Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   würdet ihr euch bitte mein logfile anschauen? (https://www.trojaner-board.de/17365-wuerdet-euch-bitte-logfile-anschauen.html)

GinoCazino 03.05.2005 14:22
würdet ihr euch bitte mein logfile anschauen?
 
hi,

würde mich sehr freuen wenn ihr mal meinen logfile anschauen würdet... vielleicht entdeckt ihr ein paar zeilen die unbedingt weg müssen :)
wäre euch dafür echt sehr dankbar!!!

weil ab und an macht mein pc faxen :heulen: :confused:

hier:
Logfile of HijackThis v1.98.0
Scan saved at 15:21:50, on 03.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
D:\Programme\UltraMon\UltraMon.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
D:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Norton AntiVirus\OPScan.exe
D:\eigenedateien\sicherheit_tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BCECB8F-7371-40DA-881F-FFE4786A3D11} - (no file)
O2 - BHO: (no name) - {5C0BF1FB-D263-4A10-BC1F-07038452E3E2} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: UltraMon.lnk = D:\Programme\UltraMon\UltraMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Alte Version auf &archives.org ansehen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Mit Mr&Check nachschlagen... - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite aus dem &Cache anzeigen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gcache.htm
O8 - Extra context menu item: Seite mit Google übersetzen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Zoom &In* - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &Out* - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O8 - Extra context menu item: Zurückführende &Links - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
O8 - Extra context menu item: Äh&nliche Seiten - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
O8 - Extra context menu item: Übersetzen mit &dict.leo.org - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tutrans.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter...0/SYSsfitb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Chris14 03.05.2005 14:29
1.escan
-lade dir escan runter und gehe genau nach dieser Anleitung vor

2.einträge löschen
-fixe mit hijackthis diese einträge:
O2 - BHO: (no name) - {3BCECB8F-7371-40DA-881F-FFE4786A3D11} - (no file)
O2 - BHO: (no name) - {5C0BF1FB-D263-4A10-BC1F-07038452E3E2} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shoote...00/SYSsfitb.cab

3.ergebnisse
-gehe wieder in den normalen modus
-öffne die datei mwav.log,klicke auf bearbeiten dann auf suchen
-gebe infected ein
-suche weiter,markiere die treffer und kopiere sie ins forum
-poste ein neues hijackthis log

welche "faxen" macht der pc genau? poste bitte dein genaues problem.

GinoCazino 03.05.2005 15:13
hi danke danke

also paar sachen sind schon verschwunden durch den hijackthis fixen
im IE hatte ich immer diesen überflüssigen button drin :) der is jetzt weg *freu*

hier der MWAV log
Tue May 03 15:56:04 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:56:04 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:56:04 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:56:04 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:56:04 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.




also früher hat kasperky aus immer was von spyware/adware gelabert er konnte es aber ned beheben ;(


und hier der hijackthis log:

Logfile of HijackThis v1.98.0
Scan saved at 16:12:48, on 03.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
D:\Programme\UltraMon\UltraMon.exe
C:\WINDOWS\DitExp.exe
D:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
D:\eigenedateien\sicherheit_tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: UltraMon.lnk = D:\Programme\UltraMon\UltraMon.exe
O8 - Extra context menu item: Alte Version auf &archives.org ansehen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Mit Mr&Check nachschlagen... - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite aus dem &Cache anzeigen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gcache.htm
O8 - Extra context menu item: Seite mit Google übersetzen - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Zoom &In* - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &Out* - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O8 - Extra context menu item: Zurückführende &Links - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
O8 - Extra context menu item: Äh&nliche Seiten - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
O8 - Extra context menu item: Übersetzen mit &dict.leo.org - C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tutrans.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab





danke!!!!! :aplaus: :daumenhoc

Chris14 03.05.2005 15:22
aber du kannst es manuell entfernen
-klick auf start, ausführen, regedit
-navigiere durch folgende "schlüssel" (sehen aus wie ordner) und lösche dann die entsprechenden:
--in HKEY_LOCAL_MACHINE\Software den schlüssel powerscan löschen
--in HKEY_LOCAL_MACHINE\Software den schlüssel 180Solutions löschen
--in HKEY_CURRENT_USER\Software den schlüssel dr_s löschen
--in HKEY_LOCAL_MACHINE\Software den schlüssel TwainTec löschen
-klicke wieder auf arbeitsplatz in regedit
-klicke auf auf bearbeiten,suchen
-gebe ein oder kopiere {c109664b-ceb1-420b-b353-d55a561536dd} ins suchfeld und klicke dann auf ok
-lösche dann den daraufhin von regedit gefundenen schlüssel
-poste, ob die probleme behoben sind

