Falsche seite wird angezeigtThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
21.11.2006, 23:47
Ehrenmitglied
Beiträge: 29434 |
||
|
||
22.11.2006, 13:57
Member
Themenstarter Beiträge: 16 |
#17
Scannreport
McAfee FreeScan has detected 1 file on your computer! Your personal information might be vulnerable to exposure or corruption. Your computer might transmit possible Thread to friends, family, and co-workers. Get immediate protection with McAfee VirusScan. Buy Now! Learn More... Important: If you disabled your anti-virus software, please re-enable it now. Scan Location Drive C My Documents Windows Files Scan Status Files Scanned: 17049 Files Detected: 1 Information: Scanning completed! List of Detected Files File Name Thread Name E:\WINDOWS\system32\msvxi20.dll Spyware-eBlaster Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\jytolsey ******************* Script file located at: \??\E:\Program Files\atwtliei.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at E:\Avenger ******************* Beginning to process script file: File E:\WINDOWS\system32\logset.dll deleted successfully. Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper\{7FC09A5A-A2AE-4B01-86AA-DBB7BFF4EB5F} not found! Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper\{7FC09A5A-A2AE-4B01-86AA-DBB7BFF4EB5F} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. MfG Hägi __________ MfG Hägi |
|
|
||
22.11.2006, 14:18
Ehrenmitglied
Beiträge: 29434 |
#18
der Spyware-eBlaster muesste nun geloescht sein, und das System wieder clean
werden die seiten noch umgeleitet ??? poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.11.2006, 14:24
Member
Themenstarter Beiträge: 16 |
#19
Logfile of HijackThis v1.99.1
Scan saved at 14:27:16, on 22.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\System32\LckFldService.exe E:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE E:\Programme\QuickTime\qttask.exe E:\Programme\FreePDF_XP\fpassist.exe E:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe E:\Programme\Java\jre1.5.0_04\bin\jusched.exe E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE E:\Programme\Java\jre1.5.0_04\bin\jucheck.exe E:\Programme\Spamihilator\spamihilator.exe E:\WINDOWS\system32\ctfmon.exe E:\Programme\Messenger\msmsgs.exe E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe E:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe E:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe E:\Programme\C-CHANNEL\MyPen Pro\MyPenPro.exe E:\Programme\Internet Explorer\iexplore.exe E:\Programme\AntiVir PersonalEdition Classic\avguard.exe E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe E:\Programme\AntiVir PersonalEdition Classic\sched.exe E:\Dokumente und Einstellungen\Renato Brigger\Eigene Dateien\Download\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ch/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7FC09A5A-A2AE-4B01-86AA-DBB7BFF4EB5F} - E:\WINDOWS\system32\logset.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programme\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [WpsRePsw] E:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [Messenger Backup Chat Logger] "E:\Programme\Messenger Backup\ChatLogger.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [FreePDF Assistant] E:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Spamihilator] "E:\Programme\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [swg] E:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Adobe Reader - Schnellstart.lnk = E:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ? O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyPen Pro.lnk = ? O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.krankenversicherung.ch/CFIDE/classes/CFJava.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143736238503 O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://s01.picserver.info/upload/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www3.photo-druck.de/XUpload.ocx O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4899/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: !SASWinLogon - E:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - E:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LckFldService - Unknown owner - E:\WINDOWS\System32\LckFldService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe Die Datei "E:\WINDOWS\system32\msvxi20.dll " ist aber immer noch vorhanden. Manuell löschen? Seiten werden nicht mehr umgeleitet. MfG Hägi __________ MfG Hägi |
|
|
||
22.11.2006, 15:23
Ehrenmitglied
Beiträge: 29434 |
#20
1.
Avenger Zitat Files to delete:2. öffne das HijackThis -- Button "scan" -- vor diesen Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {7FC09A5A-A2AE-4B01-86AA-DBB7BFF4EB5F} - E:\WINDOWS\system32\logset.dll (file missing) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.11.2006, 21:50
Member
Themenstarter Beiträge: 16 |
#21
Danke Sabina.
Ich hoffe mein System ist jetzt wieder in Ordung. (oder?) Vielen Dank für deine Hilfe. Ist echt super und weiter so. MfG Hägi __________ MfG Hägi |
|
|
||
Zitat
ja, mache das__________
MfG Sabina
rund um die PC-Sicherheit