Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   würdet ihr euch bitte mein logfile anschauen? (https://www.trojaner-board.de/17365-wuerdet-euch-bitte-logfile-anschauen.html)

GinoCazino 03.05.2005 14:22
würdet ihr euch bitte mein logfile anschauen?
 
hi,

würde mich sehr freuen wenn ihr mal meinen logfile anschauen würdet... vielleicht entdeckt ihr ein paar zeilen die unbedingt weg müssen :)
wäre euch dafür echt sehr dankbar!!!

weil ab und an macht mein pc faxen :heulen: :confused:

hier:
Logfile of HijackThis v1.98.0
Scan saved at 15:21:50, on 03.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
D:\Programme\UltraMon\UltraMon.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
D:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Norton AntiVirus\OPScan.exe
D:\eigenedateien\sicherheit_tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BCECB8F-7371-40DA-881F-FFE4786A3D11} - (no file)
O2 - BHO: (no name) - {5C0BF1FB-D263-4A10-BC1F-07038452E3E2} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: UltraMon.lnk = D:\Programme\UltraMon\UltraMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Alte Version auf &archives.org ansehen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Mit Mr&Check nachschlagen... - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite aus dem &Cache anzeigen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gcache.htm
O8 - Extra context menu item: Seite mit Google übersetzen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Zoom &In* - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &Out* - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O8 - Extra context menu item: Zurückführende &Links - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
O8 - Extra context menu item: Äh&nliche Seiten - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
O8 - Extra context menu item: Übersetzen mit &dict.leo.org - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tutrans.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter...0/SYSsfitb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Chris14 03.05.2005 14:29
1.escan
-lade dir escan runter und gehe genau nach dieser Anleitung vor

2.einträge löschen
-fixe mit hijackthis diese einträge:
O2 - BHO: (no name) - {3BCECB8F-7371-40DA-881F-FFE4786A3D11} - (no file)
O2 - BHO: (no name) - {5C0BF1FB-D263-4A10-BC1F-07038452E3E2} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shoote...00/SYSsfitb.cab

3.ergebnisse
-gehe wieder in den normalen modus
-öffne die datei mwav.log,klicke auf bearbeiten dann auf suchen
-gebe infected ein
-suche weiter,markiere die treffer und kopiere sie ins forum
-poste ein neues hijackthis log

welche "faxen" macht der pc genau? poste bitte dein genaues problem.

GinoCazino 03.05.2005 15:13
hi danke danke

also paar sachen sind schon verschwunden durch den hijackthis fixen
im IE hatte ich immer diesen überflüssigen button drin :) der is jetzt weg *freu*

hier der MWAV log
Tue May 03 15:56:04 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:56:04 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:56:04 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:56:04 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:56:04 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.




also früher hat kasperky aus immer was von spyware/adware gelabert er konnte es aber ned beheben ;(


und hier der hijackthis log:

Logfile of HijackThis v1.98.0
Scan saved at 16:12:48, on 03.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
D:\Programme\UltraMon\UltraMon.exe
C:\WINDOWS\DitExp.exe
D:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
D:\eigenedateien\sicherheit_tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: UltraMon.lnk = D:\Programme\UltraMon\UltraMon.exe
O8 - Extra context menu item: Alte Version auf &archives.org ansehen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Mit Mr&Check nachschlagen... - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite aus dem &Cache anzeigen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gcache.htm
O8 - Extra context menu item: Seite mit Google übersetzen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Zoom &In* - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &Out* - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O8 - Extra context menu item: Zurückführende &Links - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
O8 - Extra context menu item: Äh&nliche Seiten - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
O8 - Extra context menu item: Übersetzen mit &dict.leo.org - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tutrans.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab





danke!!!!! :aplaus: :daumenhoc

Chris14 03.05.2005 15:22
aber du kannst es manuell entfernen
-klick auf start, ausführen, regedit
-navigiere durch folgende "schlüssel" (sehen aus wie ordner) und lösche dann die entsprechenden:
--in HKEY_LOCAL_MACHINE\Software den schlüssel powerscan löschen
--in HKEY_LOCAL_MACHINE\Software den schlüssel 180Solutions löschen
--in HKEY_CURRENT_USER\Software den schlüssel dr_s löschen
--in HKEY_LOCAL_MACHINE\Software den schlüssel TwainTec löschen
-klicke wieder auf arbeitsplatz in regedit
-klicke auf auf bearbeiten,suchen
-gebe ein oder kopiere {c109664b-ceb1-420b-b353-d55a561536dd} ins suchfeld und klicke dann auf ok
-lösche dann den daraufhin von regedit gefundenen schlüssel
-poste, ob die probleme behoben sind

GinoCazino 03.05.2005 17:23
ok habe nochmal drüber laufen lassen habe vergessen D: noch auszuwählen habe noch eine festplatte :(

hier meine probleme:

Tue May 03 15:58:36 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:58:36 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:58:36 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:58:36 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:58:36 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:58:36 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:58:36 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:58:36 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:58:37 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:58:37 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:58:37 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:58:37 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:58:37 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:58:37 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:59:22 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:59:22 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:59:22 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:59:22 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.


Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\162D40A2.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\166F03A4.par [**]
Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\173C5D78.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\173C5D78.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\1753035F.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1753035F.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\181B0484.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\181B0484.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\1A3D1DE8.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A3D1DE8.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\1BC87635.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1BC87635.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\27E3464D.htm
Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\28345FF3.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\28345FF3.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\2BBA7316.exe
Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\373E1643.htm
Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\3E2A48E9.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3E2A48E9.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\418871C3.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\418871C3.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\44230A57.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\44230A57.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\44677C0B.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\44677C0B.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\54EC0112.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\54EC0112.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\5B041215.htm
Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\60F61737.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\60F61737.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\610140E6.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\610140E6.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\649C1533.par [**]
Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\6CB03845.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6CB03845.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\6FA21B07.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6FA21B07.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\734E42F8.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\734E42F8.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.



Tue May 03 15:56:04 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:56:04 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:56:04 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:56:04 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:56:04 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.


Tue May 03 15:56:50 2005 => File C:\WINDOWS\wingoon.exe infected by "not-a-virus:Porn-Dialer.Win32.Lagoon" Virus. Action Taken: No Action Taken.




Tue May 03 15:57:52 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:57:52 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:57:52 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:57:52 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:57:52 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:57:52 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:57:52 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:57:52 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:57:52 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.


Tue May 03 15:57:56 2005 => File C:\WINDOWS\wingoon.exe infected by "not-a-virus:Porn-Dialer.Win32.Lagoon" Virus. Action Taken: No Action Taken.






Tue May 03 16:01:12 2005 => Scanning File C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Real\RealPlayer\History\Your system infected.lnk



Tue May 03 16:52:20 2005 => Scanning File C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Real\RealPlayer\History\Your system infected.lnk


Tue May 03 17:25:28 2005 => File C:\WINDOWS\wingoon.exe infected by "not-a-virus:Porn-Dialer.Win32.Lagoon" Virus. Action Taken: No Action Taken.







ich hoffe da kann man überhaupt noch was machen... also wenn ich ehrlich bin ich lebe mit den viren ganz gut noch *gg* habe halt angst was passieren könnte :) bitte hilf mir nochmal wäre sehr nett von dir :heulen: :( :daumenhoc

GinoCazino 04.05.2005 12:06
bitte :kloppen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19