|
Log-Analyse und Auswertung: Mich hat es auch erwischt mit Nail.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.06.2005, 13:09 | #17 |
| Mich hat es auch erwischt mit Nail.exe ]
__________________Hab das 1.schon mal gemacht....2 erst noch lesen muß wie das geht....escan auch noch mach Spyware Scan Details Start Date: 11.06.2005 11:03:17 Total Time: 4 mins 14 secs Detected Threats MediaTickets CDT Spyware more information... Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 ppcimdnnnjbeahepfabjipfginloedkg egckak HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo bihgbp HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo ejemdn IE Trusted Zone Hijack Spyware more information... Details: IE Trusted Zone Hijack is a spyware related Web site that is added to your Internet Explorer Trusted Zones. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Unclassified.Trojan.E Trojan more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected g:\windows\loadnew.exe Transponder.ABetterInternet.Aurora Spyware more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected g:\windows\system32\installerv34.exe Begin2Search Browser Plug-in more information... Details: Begin2Search installs third party spyware, displays pop-up advertisements, and redirects Internet Explorer. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected g:\windows\system32\winb2s32.dll g:\windows\system32\reg6523.exe g:\windows\system32\b2s_cache\bingo2.bmp g:\windows\system32\b2s_cache\but.bin g:\windows\system32\b2s_cache\mail unreaded.bmp g:\windows\system32\b2s_cache\msg.bin g:\windows\system32\b2s_cache\star.bmp g:\windows\system32\b2s_cache\weather.bmp Infected folders detected g:\windows\system32\b2s_cache Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo.1\CLSID {09C14745-90FD-42D1-9276-4924D7DBC274} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo.1 amo Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo\CLSID {09C14745-90FD-42D1-9276-4924D7DBC274} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo\CurVer winb2s.amo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo amo Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi.1\CLSID {52FE5233-367C-4EFB-BDD7-0BE4D212C107} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi.1 dbi Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi\CLSID {52FE5233-367C-4EFB-BDD7-0BE4D212C107} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi\CurVer winb2s.dbi.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi dbi Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt.1\CLSID {07E9CDF4-20D2-46B1-B681-663968F527CE} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt.1 iiittt Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt\CLSID {07E9CDF4-20D2-46B1-B681-663968F527CE} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt\CurVer winb2s.iiittt.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt iiittt Class HKEY_CLASSES_ROOT\winb2s.dbi.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo.1\CLSID {7C5E5671-7A1D-4AE8-91F0-496ADF2825F7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo.1 momo Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo\CLSID {7C5E5671-7A1D-4AE8-91F0-496ADF2825F7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo\CurVer winb2s.momo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo momo Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb.1\CLSID {4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb.1 ohb Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb\CLSID {4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb\CurVer winb2s.ohb.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb ohb Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777} ohb HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7} HKEY_CLASSES_ROOT\winb2s.momo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274} HKEY_CLASSES_ROOT\winb2s.iiittt.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.iiittt.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.dbi.