| |
| |||||||
Log-Analyse und Auswertung: Auswertung hijackthis log-fileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
19.05.2008, 11:25
| #1 |
 |  Auswertung hijackthis log-file Hallo. Ich habe seit kurzem das Problem, das sowohl beim Internet Explorer als auch beim Mozilla Firefox popup fenster erscheinen sobald ich eine Internetseite aufrufen. Diese verweisen auf Spiele wie "Gladiatoren" oder "Bitewar" oder auch auf Anti-Viren Programme. Mein Norton Internet Security und auch ein Test auf Malware kann nichts finden. Als Anlage habe ich den hijack this log file gepostet. Wer kann mir bei meinem Problem weiterhelfen? danke im voraus. Logfile of HijackThis v1.99.1 Scan saved at 11:54:02, on 19.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe J:\Programme\a-squared Free\a2service.exe J:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Medion\MEDIONbox\Program\GCS.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\VIAudioi\HDADeck\HDeck.exe C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_02\bin\jusched.exe J:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programme\TomTom HOME 2\HOMERunner.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\palmOne\HOTSYNC.EXE C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\ISW\netcol.dsl\signup\Tray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\***\LOKALE~1\Temp\Rar$EX00.078\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aol/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - J:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [BullGuard] "C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [GnabTray] C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe -checkstart O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ICQ Lite] "J:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "J:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [1c71a8a0] rundll32.exe "C:\WINDOWS\system32\mjdanugi.dll",b O4 - HKLM\..\Run: [BM1f429b3c] Rundll32.exe "C:\WINDOWS\system32\xenjrbjf.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Notti\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - Startup: HotSync Manager.lnk = C:\Programme\palmOne\HOTSYNC.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - J:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - J:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163425403687 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163425396078 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=1202655075 O17 - HKLM\System\CCS\Services\Tcpip\..\{EB345726-3165-46FE-810E-A8325C05B869}: NameServer = 81.173.194.68 213.168.112.60 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - J:\Programme\a-squared Free\a2service.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - J:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GnabService - Empolis GmbH - c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - J:\Downloads\Downloads\Cyberlink.PowerDVD.Deluxe.v7.0.Multilingual.Incl.Keymaker-CORE\setup\RichVideo\RichVideo.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe |
|
19.05.2008, 11:59
| #2 | |
  | Auswertung hijackthis log-file Hi,
__________________bitte Online prüfen lassen: C:\WINDOWS\system32\mjdanugi.dll Zitat:
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen Führe Smithfraudfix aus: SmitFraudFix (Download und Anweisung (unter "Reinigung") Poste auch dieses Log; Poste dann noch ein neues HJ-Log; chris
__________________ |
|
19.05.2008, 12:48
| #3 |
| | Auswertung hijackthis log-file Hi,
