Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bitte Log mal ansehen!!! (https://www.trojaner-board.de/15068-bitte-log-mal-ansehen.html)

lauschi 08.03.2005 10:34
Bitte Log mal ansehen!!!
 
Logfile of HijackThis v1.99.1
Scan saved at 10:32:24, on 08.03.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\SOINTGR.EXE
C:\Programme\Trojancheck 6\tcguard.exe
C:\Programme\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\DOKUME~1\STANDARD\LOKALE~1\TEMP\_VWUPSRV.EXE
G:\antivir\AVWUPSRV.EXE
G:\antivir\AVGUARD.EXE
G:\antivir\AVGNT.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\trojacheck\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVGCtrl] "G:\antivir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe
O4 - HKCU\..\Run: [AIM] C:\Programme\AIM95\aim.exe -cnetwait.odl
O4 - Startup: TK-Phone.lnk = C:\Programme\Telekom\TkSoft\tkphone.exe
O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = ?
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://217.175.252.58:8000/Java/cfs31235.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {1A254634-F4AC-4002-8B34-35CE1B2C9E72} (Wsd Control) - http://212.112.203.97/dialer/wsd.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.stardialer.de/install/StarInstall.ocx
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.stardialer.de/InstallationsAssistent.ocx
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\antivir\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\antivir\AVWUPSRV.EXE

chaosman 08.03.2005 11:26
@lauschi
du hast einiges im system,
update dein system und IE als erstes.
lade escan
download
anleitung
teile uns das gesamte (!) Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> virus eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

chaosman

lauschi 08.03.2005 18:07
hallo, das ist nun die auswertung von e-scan.
nun benötige ich nochmal eure hilfe bitte.


File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\GIOCLC~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File c:\PROGRA~1\GEMEIN~1\cmeii\GSTORE~1.DLL infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File c:\PROGRA~1\GEMEIN~1\cmeii\gdwldeng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File c:\PROGRA~1\GEMEIN~1\cmeii\gmtproxy.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Standard\LOKALE~1\Temp\trickler_4010.ex_ infected by "not-a-virus:AdWare.Gator.4010" Virus. Action Taken: No Action Taken.
File C:\DOKUME~1\Standard\LOKALE~1\Temp\ImInstaller\IncrediMail\imloader.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File C:\WINDOWS\TEMP\~GL_3C18.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~GL_3C1F.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~GL_2405.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~GL_3A46.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~GL_3B35.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~GL_3458.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\~GL_3506.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\Adware\cd_install_291.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\Adware\DelFinMediaViewer29j.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMP\Adware\WebInstall.exe infected by "not-a-virus:AdWare.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\Adware\SaveNowInst.exe infected by "not-a-virus:AdWare.SaveNow.ar" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\BDECache\bde10A5.TMP infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.1.0.037\NPWTHOST.DLL infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.1.0.037\WTVH.DLL infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtbgm\files\1.5.0.134\WTBGMTT.EXE infected by "not-a-virus:AdWare.WildTangent.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtbgm\files\1.5.1.019\wtbgmtt.exe infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtbgm\wtbgmtt.exe infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\precisiontime2102.zip infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\datemanager2102.zip infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\apps\DateManager\InstallDateManager.exe infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\store\apps\precisiontime2102.zip infected by "not-a-virus:AdWare.Gator.2102" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\CMEII\store\apps\datemanager2102.zip infected by "not-a-virus:AdWare.Gator.4116" Virus. Action Taken: No Action Taken.
File C:\holi351601426.exe infected by "not-a-virus:Porn-Dialer.Win32.Holistyc.gen" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Temp\trickler_4010.ex_ infected by "not-a-virus:AdWare.Gator.4010" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Temp\ImInstaller\IncrediMail\imloader.exe tagged as not-a-virus:RiskWare.Downloader.ImLoader.b. No Action Taken.
File C:\Dokumente und Einstellungen\Standard\Eigene Dateien\poolmup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{275AACCF-B2DA-421D-9C21-7695B368A0DF}\RP490\A0104894.exe infected by "not-a-virus:AdWare.Gator.5112" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{275AACCF-B2DA-421D-9C21-7695B368A0DF}\RP490\A0104900.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{275AACCF-B2DA-421D-9C21-7695B368A0DF}\RP490\A0104901.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\SQCLREAON.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\FFCNRFCF.EXE.VIR infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\FFCNRFCF.EXE.001 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\SQCLREAON.EXE.001 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\SQCLREAON.EXE.002 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\FFCNRFCF.EXE.002 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\SQCLREAON.EXE.003 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\FFCNRFCF.EXE.003 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\SQCLREAON.EXE.004 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\SQCLREAON.EXE.005 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\FFCNRFCF.EXE.004 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\SQCLREAON.EXE.006 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File G:\antivir\INFECTED\FFCNRFCF.EXE.005 infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.