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.momo.1 HKEY_CLASSES_ROOT\clsid\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274} HKEY_CLASSES_ROOT\clsid\{4D568F0F-8AC9-40AB-88B7-415134C78777}\InprocServer32 G:\WINDOWS\System32\winb2s32.dll HKEY_CLASSES_ROOT\clsid\{4D568F0F-8AC9-40AB-88B7-415134C78777}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{4D568F0F-8AC9-40AB-88B7-415134C78777}\ProgID winb2s.ohb.1 HKEY_CLASSES_ROOT\clsid\{4D568F0F-8AC9-40AB-88B7-415134C78777}\TypeLib {081DE2F6-927B-4AA9-88C1-F531C9387383} HKEY_CLASSES_ROOT\clsid\{4D568F0F-8AC9-40AB-88B7-415134C78777}\VersionIndependentProgID winb2s.ohb HKEY_CLASSES_ROOT\clsid\{4D568F0F-8AC9-40AB-88B7-415134C78777} ohb Class HKEY_CURRENT_USER\Software\aaa_soft HKEY_CURRENT_USER\Software\aaa_soft\pppp pou 0 HKEY_CURRENT_USER\Software\aaa_soft\pppp lpt 1114897380;120;0 HKEY_CURRENT_USER\Software\aaa_soft ffff 277797 HKEY_CLASSES_ROOT\winb2s.amo.1 HKEY_CURRENT_USER\Software\aaa_soft cccc 7 HKEY_CURRENT_USER\Software\aaa_soft showbar 0 HKEY_CURRENT_USER\Software\aaa_soft uiui 1410264368 HKEY_CURRENT_USER\Software\aaa_soft itmm 1118479223 HKEY_CURRENT_USER\Software\aaa_soft cclts 1118478075 HKEY_CURRENT_USER\Software\aaa_soft 44444 0 HKEY_CURRENT_USER\Software\aaa_soft ssssppp 246 HKEY_CURRENT_USER\Software\aaa_soft ttttlll 1118478075 HKEY_CURRENT_USER\Software\aaa_soft iiiilll 1200000265 HKEY_CURRENT_USER\Software\aaa_soft didi 401 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\InprocServer32 G:\WINDOWS\System32\winb2s32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\ProgID winb2s.iiittt.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\ToolboxBitmap32 G:\WINDOWS\System32\winb2s32.dll, 102 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\TypeLib {081DE2F6-927B-4AA9-88C1-F531C9387383} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE}\VersionIndependentProgID winb2s.iiittt HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07E9CDF4-20D2-46B1-B681-663968F527CE} iiittt Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274}\InprocServer32 G:\WINDOWS\System32\winb2s32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274}\ProgID winb2s.amo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274}\TypeLib {081DE2F6-927B-4AA9-88C1-F531C9387383} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274}\VersionIndependentProgID winb2s.amo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C14745-90FD-42D1-9276-4924D7DBC274} amo Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777}\InprocServer32 G:\WINDOWS\System32\winb2s32.dll HKEY_CLASSES_ROOT\winb2s.ohb.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777}\ProgID winb2s.ohb.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777}\TypeLib {081DE2F6-927B-4AA9-88C1-F531C9387383} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777}\VersionIndependentProgID winb2s.ohb HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D568F0F-8AC9-40AB-88B7-415134C78777} ohb Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107}\InprocServer32 G:\WINDOWS\System32\winb2s32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107}\ProgID winb2s.dbi.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107}\TypeLib {081DE2F6-927B-4AA9-88C1-F531C9387383} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.ohb.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107}\VersionIndependentProgID winb2s.dbi HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} Begin2Search.com Bar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7}\InprocServer32 G:\WINDOWS\System32\winb2s32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7}\ProgID winb2s.momo.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7}\TypeLib {081DE2F6-927B-4AA9-88C1-F531C9387383} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7}\VersionIndependentProgID winb2s.momo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5E5671-7A1D-4AE8-91F0-496ADF2825F7} momo Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winb2s.amo.1
__________________ |
11.06.2005, 13:12 | #18 |
| Mich hat es auch erwischt mit Nail.exe Transponder.Bolger Adware more information...