__________________danke das du dich meinem Problem annimmst. Das Ergebnis von Virus Total: Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.5.16.0 2008.05.19 - AntiVir 7.8.0.19 2008.05.18 TR/Vundo.Gen Authentium 5.1.0.4 2008.05.18 - Avast 4.8.1195.0 2008.05.18 - AVG 7.5.0.516 2008.05.18 - BitDefender 7.2 2008.05.19 - CAT-QuickHeal 9.50 2008.05.17 - ClamAV 0.92.1 2008.05.19 - DrWeb 4.44.0.09170 2008.05.19 - eSafe 7.0.15.0 2008.05.18 - eTrust-Vet 31.4.5796 2008.05.16 - Ewido 4.0 2008.05.18 - F-Prot 4.4.2.54 2008.05.16 - F-Secure 6.70.13260.0 2008.05.19 Vundo.gen179 Fortinet 3.14.0.0 2008.05.19 - GData 2.0.7306.1023 2008.05.19 - Ikarus T3.1.1.26.0 2008.05.19 - Kaspersky 7.0.0.125 2008.05.19 not-a-virus:AdWare.Win32.Virtumonde.sca McAfee 5297 2008.05.17 - Microsoft 1.3408 2008.05.13 - NOD32v2 3107 2008.05.18 - Norman 5.80.02 2008.05.16 Vundo.gen179 Panda 9.0.0.4 2008.05.18 Suspicious file Prevx1 V2 2008.05.19 Malicious Software Rising 20.45.01.00 2008.05.19 - Sophos 4.29.0 2008.05.19 - Sunbelt 3.0.1123.1 2008.05.17 - Symantec 10 2008.05.19 - TheHacker 6.2.92.313 2008.05.19 - VBA32 3.12.6.6 2008.05.18 - VirusBuster 4.3.26:9 2008.05.18 - Webwasher-Gateway 6.6.2 2008.05.19 Ad-Spyware.Virtumonde.sca weitere Informationen File size: 117312 bytes MD5...: 2bea6d21fac14f96fad53ed2e7dff96f SHA1..: 373bd8f9612ab6e5ffa8edcdab54bf3372689f1a SHA256: 5f968da28f19b7f0701d2e32b8f02adc022b85a77502a628cdbf976f2ec6594d SHA512: 2a19243fdf7eb0dd9a9daae9aabcd9269a2a03e9dbe8fc9118408e7d3ce825c9 2f5fdc4e64a29aceda17029c8261eb53627da32268d914f13dc0826f0f7f6144 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10001111 timedatestamp.....: 0x478a2fee (Sun Jan 13 15:36:14 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x8e41 0x9000 7.17 755edd5ce76c0563552e991e0d43cfd8 .rdata 0xa000 0x3e26 0x4000 7.85 3df97645099f558d864a0c5ee08d266d .data 0xe000 0x18347 0xf600 7.98 ac9583415d3605e9c874ad19c4fe815e ( 2 imports ) > user32.dll: DrawIcon, DrawCaption, EnableMenuItem, DialogBoxParamA, DestroyIcon, DestroyCursor, DestroyCaret, DeleteMenu, DefDlgProcA, CreateMDIWindowA, CreateDesktopA, CreateCursor, CreateAcceleratorTableA, CharUpperBuffA, CharToOemBuffA, CharNextA, ChangeMenuA, EmptyClipboard, BeginPaint > kernel32.dll: lstrcmpiA, Sleep, SetEndOfFile, LocalAlloc, LeaveCriticalSection, InitializeCriticalSection, GetSystemTimeAsFileTime, GetSystemTime, GetStartupInfoA, GetModuleHandleA, GetLocalTime, ExitThread, ExitProcess, CompareStringA, lstrlenA ( 0 exports ) Prevx info: 43913275.DLL - Prevx das Ergebnis von SmitfraudFix: SmitFraudFix v2.320 Scan done at 13:29:19,93, 19.05.2008 Run from C:\Dokumente und Einstellungen\Notti\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End der neue HijackThis log-file: Logfile of HijackThis v1.99.1 Scan saved at 13:41:44, on 19.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe J:\Programme\a-squared Free\a2service.exe J:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Medion\MEDIONbox\Program\GCS.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.6.0_02\bin\jusched.exe J:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programme\TomTom HOME 2\HOMERunner.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\palmOne\HOTSYNC.EXE C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe C:\Programme\Outlook Express\msimn.exe C:\WINDOWS\ISW\netcol.dsl\signup\Tray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Notti\LOKALE~1\Temp\Rar$EX00.265\HijackThis.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Programme\Symantec\LiveUpdate\AUPDATE.EXE C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aol/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - J:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [BullGuard] "C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [GnabTray] C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe -checkstart O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ICQ Lite] "J:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "J:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [1c71a8a0] rundll32.exe "C:\WINDOWS\system32\mqlrllpw.dll",b O4 - HKLM\..\Run: [BM1f429b3c] Rundll32.exe "C:\WINDOWS\system32\qdnbykcg.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programme\Octoshape Streaming Services\Notti\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - Startup: HotSync Manager.lnk = C:\Programme\palmOne\HOTSYNC.