Falsche seite wird angezeigtThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
18.11.2006, 00:11
Member
Beiträge: 16 |
||
|
||
18.11.2006, 01:12
Ehrenmitglied
Beiträge: 29434 |
#2
1.
poste dieses log http://virus-protect.org/artikel/tools/combofix.html 2. scanne und poste den report http://virus-protect.org/artikel/tools/fixwareout.html 3. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 4. Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.11.2006, 09:29
Member
Themenstarter Beiträge: 16 |
#3
Hallo Sabina
Hier die entsprechenden Logs. Danke - 06-11-18 8:43:45.51 Service Pack 2 ComboFix 06.11.9 - Running from: "E:\Dokumente und Einstellungen\Renato Brigger\Eigene Dateien\Download" ((((((((((((((((((((((((((((((( Files Created from 2006-10-18 to 2006-11-18 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-18 00:16 -------- d-------- E:\Programme\Spamihilator 2006-10-31 13:46 -------- d-------- E:\Programme\Google 2006-10-30 18:21 -------- d-------- E:\Programme\Zylom Games 2006-10-17 18:49 -------- d-------- E:\Programme\eMule 2006-10-10 08:34 72008 --a------ E:\Dokumente und Einstellungen\Renato Brigger\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2006-09-10 19:48 10 --a------ E:\WINDOWS\system32\Mlkf.dll 2006-08-29 20:07 13480 --a------ E:\Dokumente und Einstellungen\Renato Brigger\Anwendungsdaten\NMM-MetaData.db 2006-08-11 17:46 780 --a------ E:\Dokumente und Einstellungen\Renato Brigger\Anwendungsdaten\AdobeDLM.log (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Spamihilator"="\"E:\\Programme\\Spamihilator\\spamihilator.exe\"" "ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"E:\\Programme\\Messenger\\msmsgs.exe\" /background" "PcSync"="E:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "swg"="E:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WpsRePsw"="E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\WpsRePsw.EXE" "Messenger Backup Chat Logger"="\"E:\\Programme\\Messenger Backup\\ChatLogger.exe" "QuickTime Task"="\"E:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "FreePDF Assistant"="E:\\Programme\\FreePDF_XP\\fpassist.exe" "Acrobat Assistant 7.0"="\"E:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" @="" "SunJavaUpdateSched"="E:\\Programme\\Java\\jre1.5.0_04\\bin\\jusched.exe" "NeroFilterCheck"="E:\\WINDOWS\\system32\\NeroCheck.exe" "avgnt"="\"E:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Zone Labs Client"="E:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe" "NvCplDaemon"="RUNDLL32.EXE E:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE E:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "PCSuiteTrayApplication"="E:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "dmhkg.exe"="E:\\WINDOWS\\system32\\dmhkg.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="E:\\WINDOWS\\System32\\CTFMON.EXE" "Symantec Network Driver Update Warning"="E:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE" "Symantec NetDriver Warning"="E:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="E:\\WINDOWS\\System32\\CTFMON.EXE" "Symantec Network Driver Update Warning"="E:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE" "Symantec NetDriver Warning"="E:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "Monutil"="{2202ADA7-DE3B-480D-974A-974B05221512}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-11-18 8:45:04.48 E:\ComboFix.txt ... 06-11-18 08:45 E:\ComboFix2.txt ... 06-11-18 00:32 Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}72B8FFCBFE33-2E39-1B14-764D-A6F86F06{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D34093E7D0D9-9F2A-12E4-D8EC-1754D4BF{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\gkhmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm ... Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal E:\WINDOWS\SYSTEM32\DMHKG.EXE 60'982 2004-08-04 Other suspects. Directory of E:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. Volume in Laufwerk E: hat keine Bezeichnung. Volumeseriennummer: B0A2-D515 Verzeichnis von E:\WINDOWS\system32 18.11.2006 09:09 41'108 vsconfig.xml 18.11.2006 09:08 3'770 lckfldservicelog.txt 18.11.2006 09:08 4'599 nvapps.xml 17.11.2006 20:18 21'760 wpa.dbl 17.11.2006 20:11 486 mnvpljmy.txt 03.11.2006 16:35 40'128 perfc009.dat 03.11.2006 16:35 311'740 perfh009.dat 03.11.2006 16:35 48'354 perfc007.dat 03.11.2006 16:35 316'924 perfh007.dat 03.11.2006 16:35 723'744 PerfStringBackup.INI 30.10.2006 18:37 1'632 d3d8caps.dat 30.10.2006 18:37 1'744 d3d9caps.dat 12.10.2006 11:55 0 mslck.dat 10.09.2006 19:48 10 Mlkf.dll 28.08.2006 14:22 109'248 mswinsck.ocx 28.08.2006 14:22 115'920 Msinet.ocx 04.07.2006 13:26 704'000 DAAPI.dll 04.07.2006 13:25 131'072 NclAPI.dll 04.07.2006 13:25 245'760 VersitConverter.dl Volume in Laufwerk E: hat keine Bezeichnung. Volumeseriennummer: B0A2-D515 Verzeichnis von E:\DOKUME~1\RENATO~1\LOKALE~1\Temp 18.11.2006 09:08 8'864 EPOCLOG.001 18.11.2006 09:08 16'384 ~DF9663.tmp 18.11.2006 09:08 406 jusched.log 3 Datei(en) 25'654 Bytes 0 Verzeichnis(se), 8'916'254'720 Bytes frei Volume in Laufwerk E: hat keine Bezeichnung. Volumeseriennummer: B0A2-D515 Verzeichnis von E:\WINDOWS 18.11.2006 09:09 0 0.log 18.11.2006 09:08 159 wiadebug.log 18.11.2006 09:08 26 Debug.ini 18.11.2006 09:08 50 wiaservc.log 18.11.2006 09:08 2'048 bootstat.dat 18.11.2006 09:07 32'540 SchedLgU.Txt 18.11.2006 09:07 956'358 WindowsUpdate.log 18.11.2006 09:00 533 SYSTEM.INI 17.11.2006 19:59 494'483 setupapi.log 17.11.2006 15:35 75 ImportClient.INI 31.10.2006 20:55 6'403 PSPICEEV.INI 26.10.2006 20:19 54'317 wmsetup.log 26.09.2006 15:49 267'948'032 MEMORY.DMP 26.09.2006 07:28 116 NeroDigital.ini 14.09.2006 17:52 16 Temp.ini 14.09.2006 17:51 1'068 umaxuapi.ini 29.08.2006 19:50 1'409 QTFont.for 29.08.2006 19:50 54'156 QTFont.qfn 29.08.2006 19:45 4'708 DPINST.LOG 29.08.2006 19:36 19 SoundConverter.INI 11.08.2006 18:20 87'350 Directx.log Volume in Laufwerk E: hat keine Bezeichnung. Volumeseriennummer: B0A2-D515 Verzeichnis von E:\WINDOWS\Temp Volume in Laufwerk E: hat keine Bezeichnung. Volumeseriennummer: B0A2-D515 Verzeichnis von E:\WINDOWS\Downloaded Program Files 17.11.2006 20:01 49'430 daas.log 16.06.2006 15:31 181'856 fscax.dll 15.06.2006 10:19 483 fscax.inf 01.06.2006 02:57 1'331 oscan8.inf 01.06.2006 02:54 471'040 oscan8.ocx 31.05.2006 04:15 10 oscan81.ocx_x 30.03.2006 16:30 65 desktop.ini 27.03.2006 12:00 5'019 swflash.inf 03.02.2006 11:20 188'416 fsauc.dll 17.01.2006 17:11 580'663 daas_s.dll 26.08.2005 18:39 1'893'912 ImageUploader3.ocx 26.08.2005 18:39 379 ImageUploader3.inf 14.08.2005 00:26 113'664 MsnMessengerSetupDownloader.ocx 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf Volume in Laufwerk E: hat keine Bezeichnung. Volumeseriennummer: B0A2-D515 Verzeichnis von E:\ 18.11.2006 09:17 0 sys.txt 18.11.2006 09:17 2'242 down.txt 18.11.2006 09:17 117 tmp.txt 18.11.2006 09:17 12'404 system.txt 18.11.2006 09:17 393 systemtemp.txt 18.11.2006 09:15 113'872 system32.txt 18.11.2006 09:08 402'653'184 pagefile.sys 18.11.2006 08:46 6'320 ComboFix.txt 18.11.2006 00:32 6'334 ComboFix2.txt 17.11.2006 20:31 2'452 avenger.txt 29.05.2006 13:25 7'141 PWlang.log 11 Datei(en) 402'804'459 Bytes 0 Verzeichnis(se), 8'916'234'240 Bytes frei __________ MfG Hägi |
|
|
||
18.11.2006, 15:45
Ehrenmitglied
Beiträge: 29434 |
#4
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** loesche das backup unter E:\Avenger\backup.zip und leere den Papierkorb ** scanne und post den scanreport http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.11.2006, 17:37
Member
Themenstarter Beiträge: 16 |
#5
Hier der Scanreport