__________________Details: Transponder.Bolger is an Internet Explorer browser helper object that monitors Web page requests and displays pop-up advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected g:\windows\bolger.dll Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{302A3240-4805-4a34-97D7-1645A0B08410} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{302A3240-4805-4a34-97D7-1645A0B08410} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{302A3240-4805-4a34-97D7-1645A0B08410} SafeSurfing.RsyncMon Browser Plug-in more information... Details: SafeSurfing.RsyncMon is a SafeSurfing adware variant that installs as a Browser Helper Object (BHO) in Internet Explorer. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected g:\windows\system32\rsyncmon.dll g:\windows\system32\netsync.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\InprocServer32 G:\WINDOWS\System32\rsyncmon.dll HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\ProgID Var3.RsyncHlpr.1 HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\TypeLib {227D1E33-EAD4-4ACE-BE32-4ACFAAD072DD} HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\VersionIndependentProgID Var3.RsyncHlpr HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} RsyncHlpr Class HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1 HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1\CLSID {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1 RsyncHlpr Class HKEY_CLASSES_ROOT\Var3.RsyncHlpr HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1 HKEY_CLASSES_ROOT\Var3.RsyncHlpr\CLSID {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_CLASSES_ROOT\Var3.RsyncHlpr\CurVer Var3.RsyncHlpr.1 HKEY_CLASSES_ROOT\Var3.RsyncHlpr RsyncHlpr Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\RSyncMon HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\RSyncMon DisplayName RSyncMon HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\RSyncMon UninstallString G:\WINDOWS\System32\RSMUninst.exe HKEY_LOCAL_MACHINE\Software\RSyncMon HKEY_LOCAL_MACHINE\Software\RSyncMon\Run\CPDEF3 Version 1.0 HKEY_LOCAL_MACHINE\Software\RSyncMon\Run\SLC Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Var3.RsyncHlpr.1 HKEY_LOCAL_MACHINE\Software\RSyncMon\Run Version 2.01.0000 HKEY_LOCAL_MACHINE\Software\RSyncMon\Run LRunT 1118478066 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys Registered 1 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys InstallT 1115339207 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys InitFailCode 3 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys Version 2.11.0000 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys CfgXpT 14400 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys CfgVersion 24.93 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys LastReg 1118478068 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys LastTPupT_30 1118478429 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys LastTPupT 1118478429 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys LastActT 1118478429 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys LastTPupT_36 1117911084 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys CfgNMT 1118082988 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys LastPupT 1115591267 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys LastInitFail 1118412446 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys LastTPupT_37 1117095499 HKEY_LOCAL_MACHINE\Software\RSyncMon DistId 20 HKEY_LOCAL_MACHINE\Software\RSyncMon CrpId 6 HKEY_LOCAL_MACHINE\Software\RSyncMon Uninstall 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_LOCAL_MACHINE\Software\RSyncMon VolId 1691691730 HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Var3.RsyncHlpr.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} webHancer Spyware more information... Details: WebHancer is a spyware program that launches at Windows startup, monitors the Web sites you view, and sends their performance data back to webHancers servers. Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected registry keys/values detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey Changed 0 Popular Screensavers Software Bundler more information... Details: Popular Screensavers installs adware software on your computer. Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected files detected g:\windows\downloaded program files\f3initialsetup1.0.0.8-2.inf My Way Speedbar Browser Plug-in more information... Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer plug-in that adds extra top-level domains (such as .shop or .tech) to your name resolution system. Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected files detected g:\windows\ndnuninstall6_38.exe Overnet Software Bundler more information... Details: Overnet/eDonkey is a file sharing software that bundles third party adware and spyware with the free version. Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected files detected g:\dokumente und einstellungen\assssssssssssss\anwendungsdaten\microsoft\internet explorer\quick launch\overnet.lnk eDonkey2000 Software Bundler more information... Details: eDonkey2000 is a peer-to-peer file sharing program that installs with adware and spyware such as Webhancer, Web Search Toolbar, and New.Net. Status: Ignored Low threat - Low-risk items have little potential for harm, but users may wish to examine the item further. Infected files detected g:\dokumente und einstellungen\assssssssssssss\anwendungsdaten\microsoft\internet explorer\quick launch\edonkey2000.lnk Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 UninstallString "F:\eDonkey2000\uninstall_eDonkey2000.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 DisplayIcon "F:\eDonkey2000\eDonkey2000.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 NoRepair 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 F:\Overnet\plugins\ed2kie.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 DisplayName eDonkey2000 Detected Spyware Cookies No spyware cookies were found during this scan. ging nicht alles in eins rein... bei c:Programme/getright/getright auch Meldung kam und zwar Hat signaturen vom Worm/SdBot.344064 geht leider nicht so schnell mit scanen und antworten ,da ich am tag 3 Kids habe und nicht immer zeit hab an rechner zu gehn
__________________ |
11.06.2005, 15:04 | #19 |
| Mich hat es auch erwischt mit Nail.exe sorry nerv scho wieder...hab versucht den Escan im abgesicherten modus zu machen..aber geht nicht ich komm gar nicht rein ins Programm...da blinkt alles und im Tak manger kommt diese Nail.exe .......wenn ich dann explorer in task neu starte hört das blinken auf und die nail .exe ist weg,(wie ich es sonst immer mach)....aber dann muß ich auf ja drücken das abgesicherter modus weiter ausgeführt wird und dann fängt alles wieder von vorne an...grummel...
