Beiträge: 29434 |
#4
du musst mir alle Daten posten,also alle Punkte abarbeiten... ...erst dann beginnt die Reinigung
ich habe schon eine Seite erstellt http://virus-protect.org/artikel/spyware/outlaster.html aber nun muss ich noch die 4 Logs von datfindbat sehen und welche dll du in LSPfix hast, sowie welche Dateien in echo.zip erscheinen... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2006, 12:33
Member
Themenstarter Beiträge: 25 |
#5
Hallo Sabina,
hier sind die restlichen Daten ich hoffe komplett!! Im LSP-Fix habe ich folgendes gefunden: mswsock.dll TCP/IP winrnr.dll NTDS newdotnet7_22.dll New.net Name Space Provider webhdll.dll (Protocol handler) rsvpsp.dll (Protocol handler) Verzeichnis von C:\WINDOWS\Downloaded Program Files 14.10.1997 18:52 697 DirectAnimation Java Classes.osd 07.06.2005 16:35 1.124.872 EPUWALcontrol.dll 09.05.2005 09:54 539 EPUWALcontrol.inf 23.04.2005 18:02 378 ImageUploader3.inf 23.04.2005 18:03 1.828.376 ImageUploader3.ocx 25.08.2003 18:12 1.096 iuctl.inf 11.10.2005 17:49 752 jinstall-1_5_0_05.inf 20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf 14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx 29.06.2005 19:17 227 opuc.inf 01.09.2004 18:46 298 sinstaller.inf 27.08.2005 14:30 5.065 swflash.inf 30.06.2003 23:41 1.689 WMV9VCM.inf 14 Datei(en) 3.079.042 Bytes Anzahl der angezeigten Dateien: 14 Datei(en) 3.079.042 Bytes 0 Verzeichnis(se), 38.056.263.680 Bytes frei Verzeichnis von C:\ 07.05.2006 11:31 0 sys.txt 07.05.2006 11:29 18.223 system.txt 07.05.2006 11:29 1.700 systemtemp.txt C:\DOKUME~1\Marc\LOKALE~1\Temp 07.05.2006 10:59 125.972 jusched.log 06.05.2006 22:39 11.058 hijackthis.log 06.05.2006 17:10 2.374 SCSILog0.txt 06.05.2006 17:05 3.584 aae835.mst 06.05.2006 16:14 0 CacheInfo.dnl 06.05.2006 15:49 717 control.xml 30.04.2006 22:37 53.728 663_appcompat.txt 30.04.2006 22:24 0 EPSLog.txt 30.04.2006 16:30 246 EPS_PicLookup.dat 23.04.2006 23:15 874 java_install_reg.log 23.04.2006 23:14 23.536 java_install.log 23.04.2006 23:12 955 jinstall.cfg 18.04.2006 13:59 65.536 ~DF13F4.tmp 16.04.2006 21:41 373.453 TWAIN.LOG 16.04.2006 21:38 3.241.362 CNQ2410_2.SHD 16.04.2006 21:38 3 Twain001.Mtx 16.04.2006 21:38 156 Twunk001.MTX 16.04.2006 21:35 0 Twunk002.MTX 09.04.2006 17:25 40.612.196 ~WRD0001.doc 09.04.2006 17:25 83.689.418 ~WRD0000.doc 08.04.2006 11:17 0 98410B.tmp 02.04.2006 20:12 11.980 11a0_appcompat.txt 19.03.2006 22:32 39.985 epurcdever11.dll.zip 08.03.2006 17:13 0 vt8107.tmp 03.03.2006 03:25 243.512 AutoDL%3FBundleId=10380_b19770de.exe 02.02.2006 22:23 2.423.496 Patch_MSN_Messenger.EXE 11.03.2005 13:23 172.032 epurcdever11.dll 16.02.2005 11:06 218.112 HijackThis.exe C:\WINDOWS\system32 07.05.2006 10:54 381.604 perfh009.dat 07.05.2006 10:54 53.868 perfc009.dat 07.05.2006 10:54 392.522 perfh007.dat 07.05.2006 10:54 64.806 perfc007.dat 07.05.2006 10:54 903.644 PerfStringBackup.INI 06.05.2006 23:22 8.192 udpmod.dll 06.05.2006 23:22 8.192 questmod.dll 06.05.2006 23:22 8.192 jao.dll 06.05.2006 23:22 8.192 bridge.dll 06.05.2006 23:22 8.192 a.exe 06.05.2006 23:22 8.192 runsrv32.exe 06.05.2006 23:22 8.192 txfdb32.dll 06.05.2006 23:22 8.192 runsrv32.dll 06.05.2006 23:22 8.192 wstart.dll 06.05.2006 23:22 8.192 tcpservice2.exe 06.05.2006 23:22 8.192 dailytoolbar.dll 06.05.2006 23:22 8.192 alxres.dll 