chaosman 08.03.2005 19:32
@lauschi
diese datei auf diskette sichern zwecks beweismittel gegen hohe telefonrechnungen
lade clearprog download
alle häkchen bei IE und windows setzen, löschen
systemwiederherstellung deaktivieren, neu booten, systemwiederherstellung aktivieren.
wechsle in den abgesicherten modus und lösche manuell
alle CMEII-dateien, alle folgende dateien
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.1.0.03 7\NPWTHOST.DLL
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.1.0.03 7\WTVH.DLL
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.00 7\wtvh.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.00 7\npwthost.dll
C:\WINDOWS\wt\wtupdates\wtbgm\files\1.5.0.134\WTBG MTT.EXE
C:\WINDOWS\wt\wtupdates\wtbgm\files\1.5.1.019\wtbg mtt.exe
C:\WINDOWS\wt\wtbgm\wtbgmtt.exe
C:\WINDOWS\wt\wtvh.dll
C:\holi351601426.exe
diese ordner mal leeren G\antivir\INFECTED
neu booten, neues HJT logfile posten
chaosman

lauschi 13.03.2005 15:51
salut, hier der logfile nach dem scannen und löschen.

Logfile of HijackThis v1.99.1
Scan saved at 15:48:34, on 13.03.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
G:\antivir\AVGNT.EXE
C:\Programme\Trojancheck 6\tcguard.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
G:\antivir\AVGUARD.EXE
G:\antivir\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\trojacheck\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVGCtrl] "G:\antivir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - Startup: TK-Phone.lnk = C:\Programme\Telekom\TkSoft\tkphone.exe
O4 - Global Startup: Sagem - 802.11g Wi-Fi USB Dongle LAN Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://217.175.252.58:8000/Java/cfs31235.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {1A254634-F4AC-4002-8B34-35CE1B2C9E72} (Wsd Control) - http://212.112.203.97/dialer/wsd.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex...amesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.stardialer.de/install/StarInstall.ocx
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.stardialer.de/InstallationsAssistent.ocx
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\antivir\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\antivir\AVWUPSRV.EXE

chaosman 15.03.2005 20:44
@lauschi
system und IE updaten!
wechsle erst danach in den abgesicherten modus und fixe mit HJT
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local>
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 ieautosearch
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {1A254634-F4AC-4002-8B34-35CE1B2C9E72} (Wsd Control) - http://212.112.203.97/dialer/wsd.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/active...gamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.stardialer.de/install/StarInstall.ocx
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.stardialer.de/InstallationsAssistent.ocx
danach manuell löschen
C:\WINDOWS\web\related.htm

neu booten, neues HJT logfile posten
neue startseite vergeben
chaosman

lauschi 15.03.2005 20:56
salut!

kannst du mir vielleicht sagen, wie ich system und IE update?
und hast du eine ahnung, was Nullsoft für ein Programm ist? das befindet sich an mehren stellen auf der c festplatte.

danke dir

lg lauschi

Yopie 15.03.2005 21:00
Zitat:
Zitat von lauschi
kannst du mir vielleicht sagen, wie ich system und IE update?
http://www.windowsupdate.com

AFAIK gibts dafür sogar den ein- oder anderen Button in WindowsXP. :crazy:

Zitat:
Zitat von lauschi
und hast du eine ahnung, was Nullsoft für ein Programm ist? das befindet sich an mehren stellen auf der c festplatte.
Kennst Du Winamp? Nullsoft ist der Hersteller.

Gruß :daumenhoc
Yopie

Haui45 15.03.2005 21:02
Zitat:
kannst du mir vielleicht sagen, wie ich system und IE update?
Tipps:
1.) Windows-Hilfe
2.) Google (siehe Signatur)
3.) Start-> Programme-> Windows-Update


Zitat:
und hast du eine ahnung, was Nullsoft für ein Programm ist?
Tipps:
1.) Google, aber das hatten wir ja schon :D
2.) -> Winamp

;)

mfg Haui


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131