SUPERAntiSpyware Scan Log Generated 11/18/2006 at 05:03 PM Application Version : 3.3.1020 Core Rules Database Version : 3132 Trace Rules Database Version: 1150 Scan type : Complete Scan Total Scan Time : 00:15:28 Memory items scanned : 431 Memory Thread detected : 0 Registry items scanned : 5794 Registry Thread detected : 6 File items scanned : 6402 File Thread detected : 53 Adware.Tracking Cookie E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@as1.falkag[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@mediaplex[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@adbrite[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@1064184248[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@as-eu.falkag[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@cgi-bin[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@tradedoubler[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@statse.webtrendslive[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@stat.onestat[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@questionmarket[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@hitbox[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@ads.monster[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@mb[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@2o7[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@xiti[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@ads.planetactive[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@www.zanox-affiliate[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@findwhat[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@doubleclick[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@ad.yieldmanager[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@adserver.easyad[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@ehg-idg.hitbox[1].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@komtrack[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@statcounter[2].txt E:\Dokumente und Einstellungen\Renato Brigger\Cookies\renato brigger@ehg-swisscom.hitbox[2].txt Adware.IST/ISTBar (Slotch Bar) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ISTactivex.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ISTactivex.dll#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/ISTactivex.dll#{386A771C-E96A-421F-8BA7-32F1B706892F} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#E:\WINDOWS\Downloaded Program Files\ISTactivex.dll [ ] HKU\S-1-5-21-448539723-854245398-1060284298-1004\Software\Microsoft\Internet Explorer\Main#BandRest HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest Browser Hijacker.Favorites E:\Dokumente und Einstellungen\All Users\Favoriten\Download Free Spyware Remover.url E:\Dokumente und Einstellungen\All Users\Favoriten\NEW VIAGRA at Half Price!.url E:\Dokumente und Einstellungen\All Users\Favoriten\Online Pharmacy\Cialis at HALF PRICE!.url E:\Dokumente und Einstellungen\All Users\Favoriten\Online Pharmacy\Fast Way To Loose Your Weight!.url E:\Dokumente und Einstellungen\All Users\Favoriten\Online Pharmacy\Guaranteed low price at Pills..url E:\Dokumente und Einstellungen\All Users\Favoriten\Online Pharmacy\SOMA at Special LOW PRICE.url E:\Dokumente und Einstellungen\All Users\Favoriten\Online Pharmacy\Tramadol Special Offer!.url E:\Dokumente und Einstellungen\All Users\Favoriten\Online Pharmacy\Try New VIAGRA! Works Faster and Longer!.url E:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall\Easy Detect and Uninstall Spyware..url E:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall\Free Spyware Scanner..url E:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall\Search & Destroy Annoying Adware..url E:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall\Stop PopUps on your PC..url E:\Dokumente und Einstellungen\All Users\Favoriten\Spyware Uninstall MfG Hägi __________ MfG Hägi |
|
|
||
18.11.2006, 19:30
Ehrenmitglied
Beiträge: 29434 |
#6
wie steht es ? immer noch umleitungen oder schon besser
poste dieses log http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.11.2006, 20:27
Member
Themenstarter Beiträge: 16 |
#7
Ich habe jetzt einen Moment getestet und es scheint jetzt wieder alles in Ordnung zu sein.