06.05.2006 21:09 4.608 taskdir.dll 06.05.2006 19:34 2.206 wpa.dbl 04.05.2006 17:52 1 exuc32.tmp 04.05.2006 17:52 8.192 shellgui32.dll 04.05.2006 17:44 16.896 winapi32.dll 04.05.2006 17:44 48.644 winbl32.dll 04.05.2006 17:44 48.644 repigsp.exe 04.05.2006 17:44 71.684 winsrv32.exe 04.05.2006 17:44 8.708 rzcuxccp.exe 27.04.2006 19:52 6.152 phqghume.exe 23.04.2006 23:15 7.006 jupdate-1.5.0_06-b05.log 08.04.2006 13:22 6 reboot.txt 06.04.2006 21:48 5.143.456 MRT.exe 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 23.03.2006 22:34 3.074.560 mshtml.dll 22.03.2006 21:49 46.592 zlbw.dll 22.03.2006 21:49 51.065 taskdir.exe 22.03.2006 21:49 51.065 parad.raw.exe 22.03.2006 21:49 4 winsub.xml 22.03.2006 21:49 60 svcp.csv 22.03.2006 21:49 7.095 voblaizdupla.exe 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 152.064 cdfview.dll 04.03.2006 05:34 1.022.976 browseui.dll 21.02.2006 16:46 327.504 FNTCACHE.DAT 24.01.2006 17:26 204.800 FoxyUninstall.exe C:\WINDOWS 07.05.2006 10:51 0 0.log 07.05.2006 10:50 159 wiadebug.log 07.05.2006 10:50 223.168 setupapi.log 07.05.2006 10:50 1.915.729 WindowsUpdate.log 07.05.2006 10:50 50 wiaservc.log 07.05.2006 10:49 2.048 bootstat.dat 07.05.2006 10:48 32.622 SchedLgU.Txt 06.05.2006 23:22 8.192 dlmax.dll 06.05.2006 23:22 8.192 Pynix.dll 06.05.2006 23:22 8.192 BTGrab.dll 06.05.2006 23:22 8.192 ZServ.dll 06.05.2006 23:22 8.192 susp.exe 06.05.2006 23:22 8.192 alxtb1.dll 06.05.2006 23:22 8.192 alxie328.dll 06.05.2006 23:22 8.192 alexaie.dll 06.05.2006 22:58 10.809 win-sec-center-logo.gif 06.05.2006 22:58 1.014 warning-bar-ico.gif 06.05.2006 22:58 6.575 remove-spyware-btn.gif 06.05.2006 22:58 64 close-bar.gif 06.05.2006 22:58 177 blue-bg.gif 06.05.2006 22:58 545 yes-icon.gif 06.05.2006 22:58 2.400 windows-compatible.gif 06.05.2006 22:58 985 true-stories.gif 06.05.2006 22:58 196 star.gif 06.05.2006 22:58 127 star-grey.gif 06.05.2006 22:58 10.829 spyware-sheriff-header.gif 06.05.2006 22:58 18.610 spyware-sheriff-box.gif 06.05.2006 22:58 9.392 reg-freeze-header.gif 06.05.2006 22:58 20.199 reg-freeze-box.gif 06.05.2006 22:58 104 no-icon.gif 06.05.2006 22:58 7.627 info.gif 06.05.2006 22:58 7.679 infected.gif 06.05.2006 22:58 352 header-bg.gif 06.05.2006 22:58 1.028 h-line-gradient.gif 06.05.2006 22:58 2.361 free-scan-btn.gif 06.05.2006 22:58 803 footer.gif 06.05.2006 22:58 1.470 facts.gif 06.05.2006 22:58 119 corner-right.gif 06.05.2006 22:58 119 corner-left.gif 06.05.2006 22:58 2.151 buy-now-btn.gif 06.05.2006 22:58 3.808 antispylab-logo.gif 06.05.2006 22:58 9.977 adware-sheriff-header.gif 06.05.2006 22:58 18.600 adware-sheriff-box.gif 06.05.2006 22:03 291.338 comsetup.log 06.05.2006 22:03 1.891 imsins.log 06.05.2006 22:03 189.855 ntdtcsetup.log 06.05.2006 22:03 374.830 tsoc.log 06.05.2006 22:03 126.466 iis6.log 06.05.2006 22:03 42.565 ocmsn.log 06.05.2006 22:03 49.767 msgsocm.log 06.05.2006 22:03 582.653 ocgen.log 06.05.2006 22:03 888.232 FaxSetup.log 06.05.2006 22:02 4.507 imsins.BAK 06.05.2006 22:02 1.702 setuperr.log 06.05.2006 22:02 229.493 setupact.log 06.05.2006 21:26 1.824 ie4 error log.txt 06.05.2006 17:05 681 KB842787.log 06.05.2006 17:05 509 KB830363.log 06.05.2006 15:49 394.504 wmsetup.log 03.05.2006 18:09 116 NeroDigital.ini 25.04.2006 20:42 11.135 KB900485.log 16.04.2006 22:31 30.600 spupdsvc.log 16.04.2006 