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - J:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - J:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1163425403687 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163425396078 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.pe.studivz.net/photoup...che=1202655075 O17 - HKLM\System\CCS\Services\Tcpip\..\{EB345726-3165-46FE-810E-A8325C05B869}: NameServer = 81.173.194.68 213.168.112.60 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - J:\Programme\a-squared Free\a2service.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - J:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GnabService - Empolis GmbH - c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - J:\Downloads\Downloads\Cyberlink.PowerDVD.Deluxe.v7.0.Multilingual.Incl.Keymaker-CORE\setup\RichVideo\RichVideo.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe Mit freundlichen Grüßen menelvagor |
|
19.05.2008, 13:15
| #4 |
| | Auswertung hijackthis log-file Hi, die alten Virtumundo-Files wurden gelöscht, dafür sind neue da... Zäh.... Alle Tools&Anweisung vorher runterladen, die Beseitigung bitte möglichst "Offline" durchführen (damit Reste sich nicht wieder als "Downloader" betätigen). Erst nach dem letzten Schritt wieder Online gehen... Also: Vundo Folge dem Link und den dort angegebenen Anleitungen Vundofix danach VirtmundoToBeGone http://secured2k.home.comcast.net/to...undoBeGone.exe Downloaden und im abgesicherten Modus ausführen...! Nach dem Lauf von VTG bitte das Log (findest Du auf dem Desktop) posten! Zusätzliche, Silentrunner: Ziparchive in ein Verzeichnis auspacken, mit Doppelklick starten, "ja" auswählen. Die erstellte Datei findet sich im gleichen Verzeichnis wo das Script hinkopiert wurde, bitte in Editor laden und posten. http://www.silentrunners.org/Silent%20Runners.zip chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
19.05.2008, 21:19
| #5 |
| | Auswertung hijackthis log-file Hi. Hier der neue Stand der Dinge, in zwei Antworten: 1. Vundo hat keine infizierten Dateien gefunden 2. der log-file von VirtmundoToBeGone [05/19/2008, 21:58:15] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Notti\Desktop\VirtumundoBeGone.exe" ) [05/19/2008, 21:58:24] - Detected System Information: [05/19/2008, 21:58:24] - Windows Version: 5.1.2600, Service Pack 2 [05/19/2008, 21:58:24] - Current Username: Notti (Admin) [05/19/2008, 21:58:24] - Windows is in SAFE mode with Networking. [05/19/2008, 21:58:24] - Searching for Browser Helper Objects: [05/19/2008, 21:58:24] - BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\NppBho [05/19/2008, 21:58:24] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing. [05/19/2008, 21:58:24] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [05/19/2008, 21:58:24] - BHO 3: {7d490141-1042-4989-8e60-12e3b0d3abbd} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\jqisxtqa [05/19/2008, 21:58:24] - Key not found: HKLM\...\Winlogon\Notify\jqisxtqa, continuing. [05/19/2008, 21:58:24] - BHO 4: {CB912875-E6EF-4576-95DC-A565A26F18B5} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\dDSMFUOE [05/19/2008, 21:58:24] - Key not found: HKLM\...\Winlogon\Notify\dDSMFUOE, continuing. [05/19/2008, 21:58:24] - BHO 5: {CF98AC93-9852-4AE9-9C71-DDCC6DEA8A2F} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\winiptec [05/19/2008, 21:58:24] - Key not found: HKLM\...\Winlogon\Notify\winiptec, continuing. [05/19/2008, 21:58:24] - BHO 6: {F1B2B165-FBF2-4EB3-98FF-9CF5506062B5} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\mlJAtULD [05/19/2008, 21:58:24] - Found: HKLM\...