Was habe ich mir da eigentlich eingefangen. Danke für deine Hilfe. War echt super und schnell. MfG Hägi __________ MfG Hägi |
|
|
||
19.11.2006, 13:12
Ehrenmitglied
Beiträge: 29434 |
#8
poste dieses log
http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.11.2006, 19:28
Member
Themenstarter Beiträge: 16 |
#9
Hallo Sabina
Kann mit WinPfind nicht scannen. Programm bleibt immer kurz nach scannstart hängen. Siehe Anhang. MfG Hägi Anhang: Bildschirm.doc __________ MfG Hägi |
|
|
||
19.11.2006, 19:43
Ehrenmitglied
Beiträge: 29434 |
#10
dann scanne mit silentrunner
http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.11.2006, 20:30
Member
Themenstarter Beiträge: 16 |
#11
Hier der Scannreport:
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Spamihilator" = ""E:\Programme\Spamihilator\spamihilator.exe"" ["Michel Krämer"] "ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""E:\Programme\Messenger\msmsgs.exe" /background" [MS] "PcSync" = "E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."] "swg" = "E:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" ["Google Inc."] "SUPERAntiSpyware" = "E:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "WpsRePsw" = "E:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE" ["Canon Inc."] "Messenger Backup Chat Logger" = ""E:\Programme\Messenger Backup\ChatLogger.exe" [file not found] "QuickTime Task" = ""E:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "FreePDF Assistant" = "E:\Programme\FreePDF_XP\fpassist.exe" [null data] "Acrobat Assistant 7.0" = ""E:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."] "(Default)" = "(empty string)" [file not found] "SunJavaUpdateSched" = "E:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."] "NeroFilterCheck" = "E:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "avgnt" = ""E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "Zone Labs Client" = "E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "PCSuiteTrayApplication" = "E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup" ["Nokia"] "KernelFaultCheck" = "E:\WINDOWS\system32\dumprep 0 -k" HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {7FC09A5A-A2AE-4B01-86AA-DBB7BFF4EB5F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\WINDOWS\system32\logset.dll" [null data] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "E:\Programme\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{661825E5-B9A4-4D3E-8B74-3B6B63C32A80}" = "Shell Extensions for The Font Creator Program" -> {HKLM...CLSID} = "Shell Extensions for The Font Creator Program" \InProcServer32\(Default) = "E:\PROGRA~1\HIGH-L~1\FONTCR~1\FCPSHL.dll" ["High-Logic"] "{A8DD28BB-9430-47e4-972D-08A47C788D56}" = "MyPen Pro" -> {HKLM...CLSID} = "MyPen Pro" \InProcServer32\(Default) = "E:\Programme\C-CHANNEL\MyPen Pro\MyPenPro.exe" ["C Technologies AB (publ)"] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "E:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{3a9ae750-cf44-11cf-8835-0020afc04e78}" = "Psion-Arbeitsplatz" -> {HKLM...CLSID} = "Psion-Arbeitsplatz" \InProcServer32\(Default) = "E:\PROGRA~1\Psion\PsiWin\pw32expl.dll" ["Symbian Ltd."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "E:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided) -> {HKLM...CLSID} = "SABShellExecuteHook Class" \InProcServer32\(Default) = "E:\Programme\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "System" = "csxtb.exe" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> !SASWinLogon\DLLName = "E:\Programme\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "E:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "E:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ LockFolder\(Default) = "{4852341A-43E6-4994-B29B-E82904992884}" -> {HKLM...CLSID} = "LckFldMenu.Locker" \InProcServer32\(Default) = "E:\Programme\FolderAccess\LckFldMenu.dll" ["Topdownloads Network"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "E:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "E:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "E:\Dokumente und Einstellungen\Renato Brigger\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "E:\WINDOWS\Pistenb.scr" ["MacSourcery"] Startup items in "Renato Brigger" & "All Users" startup folders: ---------------------------------------------------------------- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Acrobat - Schnellstart" -> shortcut to: "E:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe" [null data] "Adobe Reader - Schnellstart" -> shortcut to: "E:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "C-CHANNEL OnlineUpdate" -> shortcut to: "E:\Programme\C-CHANNEL\OnlineUpdate\PeOnlineUpdate.exe /auto /AllCChannelProducts" ["C-Channel AG, 6331 Hünenberg"] "Microsoft Office" -> shortcut to: "E:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "MyPen Pro" -> shortcut to: "E:\Programme\C-CHANNEL\MyPen Pro\MyPenPro.exe" ["C Technologies AB (publ)"] "PsiWin 2.3 Verbindungsserver" -> shortcut to: "E:\Programme\Psion\PsiWin\Psconsv.exe" ["Symbian Ltd."