21:46 15.018 KB908531.log 16.04.2006 21:46 25.510 updspapi.log 16.04.2006 21:46 14.261 KB911562.log 16.04.2006 21:46 16.280 KB912812.log 16.04.2006 21:45 18.162 KB911565.log 16.04.2006 21:45 10.644 KB911567.log 08.04.2006 13:21 19.448 hpdj5600.his 08.04.2006 13:21 2.300 hpdj5600.ini 28.03.2006 17:48 7.043 MKDEMSG.LOG 28.03.2006 17:41 3.072 MKDEWE.TRN 27.03.2006 16:43 807 win.ini 27.03.2006 15:37 8.192 Thumbs.db 19.02.2006 14:28 3.166 TM.INI 19.02.2006 14:20 35 tdf.dii 17.02.2006 19:42 13.718 KB911927.log 17.02.2006 19:42 9.533 KB911564.log 17.02.2006 19:41 8.244 KB913446.log 17.02.2006 18:51 1.067.916 setupapi.log.1.old 14.02.2006 19:57 165 mandant.ini 31.01.2006 22:44 183.296 NDNuninstall7_22.exe 26.01.2006 19:31 3.347 mozver.dat 26.01.2006 18:25 37 install.log 22.01.2006 17:05 14.986 Lycos WLAN Sniffer Setup Log.txt 11.01.2006 19:21 10.111 KB908519.log 06.01.2006 23:16 11.007 KB912919.log 05.01.2006 20:38 183.296 NDNuninstall7_14.exe 0)DPF???? Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Verzeichnis von C:\WINDOWS\Downloaded Program Files 14.10.1997 18:52 697 DirectAnimation Java Classes.osd 07.06.2005 16:35 1.124.872 EPUWALcontrol.dll 09.05.2005 09:54 539 EPUWALcontrol.inf 23.04.2005 18:02 378 ImageUploader3.inf 23.04.2005 18:03 1.828.376 ImageUploader3.ocx 25.08.2003 18:12 1.096 iuctl.inf 11.10.2005 17:49 752 jinstall-1_5_0_05.inf 20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf 14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx 29.06.2005 19:17 227 opuc.inf 01.09.2004 18:46 298 sinstaller.inf 27.08.2005 14:30 5.065 swflash.inf 30.06.2003 23:41 1.689 WMV9VCM.inf 14 Datei(en) 3.079.042 Bytes Anzahl der angezeigten Dateien: 14 Datei(en) 3.079.042 Bytes 0 Verzeichnis(se), 38.056.263.680 Bytes frei 10)DPF???? Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Verzeichnis von C:\WINDOWS\Downloaded Program Files 14.10.1997 18:52 697 DirectAnimation Java Classes.osd 07.06.2005 16:35 1.124.872 EPUWALcontrol.dll 09.05.2005 09:54 539 EPUWALcontrol.inf 23.04.2005 18:02 378 ImageUploader3.inf 23.04.2005 18:03 1.828.376 ImageUploader3.ocx 25.08.2003 18:12 1.096 iuctl.inf 11.10.2005 17:49 752 jinstall-1_5_0_05.inf 20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf 14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx 29.06.2005 19:17 227 opuc.inf 01.09.2004 18:46 298 sinstaller.inf 27.08.2005 14:30 5.065 swflash.inf 30.06.2003 23:41 1.689 WMV9VCM.inf 14 Datei(en) 3.079.042 Bytes Anzahl der angezeigten Dateien: 14 Datei(en) 3.079.042 Bytes 0 Verzeichnis(se), 38.054.559.744 Bytes frei REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 07.05.2006 11:39:49 for strings: ; 'shhost' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\shhost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "shhost"="C:\\Programme\\OutLaster\\shhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost] "UninstallString"="C:\\Programme\\OutLaster\\un-shhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\shhost] [HKEY_USERS\S-1-5-21-2157384091-728378468-2993898689-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Programme\\OutLaster\\shhost.exe"="shhost" ; End Of The Log... Gruß Marc. |
|
|
||
07.05.2006, 13:11
Ehrenmitglied
Beiträge: 29434 |
#6
es ist eine schwere Verseuchung ..und wir muessen alles in Teilschritten abarbeiten.
a) das letzte Log von Datfindbat fehlt.... ( C:\ ) --------------------------------------------------------------------- LSPfix http://www.spychecker.com/program/lspfix.html - hake an: "I know what Im doing"--Remove - und loesche die newdotnet7_22.dll webhdll.dll (eventuell musst du die dll von links nach rechts bringen) ------------------------------------------------------------- öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)PC neustarten Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste den Text, der nach dem Neustart erscheint ** HijackThis (Uninstall Manager) *öffne HijackThis *click Config - Misc Tools - "Open Uninstall Manager" - "Save List" (generates uninstall_list.txt) *click - Save - *nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2006, 13:21
Member
Themenstarter Beiträge: 25 |
#7
Hallo Sabina,
hier das letzte log: Rest kommt Verzeichnis von C:\ 07.05.2006 13:18 0 sys.txt 07.05.2006 13:18 18.223 system.txt 07.05.2006 13:18 1.799 systemtemp.txt 07.05.2006 13:17 108.203 system32.txt 07.05.2006 12:29 2.286 DirDPF.txt 07.05.2006 12:29 2 DirDPFCns.txt 07.05.2006 10:49 536.399.872 hiberfil.sys 07.05.2006 10:49 805.306.368 pagefile.sys 04.05.2006 19:09 213.102 hpfr5600.log 22.03.2006 21:13 16 mxfilerelatedcache.mxc2 Hier der Rest: avenger.txt Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\nqwoikcp ******************* Script file located at: \??\C:\dddknwtc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\udpmod.dll deleted successfully. File C:\WINDOWS\system32\questmod.dll deleted successfully. File C:\WINDOWS\system32\jao.dll deleted successfully. File C:\WINDOWS\system32\bridge.dll deleted successfully. File C:\WINDOWS\system32\a.exe deleted successfully. File C:\WINDOWS\system32\taskdir.exe deleted successfully. File C:\WINDOWS\system32\susp.exe not found! Deletion of file C:\WINDOWS\system32\susp.exe failed! Could not process line: C:\WINDOWS\system32\susp.exe Status: 0xc0000034 File C:\WINDOWS\system32\runsrv32.exe deleted successfully. File C:\WINDOWS\system32\txfdb32.dll deleted successfully. File C:\WINDOWS\system32\runsrv32.dll deleted successfully. File C:\WINDOWS\system32\wstart.dll deleted successfully. File C:\WINDOWS\system32\tcpservice2.exe deleted successfully. File C:\WINDOWS\system32\dailytoolbar.dll deleted successfully. File C:\WINDOWS\system32\alxres.dll deleted successfully. File C:\WINDOWS\system32\taskdir.dll deleted successfully. File C:\WINDOWS\system32\exuc32.tmp deleted successfully. File C:\WINDOWS\system32\shellgui32.dll deleted successfully. File C:\WINDOWS\system32\winapi32.dll deleted successfully. File C:\WINDOWS\system32\winbl32.dll deleted successfully. File C:\WINDOWS\system32\repigsp.exe deleted successfully. File C:\WINDOWS\system32\winsrv32.exe deleted successfully. File C:\WINDOWS\system32\rzcuxccp.exe deleted successfully. File C:\WINDOWS\system32\phqghume.exe deleted successfully. File C:\WINDOWS\dlmax.dll deleted successfully. File C:\WINDOWS\Pynix.dll deleted successfully. File C:\WINDOWS\BTGrab.dll deleted successfully. File C:\WINDOWS\ZServ.dll deleted successfully. File C:\WINDOWS\susp.exe deleted successfully. File C:\WINDOWS\alxtb1.dll deleted successfully. File C:\WINDOWS\alxie328.dll deleted successfully. File C:\WINDOWS\alexaie.dll deleted successfully. File C:\WINDOWS\win-sec-center-logo.gif deleted successfully. File C:\WINDOWS\warning-bar-ico.gif deleted successfully. File C:\WINDOWS\remove-spyware-btn.gif deleted successfully. File C:\WINDOWS\close-bar.gif deleted successfully. File C:\WINDOWS\blue-bg.gif deleted successfully. File C:\WINDOWS\yes-icon.gif deleted successfully. File C:\WINDOWS\windows-compatible.gif deleted successfully. File C:\WINDOWS\true-stories.gif deleted successfully. File C:\WINDOWS\star.gif deleted successfully. File C:\WINDOWS\star-grey.gif deleted successfully. File C:\WINDOWS\spyware-sheriff-header.gif deleted successfully. File C:\WINDOWS\spyware-sheriff-box.gif deleted successfully. File C:\WINDOWS\reg-freeze-header.gif deleted successfully. File C:\WINDOWS\reg-freeze-box.gif deleted successfully. File C:\WINDOWS\no-icon.gif deleted successfully. File C:\WINDOWS\info.gif deleted successfully. File C:\WINDOWS\infected.gif deleted successfully. File C:\WINDOWS\header-bg.gif deleted successfully. File C:\WINDOWS\h-line-gradient.gif deleted successfully. File C:\WINDOWS\free-scan-btn.gif deleted successfully. File C:\WINDOWS\footer.gif deleted successfully. File C:\WINDOWS\facts.gif deleted successfully. File C:\WINDOWS\corner-right.gif deleted successfully. File C:\WINDOWS\corner-left.gif deleted successfully. File C:\WINDOWS\buy-now-btn.gif deleted successfully. File C:\WINDOWS\antispylab-logo.gif deleted successfully. File C:\WINDOWS\adware-sheriff-header.gif deleted successfully. File C:\WINDOWS\adware-sheriff-box.gif deleted successfully. File C:\WINDOWS\NDNuninstall7_22.exe deleted successfully. File C:\WINDOWS\NDNuninstall7_14.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\shhost deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost deleted successfully. Completed script processing. ******************* Finished! Terminate. Dieser Beitrag wurde am 07.05.2006 um 14:01 Uhr von timerider999 editiert.
