PROBLEM: ied_s7m.cab / 0006_regular[1].cab

haase7 · 16.12.2004, 09:56

Hallo!

Bin ein absoluter Voll-Pfosten in Sachen Computer!

Bräuchte dringend Hilfe!

Habe mein AntiVir über den Rechner laufen lassen und bekomme immer zwei Meldungen:
Datei: ied_s7m.cab
Archiv enthält ein o mehrere infizierte Dateien

Datei: 0006_regular[1].cab
Archiv enthält ein o mehrere infizierte Dateien

Habe keine Ahnung, was ich damit anfangen soll.
Habe hier aber mal mein HijackThis LogFile. Vielleicht kann da ja einer was mit anfangen:

Logfile of HijackThis v1.98.2
Scan saved at 09:24:33, on 16.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Programme\CASIO\Photo Loader\Plauto.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\Programme\Cisco Systems\VPN Client\vpngui.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\NICOHA~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_198.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {266BBCDB-0EB0-43FF-968F-35863397A91F} - C:\WINDOWS\System32\ofmade.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\RunServices: [Patches Value] WinGamed.exe
O4 - HKLM\..\RunServices: [Start Upping] qtask.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhlp.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/visorxsp.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...e3bba631960d34
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.browserplugin.com/plugin/...ss_special.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D7E938-EDCD-4A57-97C8-9187158A98D3}: Domain = fh-lippe.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D7E938-EDCD-4A57-97C8-9187158A98D3}: NameServer = 193.16.112.71,193.16.112.72
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fh-lippe.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fh-lippe.de
O18 - Filter: text/html - {FCAFFF96-F726-421D-8512-B3B9D8AB8F1C} - C:\WINDOWS\System32\ofmade.dll
O18 - Filter: text/plain - {FCAFFF96-F726-421D-8512-B3B9D8AB8F1C} - C:\WINDOWS\System32\ofmade.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

So. Das isser also. Villeicht kann mir ja einer helfen.
Falls ja, erklärt es mir bitte so, dass auch ein ganz Blöder, nämlich ich, es begreifen kann.

Bis denne

16.12.2004, 21:20

Fixe dies:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {266BBCDB-0EB0-43FF-968F-35863397A91F} - C:\WINDOWS\System32\ofmade.dll (file missing)
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/visorxsp.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...fe3bba631960d34
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.browserplugin.com/plugin...ess_special.ocx
O18 - Filter: text/html - {FCAFFF96-F726-421D-8512-B3B9D8AB8F1C} - C:\WINDOWS\System32\ofmade.dll
O18 - Filter: text/plain - {FCAFFF96-F726-421D-8512-B3B9D8AB8F1C} - C:\WINDOWS\System32\ofmade.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

Scanne mit eScan im abg. Modus: http://www.trojaner-board.de/42731-escan-anleitung.html

Wo wird was gefunden?

PROBLEM: ied_s7m.cab / 0006_regular[1].cab

Log-Analyse und Auswertung: PROBLEM: ied_s7m.cab / 0006_regular[1].cab

PROBLEM: ied_s7m.cab / 0006_regular[1].cab

PROBLEM: ied_s7m.cab / 0006_regular[1].cab

Ähnliche Themen: PROBLEM: ied_s7m.cab / 0006_regular[1].cab