__________________ Ehrlichkeit ist das Wichtigste im Leben,auch wenn sie dabei weh tun kann. |
11.06.2005, 17:15 | #20 |
| Mich hat es auch erwischt mit Nail.exe Hast Du das removal tool für die Nail.exe schon probiert? cacatoa
__________________ Der Mensch sollte eine Hundeseele haben |
05.07.2005, 13:03 | #21 |
| Mich hat es auch erwischt mit Nail.exe Huhu..endlich wurde pc neu aufgesetzt.... .....ich hab heut mal ein scan gemacht ..hoffe Ihr könnt ihn euch mal ansehen.danke!! Logfile of HijackThis v1.99.1 Scan saved at 13:56:02, on 05.07.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\System32\svchost.exe G:\WINDOWS\system32\logonui.exe G:\WINDOWS\Explorer.EXE G:\WINDOWS\system32\spoolsv.exe G:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe G:\WINDOWS\System32\ctfmon.exe G:\Programme\Sitecom\Bluetooth Software\BTTray.exe G:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE G:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe G:\Programme\AOL 9.0\waol.exe G:\Programme\AVPersonal\AVWUPSRV.EXE G:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe G:\WINDOWS\System32\nvsvc32.exe G:\WINDOWS\System32\svchost.exe G:\Programme\AOL 9.0\shellmon.exe G:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe G:\WINDOWS\System32\devldr32.exe D:\Programme\Steam\Steam.exe D:\Programme\Gammacontrol\Gammacontrol.exe F:\Overnet\overnet.exe F:\Ablage\Viren\Microsoft AntiSpyware\gcasDtServ.exe G:\Programme\WINCMD400\WINCMD32.EXE G:\DOKUME~1\assoo\LOKALE~1\Temp\$wc\HIJACK~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h++p://www.aol.de/e60/suche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h++p://www.worldusa.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h++p://www.aol.de/e60/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\LILI\yahoo\COMPAN~1\INSTALLS\cpn0\ycomp5_6_2_0.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Lili\yahoo\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Lili\yahoo\Common\YIeTagBm.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\LILI\yahoo\COMPAN~1\INSTALLS\cpn0\ycomp5_6_2_0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AOLDialer] G:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Zone Labs Client] "G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVGCtrl] "G:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [Trojancheck 6 Guard] F:\Ablage\Viren\Trojancheck 6\tcguard.exe O4 - HKLM\..\Run: [fiookh] g:\windows\system32\rkxaxk.exe O4 - HKLM\..\Run: [gcasServ] "F:\Ablage\Viren\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Lili\yahoo\Messenger\ypager.exe" -quiet O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = G:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///D:\Lili\yahoo\Common/ycsrch.htm O8 - Extra context menu item: Senden an &Bluetooth - G:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Lili\yahoo\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Lili\yahoo\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Lili\yahoo\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Lili\yahoo\Common\yiesrvc.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - G:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .wav: G:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Lili\yahoo\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h++p://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - h++p://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E93BFECB-4F89-4479-8E37-DEF9E2BA1E07}: NameServer = 205.188.146.145 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - G:\WINDOWS\System32\btxppanel.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - G:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - G:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - G:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
__________________ --> Mich hat es auch erwischt mit Nail.exe |
Themen zu Mich hat es auch erwischt mit Nail.exe |
.dll, adobe, antivir, antivir update, bho, compare, danke, desktop, einstellungen, excel, explorer, file missing, firewall, heulen, hijackthis, hilfe!!, internet, internet explorer, logfile, mcafee firewall, nvidia, obfuscated, object, programme, rundll, scan, software, system, temp, windows, windows xp, yahoo |