| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: vbsys2.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.12.2004, 22:33
| #1 |
| |  vbsys2.dll Das is mein HJT lock. ich hab irgendein problem mit dem file vbsys2.dll, sagt mir zumindest mein mcafee virusscan. kann mir jemand helfen?? DANKE!! Logfile of HijackThis v1.99.0 Scan saved at 22:52:29, on 20.12.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe D:\Stephan\iTunes\iTunesHelper.exe C:\games\quicktime\qttask.exe C:\Games\ZoneAlarm\zlclient.exe C:\Program Files\Winad Client\Winad.exe C:\Programme\Palm\HOTSYNC.EXE C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Winad Client\WinClt.exe C:\Programme\Network Associates\VirusScan\Avsynmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Network Associates\VirusScan\VsStat.exe C:\Programme\Network Associates\VirusScan\Vshwin32.exe C:\Programme\Network Associates\VirusScan\Avconsol.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe C:\Games\ICQ\Icq.exe C:\Dokumente und Einstellungen\Rummelt\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html O1 - Hosts: 64.159.91.200 auto.search.msn.com O1 - Hosts: 64.159.91.200 auto.search.msn.com O1 - Hosts: 69.31.79.101 auto.search.msn.com O1 - Hosts: 69.31.79.101 auto.search.msn.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Games\Adobe\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] D:\Stephan\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\games\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Games\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe O4 - HKCU\..\Run: [Steam] C:\Games\Steam\Steam.exe -silent O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Games\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Games\ICQ\ICQ.exe O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/wins...searchie32.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://c:\x.cab O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E98CA060-09B8-483F-A62B-AA85E64C443F}: NameServer = 172.16.10.1 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing) O23 - Service: AVSync Manager - Unknown - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: McShield - Unknown - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Danke schonmal... Geändert von Pfl4um3 (20.12.2004 um 22:47 Uhr) |
| Themen zu vbsys2.dll |
| .dll, adobe, bho, computer, danke, desktop, einstellungen, excel, explorer, file, file missing, helfen, hijack, hijackthis, icq, internet, internet explorer, microsoft, monitor, nvcpl.dll, nvidia, problem, programme, rundll, software, system, systemcheck, tcpip, windows, windows xp, winupd |
Baum-Darstellung