Bitte 'auch' um Überprüfung meines Logfiles *Update, BITTE gucken*

#0
12.06.2006, 20:34
Member

Beiträge: 20
#1 anbei meine generierte logfile.
habe ich irgendwelche Spyware und/oder Malware auf dem rechner.
Danke euch schonmal

Logfile of HijackThis v1.99.1
Scan saved at 13:26:58, on 12.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Miamilove\Eigene Dateien\tools\HijackThis.exe
C:\Dokumente und Einstellungen\Miamilove\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freenet.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Alles mit Net Transport herunterladen - C:\Programme\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Herunterladen mit Net Transport - C:\Programme\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104942621390
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9CFB38-CB90-41D4-ABEF-EE321FD39269}: NameServer = 194.97.173.124 194.97.173.125
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


UPDATE:

so mir gehts im prinzipp eingentlich nur um diesen webhancerkrampf

habe jetzt bis schritt 4 alles so gemacht, wie sabrina es [url=http://board.protecus.de/t23699.htm#228389]hier[/url] geschrieben hat

das sind meine ergebnisse:

log von look2me
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 13.06.2006 17:06:12


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administratoren - Succeeded


log von windows clean up:
CleanUp! started on 06/13/06 17:13:48.
Alles im Ordner C:\Dokumente und Einstellungen\Miamilove\Recent\ wurde gelöscht

C:\DOKUME~1\MIAMIL~1\LOKALE~1\Temp\~e5.0001 - deleted
C:\DOKUME~1\MIAMIL~1\LOKALE~1\Temp\flashgot\FlashGot.exe.test - deleted
C:\DOKUME~1\MIAMIL~1\LOKALE~1\Temp\flashgot-1\FlashGot.exe.test - deleted
C:\DOKUME~1\MIAMIL~1\LOKALE~1\Temp\hsperfdata_Miamilove\ - deleted
C:\DOKUME~1\MIAMIL~1\LOKALE~1\Temp\~e5.0001 - deleted
C:\DOKUME~1\MIAMIL~1\LOKALE~1\Temp\flashgot\FlashGot.exe.test - deleted
C:\DOKUME~1\MIAMIL~1\LOKALE~1\Temp\flashgot-1\FlashGot.exe.test - deleted
C:\WINDOWS\002466_.tmp - deleted
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SETA.tmp - deleted
C:\WINDOWS\temp\~DFF301.tmp - deleted
C:\Dokumente und Einstellungen\Miamilove\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Miamilove\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-0EC716D9.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted
C:\WINDOWS\Prefetch\AT.EXE-2770DD18.pf - deleted
C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP451.EXE-330D93EF.pf - deleted
C:\WINDOWS\Prefetch\CLEARPROG.EXE-1934C98F.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\EXCEL.EXE-3281D776.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\FLASHGOT.EXE-3AF635C1.pf - deleted
C:\WINDOWS\Prefetch\FOTOCANVASLITE2.EXE-0E4B55B2.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0742F396.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-109D65A0.pf - deleted
C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\KEYBLO.EXE-3AB604D4.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\LOOK2ME-DESTROYER.EXE-158C6229.pf - deleted
C:\WINDOWS\Prefetch\LSPFIX.EXE-07FC0261.pf - deleted
C:\WINDOWS\Prefetch\MADDEN06.EXE-30B7C5DC.pf - deleted
C:\WINDOWS\Prefetch\MAINAPP.EXE-29641155.pf - deleted
C:\WINDOWS\Prefetch\MATHCAD.EXE-25FCD76B.pf - deleted
C:\WINDOWS\Prefetch\MPLAYERC.EXE-3069EE15.pf - deleted
C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf - deleted
C:\WINDOWS\Prefetch\MSIMN.EXE-0B61806C.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-32066BA5.pf - deleted
C:\WINDOWS\Prefetch\MSNMSGR.EXE-091111D0.pf - deleted
C:\WINDOWS\Prefetch\NETTRANSPORT.EXE-0EEB9D31.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NVSVC32.EXE-1F9EED18.pf - deleted
C:\WINDOWS\Prefetch\OOD2000.EXE-15AAF208.pf - deleted
C:\WINDOWS\Prefetch\REALPLAY.EXE-362DD80A.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-29B10DD9.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A767D31.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2B048BF1.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F89DB56.pf - deleted
C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted
C:\WINDOWS\Prefetch\STARWINDSERVICE.EXE-19A7EDF4.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VLC.EXE-29851A71.pf - deleted
C:\WINDOWS\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\XCLEANER_FREE.EXE-12FA0F26.pf - deleted
C:\WINDOWS\Prefetch\~E5.0001-1B7D6FA1.pf - deleted
C:\temp\DebugTrace-RockallDLL.log - deleted
C:\temp\log.txt - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 146.1 MB of disk space from 9933 files.
CleanUp! finished on 06/13/06 17:14:34.