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "e:\programme\google\googletoolbar1.dll" ["Google Germany GmbH"] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.5.0_04" \InProcServer32\(Default) = "E:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "E:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Service, AntiVirService, "E:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"] AntiVir Scheduler, AntiVirScheduler, "E:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] LckFldService, LckFldService, "E:\WINDOWS\System32\LckFldService.exe" [null data] Machine Debug Manager, MDM, ""E:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] ServiceLayer, ServiceLayer, ""E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe"" ["Nokia."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "E:\WINDOWS\System32\AdobePDF.dll" ["Adobe Systems Incorporated."] Redirected Port\Driver = "redmonnt.dll" [null data] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 68 seconds, including 7 seconds for message boxes) MfG Hägi __________ MfG Hägi |
|
|
||
20.11.2006, 11:09
Ehrenmitglied
Beiträge: 29434 |
#12
Hägi
1. virustotal Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen http://www.virustotal.com/flash/index_en.html E:\WINDOWS\system32\logset.dll E:\WINDOWS\system32\Mlkf.dll poste die reporte hier --------------------------------------------------------------------- 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry beifuegen. Zitat REGEDIT43. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Files to delete:4. F-Secure Online Scanner Next Generation Beta http://support.f-secure.com/enu/home/ols3.shtml 1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta". 2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2006, 21:13
Member
Themenstarter Beiträge: 16 |
#13
Hallo
Die Reporte: STATUS: FINISHEDComplete scanning result of "logset.dll", received in VirusTotal at 11.20.2006, 14:30:53 (CET). Antivirus Version Update Result AntiVir 7.2.0.39 11.20.2006 no virus found Authentium 4.93.8 11.17.2006 no virus found Avast 4.7.892.0 11.18.2006 no virus found AVG 386 11.20.2006 no virus found BitDefender 7.2 11.20.2006 no virus found CAT-QuickHeal 8.00 11.20.2006 no virus found ClamAV devel-20060426 11.20.2006 no virus found DrWeb 4.33 11.20.2006 no virus found eSafe 7.0.14.0 11.20.2006 no virus found eTrust-InoculateIT 23.73.59 11.18.2006 no virus found eTrust-Vet 30.3.3203 11.20.2006 no virus found Ewido 4.0 11.20.2006 no virus found Fortinet 2.82.0.0 11.20.2006 suspicious F-Prot 3.16f 11.17.2006 no virus found F-Prot4 4.2.1.29 11.17.2006 no virus found Ikarus 0.2.65.0 11.20.2006 no virus found Kaspersky 4.0.2.24 11.20.2006 no virus found McAfee 4899 11.18.2006 potentially unwanted program Spyware-eBlaster Microsoft 1.1609 11.20.2006 no virus found NOD32v2 1873 11.20.2006 no virus found Norman 5.80.02 11.20.2006 no virus found Panda 9.0.0.4 11.19.2006 no virus found Prevx1 V2 11.20.2006 no virus found Sophos 4.11.0 11.16.2006 no virus found TheHacker 6.0.3.122 11.18.2006 no virus found UNA 1.83 11.17.2006 no virus found VBA32 3.11.1 11.20.2006 suspected of Backdoor.xBot.26 VirusBuster 4.3.15:9 11.20.2006 no virus found Aditional Information File size: 753664 bytes MD5: 92cd5ed51e61ecd01e7899aa6c12f907 SHA1: 9d174b061c3885351001e3660ff068ef02aab6ef STATUS: FINISHEDComplete scanning result of "Mlkf.dll", received in VirusTotal at 11.20.2006, 14:36:50 (CET). Antivirus Version Update Result AntiVir 7.2.0.39 11.20.2006 no virus found Authentium 4.93.8 11.17.2006 no virus found Avast 4.7.892.0 11.18.2006 no virus found AVG 386 11.20.2006 no virus found BitDefender 7.2 11.20.2006 no virus found CAT-QuickHeal 8.00 11.20.2006 no virus found ClamAV devel-20060426 11.20.2006 no virus found DrWeb 4.33 11.20.2006 no virus found eSafe 7.0.14.0 11.20.2006 no virus found eTrust-InoculateIT 23.73.59 11.18.2006 no virus found eTrust-Vet 30.3.3203 11.20.2006 no virus found Ewido 4.0 11.20.2006 no virus found Fortinet 2.82.0.0 11.20.2006 no virus found F-Prot 3.16f 11.17.2006 no virus found F-Prot4 4.2.1.29 11.17.2006 no virus found Ikarus 0.2.65.0 11.20.2006 no virus found Kaspersky 4.0.2.24 11.20.2006 no virus found McAfee 4899 11.18.2006 no virus found Microsoft 1.1609 11.20.2006 no virus found NOD32v2 1873 11.20.2006 no virus found Norman 5.80.02 11.20.2006 no virus found Panda 9.0.0.4 11.19.2006 no virus found Prevx1 V2 11.20.2006 no virus found Sophos 4.11.0 11.16.2006 no virus found TheHacker 6.0.3.122 11.18.2006 no virus found UNA 1.83 11.17.2006 no virus found VBA32 3.11.1 11.20.2006 no virus found VirusBuster 4.3.15:9 11.20.2006 no virus found Aditional Information File size: 10 bytes MD5: e17009af73e05847a4f265562414780e SHA1: 9c7da15f9c2c6f945be902e5b2d30c66bd4eb103 Scanning Report Monday, November 20, 