\Winlogon\Notify\mlJAtULD - This is probably Virtumundo. [05/19/2008, 21:58:24] - Assigning {F1B2B165-FBF2-4EB3-98FF-9CF5506062B5} MSEvents Object [05/19/2008, 21:58:24] - BHO list has been changed! Starting over... [05/19/2008, 21:58:24] - BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\NppBho [05/19/2008, 21:58:24] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing. [05/19/2008, 21:58:24] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [05/19/2008, 21:58:24] - BHO 3: {7d490141-1042-4989-8e60-12e3b0d3abbd} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\jqisxtqa [05/19/2008, 21:58:24] - Key not found: HKLM\...\Winlogon\Notify\jqisxtqa, continuing. [05/19/2008, 21:58:24] - BHO 4: {CB912875-E6EF-4576-95DC-A565A26F18B5} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\dDSMFUOE [05/19/2008, 21:58:24] - Key not found: HKLM\...\Winlogon\Notify\dDSMFUOE, continuing. [05/19/2008, 21:58:24] - BHO 5: {CF98AC93-9852-4AE9-9C71-DDCC6DEA8A2F} () [05/19/2008, 21:58:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:24] - Checking for HKLM\...\Winlogon\Notify\winiptec [05/19/2008, 21:58:24] - Key not found: HKLM\...\Winlogon\Notify\winiptec, continuing. [05/19/2008, 21:58:24] - BHO 6: {F1B2B165-FBF2-4EB3-98FF-9CF5506062B5} (MSEvents Object) [05/19/2008, 21:58:24] - ALERT: Found MSEvents Object! [05/19/2008, 21:58:24] - Finished Searching Browser Helper Objects [05/19/2008, 21:58:24] - *** Detected MSEvents Object [05/19/2008, 21:58:24] - Trying to remove MSEvents Object... [05/19/2008, 21:58:25] - Terminating Process: IEXPLORE.EXE [05/19/2008, 21:58:25] - Terminating Process: RUNDLL32.EXE [05/19/2008, 21:58:25] - Disabling Automatic Shell Restart [05/19/2008, 21:58:25] - Terminating Process: EXPLORER.EXE [05/19/2008, 21:58:26] - Suspending the NT Session Manager System Service [05/19/2008, 21:58:26] - Terminating Windows NT Logon/Logoff Manager [05/19/2008, 21:58:26] - Re-enabling Automatic Shell Restart [05/19/2008, 21:58:26] - File to disable: C:\WINDOWS\system32\mlJAtULD.dll [05/19/2008, 21:58:26] - Renaming C:\WINDOWS\system32\mlJAtULD.dll -> C:\WINDOWS\system32\mlJAtULD.dll.vir [05/19/2008, 21:58:26] - File successfully renamed! [05/19/2008, 21:58:26] - Removing HKLM\...\Browser Helper Objects\{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5} [05/19/2008, 21:58:26] - Removing HKCR\CLSID\{F1B2B165-FBF2-4EB3-98FF-9CF5506062B5} [05/19/2008, 21:58:26] - Adding Kill Bit for ActiveX for GUID: {F1B2B165-FBF2-4EB3-98FF-9CF5506062B5} [05/19/2008, 21:58:26] - Deleting ATLEvents/MSEvents Registry entries [05/19/2008, 21:58:26] - Removing HKLM\...\Winlogon\Notify\mlJAtULD [05/19/2008, 21:58:26] - Searching for Browser Helper Objects: [05/19/2008, 21:58:26] - BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} () [05/19/2008, 21:58:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:26] - Checking for HKLM\...\Winlogon\Notify\NppBho [05/19/2008, 21:58:26] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing. [05/19/2008, 21:58:26] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [05/19/2008, 21:58:26] - BHO 3: {7d490141-1042-4989-8e60-12e3b0d3abbd} () [05/19/2008, 21:58:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:26] - Checking for HKLM\...\Winlogon\Notify\jqisxtqa [05/19/2008, 21:58:26] - Key not found: HKLM\...\Winlogon\Notify\jqisxtqa, continuing. [05/19/2008, 21:58:26] - BHO 4: {CB912875-E6EF-4576-95DC-A565A26F18B5} () [05/19/2008, 21:58:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:26] - Checking for HKLM\...\Winlogon\Notify\dDSMFUOE [05/19/2008, 21:58:26] - Key not found: HKLM\...\Winlogon\Notify\dDSMFUOE, continuing. [05/19/2008, 21:58:26] - BHO 5: {CF98AC93-9852-4AE9-9C71-DDCC6DEA8A2F} () [05/19/2008, 21:58:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 21:58:26] - Checking for HKLM\...\Winlogon\Notify\winiptec [05/19/2008, 21:58:26] - Key not found: HKLM\...