allerdings hat mich das porgramm gefragt, dass die mir die log nochmal genau angucken soll, bevor ich was lösche. und dann nochmal den scan 'for real' durchführen soll.

dann noch die 4 logs von der bat datei!!
system32:
13.06.2006 17:10 17.145 nvapps.xml
11.06.2006 12:51 7.952 OODDRMBS.EXE
27.05.2006 10:40 2.206 wpa.dbl
11.05.2006 15:12 126.912 FNTCACHE.DAT
04.05.2006 06:26 5.818.784 MRT.exe
30.04.2006 20:13 58.952 MsgPlusLoader.dll
30.03.2006 11:26 1.492.480 shdocvw.dll
30.03.2006 03:16 18.944 xpsp3res.dll
26.03.2006 23:43 34.308 BASSMOD.dll
26.03.2006 11:42 316.594 perfh007.dat
26.03.2006 11:42 311.604 perfh009.dat
26.03.2006 11:42 39.992 perfc009.dat
26.03.2006 11:42 48.156 perfc007.dat
26.03.2006 11:42 723.744 PerfStringBackup.INI
23.03.2006 22:34 3.074.560 mshtml.dll
18.03.2006 13:09 615.424 urlmon.dll
17.03.2006 11:11 679.424 inetcomm.dll
17.03.2006 06:03 8.493.056 shell32.dll
17.03.2006 02:38 28.672 verclsid.exe
08.03.2006 19:39 69.632 ElbyCDIO.dll
04.03.2006 05:34 664.064 wininet.dll
04.03.2006 05:34 474.624 shlwapi.dll
04.03.2006 05:34 39.424 pngfilt.dll
04.03.2006 05:34 532.480 mstime.dll
04.03.2006 05:34 448.512 mshtmled.dll
04.03.2006 05:34 146.432 msrating.dll
04.03.2006 05:34 251.392 iepeers.dll
04.03.2006 05:34 205.312 dxtrans.dll
04.03.2006 05:34 55.808 extmgr.dll
04.03.2006 05:34 1.056.256 danim.dll
04.03.2006 05:34 96.768 inseng.dll
04.03.2006 05:34 152.064 cdfview.dll
04.03.2006 05:34 1.022.976 browseui.dll
01.03.2006 21:43 91.136 mtxoci.dll
01.03.2006 21:43 11.776 xolehlp.dll
01.03.2006 21:43 161.280 msdtcuiu.dll
01.03.2006 21:43 956.416 msdtctm.dll
01.03.2006 21:43 426.496 msdtcprx.dll
01.03.2006 21:43 66.560 mtxclu.dll

systemtemp:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 10CB-3D20

Verzeichnis von C:\DOKUME~1\MIAMIL~1\LOKALE~1\Temp

12.06.2006 20:54 72.192 ~e5.0001
1 Datei(en) 72.192 Bytes
0 Verzeichnis(se), 24.069.402.624 Bytes frei

system:
Verzeichnis von C:\WINDOWS

13.06.2006 17:17 1.806.063 WindowsUpdate.log
13.06.2006 17:10 0 0.log
13.06.2006 17:10 159 wiadebug.log
13.06.2006 17:10 50 wiaservc.log
13.06.2006 17:10 2.048 bootstat.dat
13.06.2006 16:50 54.156 QTFont.qfn
13.06.2006 10:02 32.618 SchedLgU.Txt
12.06.2006 23:04 116 NeroDigital.ini
12.06.2006 17:34 140 winamp.ini
12.06.2006 13:18 634 win.ini
12.06.2006 13:18 227 system.ini
10.06.2006 14:29 1.409 QTFont.for
09.06.2006 11:01 36.363 CSTBox.INI
07.06.2006 10:42 5.888 ModemLog_Samsung GPRS MODEM.txt
29.05.2006 20:17 443.481 setupapi.log
13.05.2006 11:06 183.296 NDNuninstall7_22.exe
13.05.2006 11:05 357 whInstaller.ini
10.05.2006 23:35 672.553 iis6.log
10.05.2006 23:35 192.277 comsetup.log
10.05.2006 23:35 115.863 ntdtcsetup.log
10.05.2006 23:35 1.374 imsins.log
10.05.2006 23:35 27.168 ocmsn.log
10.05.2006 23:35 266.708 tsoc.log
10.05.2006 23:35 29.461 tabletoc.log
10.05.2006 23:35 11.741 KB913580.log
10.05.2006 23:35 100.255 netfxocm.log
10.05.2006 23:35 28.638 medctroc.Log
10.05.2006 23:35 28.873 msgsocm.log
10.05.2006 23:35 291.014 ocgen.log
10.05.2006 23:35 566.643 FaxSetup.log
10.05.2006 23:35 184.576 msmqinst.log
10.05.2006 23:35 26.378 updspapi.log
09.05.2006 17:38 5.760.054 Firefox Wallpaper.bmp
09.05.2006 17:26 45.056 NCUNINST.EXE
08.05.2006 15:36 270 dwg2jpg.INI
08.05.2006 15:35 73.216 cadkasdeinst01.exe
25.04.2006 20:51 1.374 imsins.BAK
25.04.2006 20:51 11.162 KB900485.log
14.04.2006 10:33 15.031 KB908531.log
14.04.2006 10:32 14.234 KB911562.log
14.04.2006 10:32 16.255 KB912812.log
14.04.2006 10:32 10.661 KB911567.log
04.04.2006 11:03 652 unins000.dat
04.04.2006 11:03 72.748 unins000.exe
27.03.2006 20:00 516 MAXLINK.INI
26.03.2006 23:46 189.951 setupact.log