2006 19:43:42 - 21:13:06 Computer name: DESKTOP Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ E:\ F:\ G:\ -------------------------------------------------------------------------------- Result: 0 malware found -------------------------------------------------------------------------------- Statistics Scanned: Files: 37190 System: 4990 Not scanned: 4 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 0 Submitted: 0 Files not scanned: E:\PAGEFILE.SYS E:\WINDOWS\SYSTEM32\CONFIG\DEFAULT E:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{59D0A58E-7AAE-4597-9489-8F63D1305B79}.BIN E:\PROGRAMME\C-CHANNEL\MYPEN PRO\KREDISW_DESCRIPTION-DATEIEN\KREDI13`8? -------------------------------------------------------------------------------- Options Scanning engines: F-Secure Libra: 2.4.2, 2006-11-17 F-Secure AVP: 7.0.171, 2006-11-20 F-Secure Orion: 1.2.37, 2006-11-20 F-Secure Blacklight: 1.0.31, 0000-00-00 F-Secure Draco: 1.0.35, 2006-11-14 F-Secure Pegasus: 1.19.0, 2006-08-29 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX Use Advanced heuristics -------------------------------------------------------------------------------- MfG Hägi __________ MfG Hägi |
|
|
||
20.11.2006, 23:34
Ehrenmitglied
Beiträge: 29434 |
#14
Avenger
Zitat registry keys to delete:** scanne mit McAfee FreeScan (Online) - und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.11.2006, 21:41
Member
Themenstarter Beiträge: 16 |
#15
Hallo Sabina
Bei McAfee Free Scan kann ich nur Drive C, My documents oder Windows Files auswählen, nicht aber das gesammte System. Winwows XP ist aber auf drive E. Soll ich nur Windows Files auswählen? Mfg Hägi __________ MfG Hägi |
|
|
||
Folgendes Problem tritt seit ein paar Tagen auf.
Wenn ich auf Goggle einen Link anklicke werde ich auf irgendwelche anderen Suchseiten umgeleitet. Gewöhnlich funktioniert es beim dritten mal anklicken und die richtige Seite wird angezeigt.
Habe die Zeile im Logfile fett markiert mit der wahrscheinlich etwas nicht in Ordung ist.
Danke für eure Hilfe.
Logfile of HijackThis v1.99.1
Scan saved at 20:41:26, on 17.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\QuickTime\qttask.exe
E:\Programme\FreePDF_XP\fpassist.exe
E:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
E:\Programme\Java\jre1.5.0_04\bin\jusched.exe
E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Programme\Spamihilator\spamihilator.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programme\Messenger\msmsgs.exe
E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\Programme\AntiVir PersonalEdition Classic\sched.exe
E:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
E:\Programme\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\System32\LckFldService.exe
E:\Programme\C-CHANNEL\MyPen Pro\MyPenPro.exe
E:\Programme\Psion\PsiWin\Psconsv.exe
E:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\Psion\PsiWin\Elogerr.exe
E:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
E:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
E:\WINDOWS\explorer.exe
E:\DOKUME~1\RENATO~1\LOKALE~1\Temp\Temporäres Verzeichnis 7 für hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7FC09A5A-A2AE-4B01-86AA-DBB7BFF4EB5F} - E:\WINDOWS\system32\logset.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programme\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WpsRePsw] E:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [Messenger Backup Chat Logger] "E:\Programme\Messenger Backup\ChatLogger.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FreePDF Assistant] E:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "E:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] E:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dmhkg.exe] E:\WINDOWS\system32\dmhkg.exe
O4 - HKCU\..\Run: [Spamihilator] "E:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] E:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] E:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = E:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyPen Pro.lnk = ?
O4 - Global Startup: PsiWin 2.3 Verbindungsserver.lnk = E:\Programme\Psion\PsiWin\Psconsv.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://E:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.krankenversicherung.ch/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143736238503
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://s01.picserver.info/upload/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www3.photo-druck.de/XUpload.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: Monutil - {2202ADA7-DE3B-480D-974A-974B05221512} - E:\WINDOWS\system32\ctllan.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - E:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LckFldService - Unknown owner - E:\WINDOWS\System32\LckFldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - E:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
__________
MfG Hägi