\Winlogon\Notify\winiptec, continuing. [05/19/2008, 21:58:26] - Finished Searching Browser Helper Objects [05/19/2008, 21:58:26] - Finishing up... [05/19/2008, 21:58:26] - A restart is needed. [05/19/2008, 21:58:46] - Attempting to Restart via STOP error (Blue Screen!) [05/19/2008, 22:01:53] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Notti\Desktop\VirtumundoBeGone.exe" ) [05/19/2008, 22:01:59] - Detected System Information: [05/19/2008, 22:01:59] - Windows Version: 5.1.2600, Service Pack 2 [05/19/2008, 22:01:59] - Current Username: Notti (Admin) [05/19/2008, 22:01:59] - Windows is in SAFE mode with Networking. [05/19/2008, 22:01:59] - Searching for Browser Helper Objects: [05/19/2008, 22:01:59] - BHO 1: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} () [05/19/2008, 22:01:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 22:01:59] - Checking for HKLM\...\Winlogon\Notify\NppBho [05/19/2008, 22:01:59] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing. [05/19/2008, 22:01:59] - BHO 2: {31EEB5B8-A57A-4604-820D-DAB6499B2747} () [05/19/2008, 22:01:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 22:01:59] - Checking for HKLM\...\Winlogon\Notify\dDSMFUOE [05/19/2008, 22:01:59] - Key not found: HKLM\...\Winlogon\Notify\dDSMFUOE, continuing. [05/19/2008, 22:01:59] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [05/19/2008, 22:01:59] - BHO 4: {7d490141-1042-4989-8e60-12e3b0d3abbd} () [05/19/2008, 22:01:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 22:01:59] - Checking for HKLM\...\Winlogon\Notify\jqisxtqa [05/19/2008, 22:01:59] - Key not found: HKLM\...\Winlogon\Notify\jqisxtqa, continuing. [05/19/2008, 22:01:59] - BHO 5: {CF98AC93-9852-4AE9-9C71-DDCC6DEA8A2F} () [05/19/2008, 22:01:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/19/2008, 22:01:59] - Checking for HKLM\...\Winlogon\Notify\winiptec [05/19/2008, 22:01:59] - Key not found: HKLM\...\Winlogon\Notify\winiptec, continuing. [05/19/2008, 22:01:59] - Finished Searching Browser Helper Objects [05/19/2008, 22:01:59] - Finishing up... [05/19/2008, 22:01:59] - Nothing found! Exiting... Mit freundlichen Grüßen menelvagor |
|
19.05.2008, 21:21
| #6 |
| | Auswertung hijackthis log-file Hi. Hier noch die Auswertung vom Silentrunner Teil 1: "Silent Runners.vbs", revision 58, Silent Runners - Adware? Disinfect, don't reformat! Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Octoshape Streaming Services" = ""C:\Programme\Octoshape Streaming Services\Notti\OctoshapeClient.exe" -inv:bootrun" [file not found] "CTSyncU.exe" = ""C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe"" [empty string] "TomTomHOME.exe" = ""C:\Programme\TomTom HOME 2\HOMERunner.exe"" ["TomTom"] "WMPNSCFG" = "C:\Programme\Windows Media Player\WMPNSCFG.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "HDAudDeck" = "C:\Programme\VIAudioi\HDADeck\HDeck.exe 1" ["VIA Technologies, Inc."] "BullGuard" = ""C:\Programme\BullGuard Software\BullGuard\bullguard.exe" -boot" [file not found] "GnabTray" = "C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe -checkstart" [null data] "Adobe" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"" [file not found] "WinDSL MTU-Adjust" = "WinDSL_MTU.exe" ["Engel Technologieberatung, Entwicklung/Verkauf von Soft- und Hardware KG"] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "osCheck" = ""C:\Programme\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"] "HP Software Update" = "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Nero AG"] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "ICQ Lite" = ""J:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."] "SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."] "Adobe Photo Downloader" = ""J:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe"" ["Adobe Systems Incorporated"] "Symantec PIF AlertEng" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"] "Adobe Reader Speed Launcher" = ""C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "1c71a8a0" = "rundll32.exe "C:\WINDOWS\system32\mqlrllpw.dll",b" [MS] "BM1f429b3c" = "Rundll32.exe "C:\WINDOWS\system32\qdnbykcg.dll",s" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"] {31EEB5B8-A57A-4604-820D-DAB6499B2747}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\dDSMFUOE.