GinoCazino 03.05.2005 17:23
ok habe nochmal drüber laufen lassen habe vergessen D: noch auszuwählen habe noch eine festplatte :(

hier meine probleme:

Tue May 03 15:58:36 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:58:36 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:58:36 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:58:36 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:58:36 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:58:36 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:58:36 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:58:36 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:58:37 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:58:37 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:58:37 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:58:37 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:58:37 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:58:37 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:59:22 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:59:22 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:59:22 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:59:22 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:59:22 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:59:22 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.


Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\162D40A2.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\166F03A4.par [**]
Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\173C5D78.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\173C5D78.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\1753035F.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1753035F.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\181B0484.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\181B0484.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\1A3D1DE8.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1A3D1DE8.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\1BC87635.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\1BC87635.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\27E3464D.htm
Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\28345FF3.zip
Tue May 03 17:04:06 2005 => File C:\Programme\Norton AntiVirus\Quarantine\28345FF3.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:06 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\2BBA7316.exe
Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\373E1643.htm
Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\3E2A48E9.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\3E2A48E9.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\418871C3.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\418871C3.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\44230A57.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\44230A57.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\44677C0B.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\44677C0B.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\54EC0112.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\54EC0112.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\5B041215.htm
Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\60F61737.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\60F61737.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\610140E6.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\610140E6.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\649C1533.par [**]
Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\6CB03845.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6CB03845.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\6FA21B07.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\6FA21B07.zip infected by "Trojan.Java.ClassLoader.o" Virus. Action Taken: No Action Taken.

Tue May 03 17:04:07 2005 => Scanning File C:\Programme\Norton AntiVirus\Quarantine\734E42F8.zip
Tue May 03 17:04:07 2005 => File C:\Programme\Norton AntiVirus\Quarantine\734E42F8.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.



Tue May 03 15:56:04 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:56:04 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:56:04 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:56:04 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:56:04 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:56:04 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:56:04 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.


Tue May 03 15:56:50 2005 => File C:\WINDOWS\wingoon.exe infected by "not-a-virus:Porn-Dialer.Win32.Lagoon" Virus. Action Taken: No Action Taken.




Tue May 03 15:57:52 2005 => System found infected with adshooter Spyware/Adware ({c109664b-ceb1-420b-b353-d55a561536dd})! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "adshooter Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:57:52 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue May 03 15:57:52 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:57:52 2005 => Offending value found in HKLM\Software\180Solutions !!!
Tue May 03 15:57:52 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:57:52 2005 => Offending value found in HKCU\Software\dr_s !!!
Tue May 03 15:57:52 2005 => System found infected with dr_s Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "dr_s Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue May 03 15:57:52 2005 => Offending value found in HKLM\Software\TwainTec !!!
Tue May 03 15:57:52 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Tue May 03 15:57:52 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.


Tue May 03 15:57:56 2005 => File C:\WINDOWS\wingoon.exe infected by "not-a-virus:Porn-Dialer.Win32.Lagoon" Virus. Action Taken: No Action Taken.






Tue May 03 16:01:12 2005 => Scanning File C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Real\RealPlayer\History\Your system infected.lnk



Tue May 03 16:52:20 2005 => Scanning File C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\Real\RealPlayer\History\Your system infected.lnk


Tue May 03 17:25:28 2005 => File C:\WINDOWS\wingoon.exe infected by "not-a-virus:Porn-Dialer.Win32.Lagoon" Virus. Action Taken: No Action Taken.







ich hoffe da kann man überhaupt noch was machen... also wenn ich ehrlich bin ich lebe mit den viren ganz gut noch *gg* habe halt angst was passieren könnte :) bitte hilf mir nochmal wäre sehr nett von dir :heulen: :( :daumenhoc

GinoCazino 04.05.2005 12:06
bitte :kloppen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131