|
|
|
||
07.05.2006, 14:12
Ehrenmitglied
Beiträge: 29434 |
#8
kopiere in den avenger:
Zitat Files to delete:gruene Ampel klicken..neustarten HijackThis (Uninstall Manager) *öffne HijackThis *click Config - Misc Tools - "Open Uninstall Manager" - "Save List" (generates uninstall_list.txt) *click - Save - *nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2006, 14:20
Member
Themenstarter Beiträge: 25 |
#9
Jetzt kommt dieses:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mxmnosof ******************* Script file located at: \??\C:\Program Files\uqprruko.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\mxfilerelatedcache.mxc2 deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
||
07.05.2006, 14:23
Ehrenmitglied
Beiträge: 29434 |
#10
HijackThis (Uninstall Manager)
*öffne HijackThis *click Config - Misc Tools - "Open Uninstall Manager" - "Save List" (generates uninstall_list.txt) *click - Save - *nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2006, 14:40
Member
Themenstarter Beiträge: 25 |
#11
Hier die nächste:
Ad-Aware SE Personal Adobe Reader 7.0.5 - Deutsch Adobe Reader 7.0.7 ALDI Foto Manager Free Sued (D) ALDI Online Druck Service (Sued) ALDI Sued Foto Service (D) ArcSoft PhotoStudio 5.5 ATI - Dienstprogramm zur Deinstallation der Software ATI Control Panel ATI Display Driver CA eTrust Antivirus Canon CanoScan Toolbox 4.9 Canon ScanGear Starter CleanUp! C-Media 3D Audio DesktopWonder V 1.0 DivX Codec EAX Unified eMule.de 44b v16 webcache Ethereal 0.10.13 eTrust Antivirus Registration Google Earth HaufeReader HijackThis 1.99.1 Home Cinema XL II hp deskjet 5600 InCD Informationen über Ihren PC InstantCopy iRaTe 2 J2SE Runtime Environment 5.0 Update 5 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_03 Logitech Desktop Messenger Logitech MouseWare 9.76 Logitech Print Service Logitech QuickCam Logitech Resource Center Logitech® Camera-Treiber Lunar LunarPlus 30-Minuten-Demo Lycos WLAN Sniffer Macromedia Flash Player 8 Manual CanoScan LiDE 500F maxx PDFMAILER Standard Medi@Show Medicopter 4 deinstallieren Medion Flash XL Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft AutoRoute v11.0 Microsoft Encarta Enzyklopädie 2004 Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt Microsoft Office Professional Edition 2003 Microsoft Outlook-Sicherung für Persönliche Ordner Microsoft Picture It! Foto Premium 9 Microsoft Windows-Journal-Viewer Microsoft Word 2002 Microsoft Works Microsoft Works Suite-Add-Ins für Microsoft Word MindManager 2002 Mozilla Firefox (1.0.6) MSN Messenger 7.5 MUSICMATCH(R) Jukebox MySQL Server 5.0 Nero Media Player Nero OEM NeroVision Express 3 New.net Domains 7.22 Nvu 1.0 Opera Orpheus Demo Outlook Backup Assistant 2.2 phase5 Pinnacle Hollywood FX for Studio PowerCinema 2.0 PowerDirector PowerDVD PowerProducer Race Driver RealOne Player SAMSUNG CDMA Modem Driver Set Samsung PC Studio Samsung PC Studio 3 USB Driver Installer Samsung Samples Installer Search Assistant Shockwave Sicherheitsupdate für Step by Step Interactive Training (KB898458) Sicherheitsupdate für Windows Media Player (KB911564) Sicherheitsupdate für Windows