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."] {7d490141-1042-4989-8e60-12e3b0d3abbd}\(Default) = "{dbba3d0b-3e21-06e8-9894-2401141094d7}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\jqisxtqa.dll" [null data] {CF98AC93-9852-4AE9-9C71-DDCC6DEA8A2F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\winiptec.dll" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" [file not found] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" [file not found] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "J:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{24849E2F-0A86-40CD-A62A-B12F161882DB}" = "ZEN V Series Media Explorer" -> {HKLM...CLSID} = "ZEN V Series Media Explorer" \InProcServer32\(Default) = "C:\Programme\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll" ["Creative Technology Ltd"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\dDSMFUOE" HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" [file not found] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}" -> {HKLM...CLSID} = "CtMtpContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "J:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "J:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ CTMTPMediaExplorer\(Default) = "{7895F317-A125-42CC-BD3E-5830765CE577}" -> {HKLM...CLSID} = "CtMtpContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll" ["Creative Technology Ltd"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles {unrecognized setting} "InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AdobePhotoshopElements5ShowPicturesOnArrival\ "Provider" = "Adobe Photoshop Elements 5.0" "InvokeProgID" = "PhotoshopElements.Application.5" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\PhotoshopElements.Application.5\shell\launch\command\(Default) = ""J:\Programme\Adobe\Photoshop Elements 5.0\PseProxy.exe" -v "%1"" ["Adobe Systems Incorporated"] CTMTPHandler\ "Provider" = "Creative Media Explorer" "ProgID" = "CTMtpAut.CTMtpEventHandler" "InitCmdLine" = "OrganizeUsingZME" HKLM\SOFTWARE\Classes\CTMtpAut.CTMtpEventHandler\CLSID\(Default) = "{9F40AC21-F4D1-477C-AC95-7A935224220F}" -> {HKLM...CLSID} = "CTMtpEventHandler Class" \LocalServer32\(Default) = "C:\PROGRA~1\Creative\SHARED~1\CTMtpAut.exe" ["Creative Technology Ltd."] CTPlayAudioOnArrivalu\ "Provider" = "Creative MediaSource 5 Player" "InvokeProgID" = "CTAutoPLu.AudioCDPlayer.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\CTAutoPLu.AudioCDPlayer.1\shell\open\command\(Default) = ""C:\Programme\Creative\MediaSource5\CTCMSu.exe" /T=CLASSKEY_AudioCD IN %L PlayNow" ["Creative Technology Ltd"] CTPlayMusicFilesOnArrivalu\ "Provider" = "Creative MediaSource 5 Player" "InvokeProgID" = "CTAutoPLu.MusicFilesPlayer.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\CTAutoPLu.MusicFilesPlayer.1\shell\open\command\(Default) = ""C:\Programme\Creative\MediaSource5\CTCMSu.exe" /Organizer" ["Creative Technology Ltd"] DVDFabPlatinumOnDVDArrival\ "Provider" = "DVDFab Platinum" "InvokeProgID" = "DVDFabPlatinumOpen" "InvokeVerb" = "Open" HKLM\SOFTWARE\Classes\DVDFabPlatinumOpen\shell\Open\command\(Default) = "J:\PROGRA~1\DVDFAB~1\DVDFAB~1.EXE" ["Fengtao Software Inc."] EHomeMusicDropTarget\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}" -> {HKLM...CLSID} = "EHomeMusicDropTarget Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" |
|
| Themen zu Auswertung hijackthis log-file |
| adobe, anlage, aufrufe, browser, downloader, excel, firefox, hijack, hijack this, hijackthis, internet, internet explorer, internet security, log file, malware, mozilla, mozilla firefox, object, photoshop, popup, problem, rundll, security, software, symantec, system, temp, urlsearchhook, verweise, windows, windows xp |
Hybrid-Darstellung
