System Alert: Trojan-Spy.Win32@mx

Thema ist geschlossen!
Thema ist geschlossen!
#0
05.01.2007, 14:01
...neu hier

Beiträge: 2
#1 Hallo,
habe seit ca 1 Woche einen Trojaner. Ein Ausrufezeichen blinkt in der Startleiste.

Folgende Infos habe ich:
(Ich habe ein schwedisches windows xp und eine schwedische sicherheitssoftware. Also nicht wundern, wenn komische Wörter auftauchen.)



Logfile of HijackThis v1.99.1
Scan saved at 12:39:09, on 05.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE
C:\Program\M-Audio Uno\UnoInst.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe
C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Video ActiveX Object\isamonitor.exe
C:\Program\Video ActiveX Object\pmsngr.exe
C:\Program\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program\Video ActiveX Object\isamini.exe
C:\HP\KBD\KBD.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Video ActiveX Object\pmmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE
C:\Program\Telia\Supportassistent\bin\tgcmd.exe
C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe
C:\WINDOWS\system32\iid.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\iISystem Wiper\SystemWiper.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Microsoft Office\Office\FINDFAST.EXE
C:\Program\Microsoft Office\Office\OSA.EXE
C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Ägaren\Mina dokument\software\Ny mapp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sueddeutsche.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [CleanTIF] WScript.exe C:\WINDOWS\Cleantif.vbs
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NI.UWA6PU_0001_N91M2107] "c:\documents and settings\jessica\application data\winantiviruspro2006freeinstall_de[1].exe" -nag
O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iIWiper] C:\Program\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google-Suche - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Program\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132237808953
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C604ABC1-242A-46EC-BEB0-9DF8E9DBB20B} (Image Uploader 3.0 Control) - https://mediencenter.t-online.de/fotomgr/res/t-online/js/thirdParty/uploader/CM4allUploader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program\M-Audio Uno\UnoInst.exe




---------------------------------------------------------

Mit CleanUp erstellte Infos:


Compaq_Žgaren - 07-01-05 13:38:40,76 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Compaq_Žgaren\Mina dokument\software"

((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))


2007-01-05 12:43 <KAT> d-------- C:\Program\CleanUp!
2006-12-31 01:33 20,992 --a------ C:\WINDOWS\system32\cthkpcv.dll
2006-12-31 01:33 <KAT> d-------- C:\Program\Video ActiveX Object
2006-12-16 15:09 <KAT> d-------- C:\Program\Hewlett-Packard


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-05 13:10 -------- d--h----- C:\Program\InstallShield Installation Information
2006-12-22 04:01 -------- d-------- C:\Documents and Settings\Compaq_Žgaren\Application Data\Image Zone Express
2006-12-20 12:11 -------- d-------- C:\Program\Java
2006-12-17 15:07 -------- d-------- C:\Program\Internet Explorer
2006-12-17 10:37 -------- d-------- C:\Program\Outlook Express
2006-12-17 10:37 -------- d-------- C:\Program\Delade filer\System
2006-12-16 15:09 -------- d-------- C:\Program\HP
2006-12-16 14:35 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard
2006-12-16 14:35 -------- d-------- C:\Program\Delade filer
2006-12-16 14:34 -------- d-------- C:\Program\Delade filer\FotoWire
2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 12:45 19818 --a--c--- C:\Documents and Settings\Compaq_Žgaren\Application Data\wklnhst.dat
2006-11-20 22:45 -------- d-------- C:\Program\MOVAVI
2006-11-20 22:45 -------- d-------- C:\Program\ConvertMovie 4.3
2006-11-20 16:50 -------- d-------- C:\Program\AC3Filter
2006-11-20 16:42 -------- d-------- C:\Documents and Settings\Compaq_Žgaren\Application Data\DivX
2006-11-20 16:41 -------- d-------- C:\Program\DivX
2006-11-16 22:29 -------- d-------- C:\Program\Delade filer\HP
2006-11-09 19:52 -------- d-------- C:\Program\Windows NT
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 09:57 1138688 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-20 02:39 712192 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"OM_Monitor"="C:\\Program\\OLYMPUS\\OLYMPUS Master\\Monitor.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"iIWiper"="C:\\Program\\iISystem Wiper\\SystemWiper.exe m"
"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Genväg till egenskapssida för High Definition Audio"="HDAudPropShortcut.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"iTunesHelper"="C:\\Program\\iTunes\\iTunesHelper.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"
"F-Secure Manager"="\"C:\\Program\\Telia\\Telias Sakerhetstjanster\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program\\Telia\\Telias Sakerhetstjanster\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program\\Telia\\Telias Sakerhetstjanster\\FSGUI\\FSSW.EXE\" /reboot"
"tgcmd"="\"C:\\Program\\Telia\\Supportassistent\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
"OM_Monitor"="C:\\Program\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"CleanTIF"="WScript.exe C:\\WINDOWS\\Cleantif.vbs"
"Net iD"="C:\\WINDOWS\\system32\\iid.exe"
"HP Software Update"="C:\\Program\\HP\\HP Software Update\\HPWuSchd2.exe"
"NI.UWA6PU_0001_N91M2107"="\"c:\\documents and settings\\jessica\\application data\\winantiviruspro2006freeinstall_de[1].exe\" -nag "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Program\\Video ActiveX Object\\isamonitor.exe"
"none"="C:\\Program\\Video ActiveX Object\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"buprestidae"="{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 07-01-05 13:41:51.25
C:\ComboFix.txt ... 07-01-05 13:41





Wäre schön, wenn jemand von euch helfen könnte.

Ein frohes neues Jahr wünsche ich.

Grüsse von Marimbamase
Dieser Beitrag wurde am 05.01.2007 um 14:07 Uhr von Marimbamase editiert.
Seitenanfang Seitenende
05.01.2007, 14:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 ««
schreib, welche dll du links oder rechts findest
http://www.spychecker.com/program/lspfix.html

-----------------------------------------------------------

««
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{53E0B6E8-A51D-448B-B692-40B67B285543}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run|none
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|NI.UWA6PU_0001_N91M2107
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|Net iD
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|webHancer Survey Companion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|buprestidae
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webHancer Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent
HKEY_LOCAL_MACHINE\SOFTWARE\webhancer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKLM\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKLM\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKLM\SOFTWARE\Classes\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}

Files to delete:
C:\WINDOWS\system32\cthkpcv.dll
C:\WINDOWS\system32\iid.exe
c:\documents and settings\jessica\application data\winantiviruspro2006freeinstall_de[1].exe

Folders to delete:
C:\Program\Video ActiveX Object

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

»»
dann versuche zu deinstallieren:
C:\Program Files\webHancer
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.01.2007, 18:08
...neu hier

Themenstarter

Beiträge: 2
#3 Hallo Sabina,
vielen Dank für deine Hilfe. Alles ist wieder gut. Meine Frau hat gesagt ich wäre ein Genie. Als ich ihr gesagt habe, dass du das eigentliche Genie bist, wollte sie dich aus Dank gleich zum Essen einladen....

Tusen tack (wie der Schwede sagt)
Marimbamase
Seitenanfang Seitenende