Media Player 10 (KB911565) Sicherheitsupdate für Windows XP (KB890046) Sicherheitsupdate für Windows XP (KB893756) Sicherheitsupdate für Windows XP (KB896358) Sicherheitsupdate für Windows XP (KB896422) Sicherheitsupdate für Windows XP (KB896423) Sicherheitsupdate für Windows XP (KB896424) Sicherheitsupdate für Windows XP (KB896428) Sicherheitsupdate für Windows XP (KB896688) Sicherheitsupdate für Windows XP (KB899587) Sicherheitsupdate für Windows XP (KB899588) Sicherheitsupdate für Windows XP (KB899591) Sicherheitsupdate für Windows XP (KB900725) Sicherheitsupdate für Windows XP (KB901017) Sicherheitsupdate für Windows XP (KB901214) Sicherheitsupdate für Windows XP (KB902400) Sicherheitsupdate für Windows XP (KB904706) Sicherheitsupdate für Windows XP (KB905414) Sicherheitsupdate für Windows XP (KB905749) Sicherheitsupdate für Windows XP (KB905915) Sicherheitsupdate für Windows XP (KB908519) Sicherheitsupdate für Windows XP (KB908531) Sicherheitsupdate für Windows XP (KB911562) Sicherheitsupdate für Windows XP (KB911567) Sicherheitsupdate für Windows XP (KB911927) Sicherheitsupdate für Windows XP (KB912812) Sicherheitsupdate für Windows XP (KB912919) Sicherheitsupdate für Windows XP (KB913446) SiSoftware Sandra Lite 2005.SR1 (Win64/32/CE) SmartSound Quicktracks Plugin Steuer 2005 Steuer Hilfesammlung Version 12 Studio 9 Synthesizer Access Modul TuneUp Utilities 2006 Update für Windows XP (KB894391) Update für Windows XP (KB896727) Update für Windows XP (KB898461) Update für Windows XP (KB900485) Update für Windows XP (KB910437) USB Wireless Keyboard Driver Ver1.24M VideoLive Mail Viewpoint Media Player VMware Workstation webHancer Customer Companion webHancer Survey Companion Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 2 Windows XP-Hotfix - KB834707 Windows XP-Hotfix - KB867282 Windows XP-Hotfix - KB873333 Windows XP-Hotfix - KB873339 Windows XP-Hotfix - KB885250 Windows XP-Hotfix - KB885835 Windows XP-Hotfix - KB885836 Windows XP-Hotfix - KB885884 Windows XP-Hotfix - KB886185 Windows XP-Hotfix - KB887472 Windows XP-Hotfix - KB887742 Windows XP-Hotfix - KB888113 Windows XP-Hotfix - KB888302 Windows XP-Hotfix - KB890047 Windows XP-Hotfix - KB890175 Windows XP-Hotfix - KB890859 Windows XP-Hotfix - KB890923 Windows XP-Hotfix - KB891781 Windows XP-Hotfix - KB893066 Windows XP-Hotfix - KB893086 Windows-Sicherungsprogramm WinPcap 3.1 Win-Tools Easy Installer (by WebSearch) WinZip X10 Hardware(TM) XoftSpy |
|
|
||
07.05.2006, 14:57
Ehrenmitglied
Beiträge: 29434 |
#12
boote in den abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt)
1. deinstalliere: Win-Tools Easy Installer (by WebSearch) New.net Domains 7.22 webHancer Customer Companion webHancer Survey Companion OutLaster DesktopWonder V 1.0 2. loesche: C:\Program Files\webHancer C:\Programme\Gemeinsame Dateien\WinTools C:\Programme\OutLaster C:\Programme\NEWDOT boote wieder in den Normalmodus 3. Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove --> Status: Deleted *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2006, 15:42
Member
Themenstarter Beiträge: 25 |
#13
sorry counterspy läuft im Hintergrund.
Melde mich dann wieder!! Marc. Hallo Sabina, 1. die Datei OutLaster konnte ich über software nicht finden. 2. C:\ Programme\NEWDOT lässt sich nicht löschen, da schreibgeschützt, kann ich auch nicht aufheben 3. Der Counterspy schliesst sich immer wenn ich auf Scan now gehe Was soll ich machen?? Gruß Marc. Dieser Beitrag wurde am 07.05.2006 um 15:54 Uhr von timerider999 editiert.
|
|
|
||
07.05.2006, 16:43
Ehrenmitglied
Beiträge: 29434 |
#14
gehe in den abgesicherten Modus und scanne dort mit Counterspy, dann alles auf *remove stellen
vergiss nicht, dann den scanreport zu posten (wenn du wieder im Normalmodus bist) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2006, 22:01
Member
Themenstarter Beiträge: 25 |
#15
Hallo sabina,
hier endlich der Bericht von counter spy: Spyware Scan Details Start Date: 07.05.2006 20:15:51 End Date: 07.05.2006 21:52:23 Total Time: 1 hrs 36 mins 32 secs Detected spyware NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Ignored Infected files detected c:\Programme\NewDotNet\newdotnet7_22.dll c:\programme\newdotnet\readme.html c:\programme\newdotnet\uninstall6_38.exe c:\programme\newdotnet\uninstall7_22.exe c:\windows\ndnuninstall6_38.exe C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Temp\backups\backup-20060507-133411-402.dll C:\WINDOWS\NDNuninstall6_98.exe Infected registry entries detected HKEY_CLASSES_ROOT\tldctl2.urllink.1 HKEY_CLASSES_ROOT\tldctl2.urllink.1\CLSID {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} HKEY_CLASSES_ROOT\tldctl2.urllink.1 URLLink HKEY_CLASSES_ROOT\tldctl2.urllink HKEY_CLASSES_ROOT\tldctl2.urllink\CLSID {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} HKEY_CLASSES_ROOT\tldctl2.urllink\CurVer Tldctl2.URLLink.1 HKEY_CLASSES_ROOT\tldctl2.urllink URLLink HKEY_CLASSES_ROOT\tldctl2.urllink\clsid HKEY_CLASSES_ROOT\tldctl2.urllink\clsid {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1 HKEY_LOCAL_MACHINE\SOFTWARE\New.net LSPStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run New.net Startup HKEY_LOCAL_MACHINE\software\new.net HKEY_LOCAL_MACHINE\software\new.net Activity 10610 HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 458774 HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet7_22.dll HKEY_LOCAL_MACHINE\software\new.net Tag id=828d06d47cff59b85c50e935ac32601a HKEY_LOCAL_MACHINE\software\new.net DiscardTag HKEY_LOCAL_MACHINE\software\new.net FirstTime HKEY_LOCAL_MACHINE\software\new.net Source new_net HKEY_LOCAL_MACHINE\software\new.net Prt NN100 HKEY_LOCAL_MACHINE\software\new.net LSPStatus 0 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29783186 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -101433602 HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2 HKEY_LOCAL_MACHINE\software\new.net Search 1 HKEY_LOCAL_MACHINE\software\new.net XpiDone 1 HKEY_CURRENT_USER\Software\New.net HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag webHancer Adware (General) more information... Details: WebHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user. Status: Ignored Infected files detected c:\programme\whinstall\whagent.inf c:\programme\whinstall\whinstaller.ini C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1008\Dc58\whAgent_update.exe Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey Changed 0 HKEY_LOCAL_MACHINE\software\webhancer HKEY_LOCAL_MACHINE\software\webhancer\CC DistTag OVERNET HKEY_LOCAL_MACHINE\software\webhancer\CC id 129374547 HKEY_LOCAL_MACHINE\software\webhancer HKEY_LOCAL_MACHINE\software\webhancer BaseDir C:\Program Files\webHancer HKEY_LOCAL_MACHINE\SOFTWARE\webHancer BaseDir C:\Program Files\webHancer Trojan.Vxgame Trojan more information... Details: Vxgame is a trojan that silently downloads additional malware from the internet and alters the system's security settings by disabling the Windows firewall. Status: Ignored Infected files detected c:\windows\system32\svcp.csv c:\windows\system32\winsub.xml Trojan.svcHost Trojan more information... Details: Trojan.svcHost is a trojan that downloads and installs adware and malware from the internet without the user's knowledge and consent. Status: Ignored Infected files detected c:\windows\system32\zlbw.dll Proxy-Lager Backdoor more information... Details: Proxy-Lager is an application that creates a backdoor on the infected machine which is used by attackers to perform malicious activities. Status: Ignored Infected files detected c:\windows\system32\parad.raw.exe C:\WINDOWS\system32\voblaizdupla.exe IBIS.WinTools Browser Plug-in more information... Details: Bubba WinTools purpose is currently unknown. Bubba.wintools installs a Browser Helper Object, a URLSearchHook and drops several files in Common files\WinTools\. Bubba.wintools runs at startup Status: Ignored Infected files detected C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1008\Dc59\WToolsA.exe Trojan.Blarul.D Backdoor more information... Status: Ignored Infected files detected C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1008\Dc60\shhost.exe IBIS.WebSearch Toolbar Toolbar more information... Details: WebSearch Toolbar is an Internet Explorer search hijacker. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3} HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\Implemented Categories HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3} HKEY_CLASSES_ROOT\protocols\name-space handler\res HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto C C HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8} HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\Implemented Categories HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8} Alexa Toolbar Potential Privacy Risk more information... Details: Alexa is a free, ad-based product which installs itself into your Internet Explorer or Netscape browser. It ads a bar which has a series of links into your browser which gives quite a bit of information about each web page that you visit. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Toolbar HKEY_CLASSES_ROOT\AlxTB.BHO HKEY_CLASSES_ROOT\Interface\{0BBB0424-E98E-4405-9A94-481854765C80} HKEY_CLASSES_ROOT\Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73} HKEY_CLASSES_ROOT\Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217} HKEY_CLASSES_ROOT\Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764} HKEY_CLASSES_ROOT\Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84} HKEY_CLASSES_ROOT\Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F} HKEY_CLASSES_ROOT\TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar HKEY_CLASSES_ROOT\Popup.PopupKiller VX2.Transponder Browser Plug-in more information... Details: VX2 is an Internet Explorer Browser Helper Object that monitors web page requests and data entered into forms, sending this information to its home server, and opens pop-up advertisement windows. VX2 also collects and sends personal information. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\software\respondmiter HKEY_LOCAL_MACHINE\software\respondmiter Adware.Srv32 C:\WINDOWS\system32\runsrv32.exe HKEY_LOCAL_MACHINE\software\transponder HKEY_LOCAL_MACHINE\software\transponder Adware.Srv32 C:\WINDOWS\system32\runsrv32.exe Transponder TPS108 Browser Plug-in more information... Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\software\software\tps108 HKEY_LOCAL_MACHINE\software\software\tps108 Adware.Srv32 C:\WINDOWS\system32\runsrv32.exe eDonkey2000 P2P Program more information... Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1 HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object DailyToolbar Toolbar more information... Details: DailyToolbar is a pornographic-related toolbar that periodically generates pop-up advertisements. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\IEToolbar.AffiliateCtl HKEY_CLASSES_ROOT\DailyToolbar.IEBand HKEY_CLASSES_ROOT\AppID\{951B3138-AE8E-4676-A05A-250A5F111631} HKEY_CLASSES_ROOT\AppID\DailyToolbar.DLL HKEY_CLASSES_ROOT\AppID\DailyToolbar.DLL DailyToolbar dailytoolbar.dll HKEY_LOCAL_MACHINE\SOFTWARE\DailyToolbar HKEY_CLASSES_ROOT\DailyToolbar.SysMgr HKEY_LOCAL_MACHINE\SOFTWARE\NIX Solutions\DailyToolbar HKEY_LOCAL_MACHINE\Software\NIX Solutions Bridge/WinFavorites Adware (General) more information... Details: Bridge monitors your Internet surfing activities. It can log keystrokes and sending them to a webserver online. Also is known to popup advertising. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\Jao.jao HKEY_CLASSES_ROOT\Bridge.brdg TMKSoft.Admess Adware (General) more information... Details: Admess opens Web pages and displays advertisements with adult content. Admess is related to Xplugin by the same vendor. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\WStart.WHttpHelper HKEY_CLASSES_ROOT\WStart.WHttpHelper.1 HKEY_CLASSES_ROOT\AppID\{F6BDB4E5-D6AA-4D1F-8B67-BCB0F2246E21} DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\winapi32.MyBHO HKEY_CLASSES_ROOT\winapi32.MyBHO\Clsid {62E2E094-F989-48C6-B947-6E79DA2294F9} HKEY_CLASSES_ROOT\winapi32.MyBHO winapi32.MyBHO Trojan.Downloader.Various Trojan more information... Details: Trojan.Downloader.Various is a group of Trojan Downloaders which install download and install multiple unwanted applications of adware and malware from remote servers. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\winapi32.MyBHO HKEY_CLASSES_ROOT\winapi32.MyBHO\Clsid {62E2E094-F989-48C6-B947-6E79DA2294F9} HKEY_CLASSES_ROOT\winapi32.MyBHO winapi32.MyBHO |
|
|
||
habe mir den Hijacker About: blank eingefangen!!
Der hijackthis egibr folgendes: (kann mir jemand helfen??)
Logfile of HijackThis v1.99.1
Scan saved at 22:58:50, on 06.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\OutLaster\shhost.exe
C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\GEMEIN~1\WinTools\WSup.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\winsrv32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Dubi\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [shhost] C:\Programme\OutLaster\shhost.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MARKETING32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - https://www.hood.de/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Vielen Dank!!
marc.