sys:
Verzeichnis von C:\

13.06.2006 17:31 0 sys.txt
13.06.2006 17:31 11.903 system.txt
13.06.2006 17:29 292 systemtemp.txt
13.06.2006 17:28 109.024 system32.txt
13.06.2006 17:10 805.306.368 pagefile.sys
12.06.2006 13:18 211 boot.ini
29.05.2006 13:20 389 Upload vom 29.05.06 um 13-20-50 Uhr.txt



danke schonmal für eure hilfe
Dieser Beitrag wurde am 13.06.2006 um 17:32 Uhr von Miamilove20 editiert.
Seitenanfang Seitenende
13.06.2006, 22:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Miamilove20

Start - Ausfuehren - regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent-> loeschen

HKEY_LOCAL_MACHINE\SOFTWARE\webHancer -> loeschen

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net --> loeschen

-------------------------

LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing"--Remove
- und loesche die webhdll.dll (eventuell musst du die dll von links nach rechts bringen)

-----------

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O8 - Extra context menu item: Alles mit Net Transport herunterladen - C:\Programme\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Herunterladen mit Net Transport - C:\Programme\Xi\NetTransport 2\NTAddLink.html

PC neustarten

**
deinstallieren:

C:\Program Files\webHancer
C:\Programme\Xi\NetTransport 2
C:\Programme\NewDotNet

**
loeschen:

C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\whInstaller.ini
C:\WINDOWS\cadkasdeinst01.exe
C:\WINDOWS\dwg2jpg.INI

C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whiehlpr.dll
C:\Program Files\webHancer\Programs\whinstaller.exe
C:\Program Files\webHancer\Programs\whsurvey.exe

C:\Programme\whInstall\Sporder.dll
C:\Programme\whInstall\WhAgent.exe
C:\Programme\whInstall\whAgent.inf
C:\Programme\whInstall\whAgent.ini
C:\Programme\whInstall\whiehlpr.dll
C:\Programme\whInstall\whInstaller.exe
C:\Programme\whInstall\whInstaller.ini
C:\Programme\whInstall\WhSurvey.exe

**
Ewido
scanne und poste den scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.06.2006, 23:26
Member

Themenstarter

Beiträge: 20
#3 wow danke 207 infizierte dateien hat ewido bei mir noch gefunden ... hier die log dazu:

---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 23:24:46, 13.06.2006
+ Report-Checksumme: F8FB0CDF

+ Scanergebnis:

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Gesäubert mit Backup
HKU\S-1-5-21-515967899-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Gesäubert mit Backup
HKU\S-1-5-21-515967899-1960408961-725345543-1003\Software\WhenU -> Adware.SaveNow : Gesäubert mit Backup

:mozilla.512:C:\Dokumente und Einstellungen\Miamilove\Anwendungsdaten\Mozilla\Firefox\Profiles\i2307e6s.Standard-Benutzer\cookies.txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
:mozilla.513:C:\Dokumente und Einstellungen\Miamilove\Anwendungsdaten\Mozilla\Firefox\Profiles\i2307e6s.Standard-Benutzer\cookies.txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Programme\whInstall -> Adware.Webhancer : Gesäubert mit Backup
C:\Programme\whInstall\license.txt -> Adware.Webhancer : Gesäubert mit Backup
C:\Programme\whInstall\readme.txt -> Adware.Webhancer : Gesäubert mit Backup
C:\Programme\whInstall\whAgent.inf -> Adware.Webhancer : Gesäubert mit Backup
C:\WINDOWS\webhdll.dll -> Adware.WebHancer : Gesäubert mit Backup


::Report Ende
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: