|
Virus hat mich erwischt :( nach 20 Jahren btx/Internet hat es mich zum ersten mal auch erwischt und ich weiß immer noch nicht mal wie... habe hoffentlich alles entfernt, oder ist im HJT-logfile noch was Verdächtiges? -------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23.43, on 14.06.08 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\system32\spoolsv.exe C:\Programme\a-squared Free\a2service.exe C:\Programme\Lavasoft\Ad-Aware\aawservice.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\System32\snmp.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\WT32EXE.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\System32\msdtc.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Googlefilter\Core\Googlefilter.exe C:\Programme\Microsoft IntelliType Pro\itype.exe C:\WINNT\system32\tblmouse.exe C:\Programme\MessengerPlus! 3\MsgPlus.exe C:\Programme\Microsoft IntelliPoint\ipoint.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Java\jre1.6.0_06\bin\jusched.exe C:\Programme\Unlocker\UnlockerAssistant.exe C:\WINNT\system32\RUNDLL32.EXE C:\WINNT\system32\mqsvc.exe C:\Programme\Microsoft IntelliPoint\dpupdchk.exe C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Dme&x Toolbar - {3F756BC4-26CB-497E-9409-8F09C1850C80} - C:\Programme\DMEXBar\dmexbar.dll O3 - Toolbar: Dmexdir Toolbar - {4ADFE869-0C09-4F41-AD79-A8F1CFA201E8} - C:\Programme\DMEXBar\dmexdir\dmexdir.dll O3 - Toolbar: Dmexfav Toolbar - {2977A961-7304-49C3-9BA5-C957E5277A76} - C:\Programme\DMEXBar\dmexfav\dmexfav.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DelTempFiles] WScript.exe C:\WINNT\Deltemp.vbs O4 - HKLM\..\Run: [Googlefilter] C:\Programme\Googlefilter\Core\Googlefilter.exe /run O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [TBLFUNC] tblmouse.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Googlefilter] C:\Programme\Googlefilter\Core\Googlefilter.exe /run O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\Run: [Googlefilter] C:\Programme\Googlefilter\Core\Googlefilter.exe /run (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programme\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: Allzeit Atomzeit (leise, 5 Min. verzögert).lnk = C:\Programme\Allzeit Atomzeit\Atomzeit.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191753458621 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191755951174 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Tablet Service (TabletService) - Aiptek - C:\WINNT\system32\WT32EXE.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - (no file) ---------------------------------------------------- Danke bug |
Kam der Virus mit der Installation des Messengers Plus? Lasse bitte Malwarebytes scannen und poste das Logfile hier. |
Zitat:
malwarebytes wurde auch gering fündig: Malwarebytes' Anti-Malware 1.17 Datenbank Version: 869 1.37.07 19.06.08 mbam-log-6-19-2008 (01-36-55).txt Scan Art: Komplett Scan (C:\|) Objekte gescannt: 81163 Scan Dauer: 30 minute(s), 36 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 9 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\Interface\{06ebda5c-bd3d-451d-9bf2-fde4cd98e56b} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ed4ca03d-dba9-4403-9c0d-917b29aca380} (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (52200-OEM-0002561-27911) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Anon\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken. |
und das sagt der runscanner: Runscanner logfile RunScanner freeware startup, hijack and malware analyzer * = signed file - = file not found 000 General info ---------------- Computer name : FAMILY Creation time : 21.06.08 9.07.30 Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 6.0.2800.1106 OS : Microsoft Windows 2000 OS Build : 2195 OS SP : Service Pack 4 RunScanner Version : 1.6.3.0 User Language : Deutsch (Deutschland) User rights : Administrator Windows folder : C:\WINNT 001 Running processes --------------------- * c:\programme\lavasoft\ad-aware\aawservice.exe (Lavasoft) c:\programme\avira\antivir personaledition classic\avguard.exe (Avira GmbH) c:\programme\avira\antivir personaledition classic\sched.exe (Avira GmbH) c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH) * c:\winnt\system32\services.exe (Microsoft Corporation) c:\programme\a-squared free\a2service.exe (Emsi Software GmbH) * c:\winnt\system32\csrss.exe (Microsoft Corporation) * c:\programme\microsoft intellitype pro\dpupdchk.exe (Microsoft Corporation) * c:\winnt\system32\rundll32.exe (Microsoft Corporation) * c:\programme\mozilla firefox\firefox.exe (Mozilla Corporation) * c:\winnt\system32\svchost.exe (Microsoft Corporation) * c:\winnt\system32\svchost.exe (Microsoft Corporation) * c:\winnt\system32\svchost.exe (Microsoft Corporation) c:\programme\googlefilter\core\googlefilter.exe (ABoTech Software Andreas Born, Marc Waesche Services) * c:\winnt\system32\inetsrv\inetinfo.exe (Microsoft Corporation) * c:\programme\microsoft intellipoint\ipoint.exe (Microsoft Corporation) * c:\programme\microsoft intellitype pro\itype.exe (Microsoft Corporation) * c:\programme\java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.) * c:\winnt\system32\lsass.exe (Microsoft Corporation) * c:\programme\gemeinsame dateien\microsoft shared\vs7debug\mdm.exe (Microsoft Corporation) * c:\programme\messengerplus! 3\msgplus.exe (Patchou) * c:\winnt\msagent\agentsvr.exe (Microsoft Corporation) * c:\programme\microsoft office\office10\outlook.exe (Microsoft Corporation) * c:\winnt\system32\msdtc.exe (Microsoft Corporation) * c:\winnt\system32\nvsvc32.exe (NVIDIA Corporation) c:\programme\quicktime\qttask.exe (Apple Inc.) * c:\winnt\system32\regsvc.exe (Microsoft Corporation) * c:\dokumente und einstellungen\anon\desktop\runscanner.exe (Runscanner.net) * c:\winnt\system32\snmp.exe (Microsoft Corporation) * c:\winnt\system32\spoolsv.exe (Microsoft Corporation) * c:\winnt\system32\stisvc.exe (Microsoft Corporation) * c:\winnt\system32\mstask.exe (Microsoft Corporation) c:\winnt\system32\tblmouse.exe * c:\winnt\system32\tcpsvcs.exe (Microsoft Corporation) * c:\winnt\system32\zonelabs\vsmon.exe (Zone Labs, LLC) c:\programme\unlocker\unlockerassistant.exe * c:\winnt\explorer.exe (Microsoft Corporation) * c:\winnt\system32\mqsvc.exe (Microsoft Corporation) * c:\winnt\system32\smss.exe (Microsoft Corporation) * c:\winnt\system32\winlogon.exe (Microsoft Corporation) * c:\winnt\system32\wbem\winmgmt.exe (Microsoft Corporation) c:\winnt\system32\wt32exe.exe (Aiptek) * c:\programme\zone labs\zonealarm\zlclient.exe (Zone Labs, LLC) 002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\programme\avira\antivir personaledition classic\avgnt.exe (Avira GmbH) - wscript.exe c:\winnt\deltemp.vbs c:\programme\googlefilter\core\googlefilter.exe (ABoTech Software Andreas Born, Marc Waesche Services) * c:\programme\messengerplus! 3\msgplus.exe (Patchou) * c:\programme\gemeinsame dateien\nero\lib\nerocheck.exe (Nero AG) c:\programme\quicktime\qttask.exe (Apple Inc.) C:\WINNT\system32\tblmouse.exe C:\WINNT\system32\tweakui.cpl (Brummelchen@gmx.at) c:\programme\unlocker\unlockerassistant.exe * c:\programme\zone labs\zonealarm\zlclient.exe (Zone Labs, LLC) 003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\programme\googlefilter\core\googlefilter.exe (ABoTech Software Andreas Born, Marc Waesche Services) 004 C:\Dokumente und Einstellungen\Anon\Startmenü\Programme\Autostart --------------------------------------------------------------------- c:\progra~1\allzei~1\atomzeit.exe 008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys) -------------------------------------------------------------------------- c:\programme\googlefilter\core\googlefilter.exe (ABoTech Software Andreas Born, Marc Waesche Services) 010 HKLM\SYSTEM\CurrentControlSet\Services (Services) ----------------------------------------------------- c:\programme\avira\antivir personaledition classic\avguard.exe (AntiVir PersonalEdition Classic Guard) c:\programme\avira\antivir personaledition classic\sched.exe (AntiVir PersonalEdition Classic Planer) c:\programme\a-squared free\a2service.exe (a-squared Free Service) * c:\programme\lavasoft\ad-aware\aawservice.exe (Lavasoft Ad-Aware Service) * c:\programme\gemeinsame dateien\nero\lib\nmindexingservice.exe (NMIndexingService) c:\winnt\system32\wt32exe.exe (Tablet Service) * c:\winnt\system32\zonelabs\vsmon.exe (TrueVector Internet Monitor) 011 HKLM\SYSTEM\CurrentControlSet\Services (drivers) ---------------------------------------------------- C:\WINNT\system32\drivers\m_sscan.sys (1200SP Scanner Service) c:\winnt\system32\drivers\aspi32.sys (Aspi32) * c:\programme\avira\antivir personaledition classic\avgio.sys (avgio) * c:\programme\avira\antivir personaledition classic\avgntflt.sys (avgntflt) * C:\WINNT\system32\drivers\avipbb.sys (avipbb) C:\WINNT\system32\drivers\stv680.sys (Digital Camera) C:\WINNT\system32\drivers\stv680m.sys (Digital Cameram) * C:\WINNT\system32\zonelabs\srescan.sys (srescan) C:\WINNT\system32\drivers\ssmdrv.sys (ssmdrv) C:\WINNT\system32\drivers\tablet.sys (Tablet Driver) C:\WINNT\system32\drivers\tbfilter.sys (Tablet Filter Driver) - c:\winnt\system32\drivers\tga.sys (tga) C:\WINNT\system32\drivers\btxbar.sys (TV Capture Card WDM Crossbar) C:\WINNT\system32\drivers\bttuner.sys (TV Capture Card WDM TvTuner) C:\WINNT\system32\drivers\bt848.sys (TV Capture Card WDM Video Capture) c:\programme\unlocker\unlockerdriver5.sys (UnlockerDriver5) * C:\WINNT\system32\vsdatant.sys (vsdatant) 031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler ------------------------------------------- c:\programme\gemeinsame dateien\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} c:\programme\gemeinsame dateien\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} c:\programme\gemeinsame dateien\microsoft shared\web folders\pkmcdo.dll (Microsoft Corporation) {CD00020A-8B95-11D1-82DB-00C04FB1625D} c:\programme\gemeinsame dateien\microsoft shared\information retrieval\msitss.dll (Microsoft Corporation) {0A9007C0-4076-11D3-8789-0000F8105754} c:\programme\gemeinsame dateien\system\ole db\msdaipp.dll (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} 035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components ------------------------------------------------------------------ C:\WINNT\system32\updcrl.exe (Microsoft Corporation) {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} 036 HKCU\Software\Microsoft\Internet Explorer\Desktop\Components ---------------------------------------------------------------- - 041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar ---------------------------------------------------------- c:\programme\dmexbar\dmexbar.dll (André Rübel) {3F756BC4-26CB-497E-9409-8F09C1850C80} c:\programme\dmexbar\dmexdir\dmexdir.dll {4ADFE869-0C09-4F41-AD79-A8F1CFA201E8} c:\programme\dmexbar\dmexfav\dmexfav.dll {2977A961-7304-49C3-9BA5-C957E5277A76} c:\programme\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} 042 HKLM\Software\Microsoft\Internet Explorer\Extensions -------------------------------------------------------- C:\WINNT\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66} c:\programme\flashget\flashget.exe (FlashGet.com) {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} 044 HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser ------------------------------------------------------------------ c:\programme\dmexbar\dmexdir\dmexdir.dll {4ADFE869-0C09-4F41-AD79-A8F1CFA201E8} c:\programme\dmexbar\dmexfav\dmexfav.dll {2977A961-7304-49C3-9BA5-C957E5277A76} 045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ---------------------------------------------------------------- c:\programme\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} 047 Trusted zones ----------------- Zone: fritz.box : *.fritz.box 052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ---------------------------------------------------------------------------------- c:\programme\flashget\jccatch.dll (Best Download Manager - FlashGet) {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} c:\programme\flashget\getflash.dll (Best Download Manager - FlashGet) {F156768E-81EF-470C-9057-481BA8380DBA} c:\programme\iepro\iepro.dll (IE7Pro.com) {00011268-E188-40DF-A514-835FCD78B1BF} c:\programme\pdfcreator toolbar\v3.3.0.1\pdfcreator_toolbar.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837} * c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F} 061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved --------------------------------------------------------------------------------- c:\programme\a-squared free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF} c:\programme\dmexbar\dmexbar.dll (André Rübel) {3F756BC4-26CB-497E-9409-8F09C1850C80} c:\programme\dmexbar\dmexcol\dmexcol.dll {06BB18A9-BB63-457D-8C3B-31F60A70EF9A} c:\programme\dmexbar\dmexdir\dmexdir.dll {4ADFE869-0C09-4F41-AD79-A8F1CFA201E8} c:\programme\dmexbar\dmexdrop\dmexdrop.dll {832ACDF9-7A47-4183-90E6-92A578A20FE8} c:\programme\dmexbar\dmexfav\dmexfav.dll {2977A961-7304-49C3-9BA5-C957E5277A76} c:\programme\dmexbar\dmexmenu\dmexmenu.dll {8AF756EB-9082-4197-8C85-5952CDA2A959} c:\programme\dmexbar\dmexsik.dll {85FB48F3-2713-4708-A8B5-E163FB382C28} c:\programme\dmexbar\dmexsik.dll {D3584CB6-AF7B-4D49-9819-3BD7C1E88F6D} * c:\winnt\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000} c:\programme\izarc\izarccm.dll {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} c:\progra~1\micros~3\office\1031\unbind.dll (Microsoft Corporation) {59850401-6664-101B-B21C-00AA004BA90B} * c:\programme\zone labs\zonealarm\zlavscan.dll (Zone Labs, LLC) {D9872D13-7651-4471-9EEE-F0A00218BEBB} * c:\programme\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} c:\programme\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} c:\progra~1\gemein~1\micros~1\webfol~1\msonsext.dll (Microsoft Corporation) {BDEADF00-C265-11d0-BCED-00A0C90AB50F} c:\progra~1\gemein~1\micros~1\webfol~1\msonsext.dll (Microsoft Corporation) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} 062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------------ GUID / CLSID not found {7D4D6379-F301-4311-BEBA-E26EB0561882} c:\programme\dmexbar\dmexcol\dmexcol.dll {06BB18A9-BB63-457D-8C3B-31F60A70EF9A} c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627} 069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors -------------------------------------------------------- C:\WINNT\system32\avmprmon.dll (AVM Berlin GmbH) C:\WINNT\system32\ebpmon24.dll (SEIKO EPSON CORPORATION) C:\WINNT\system32\pdfcmnnt.dll (internet-support foehr.com) - 073 %windir%\Tasks ------------------ AppleSoftwareUpdate.job : c:\programme\apple software update\softwareupdate.exe (Apple Inc.) 104 HKLM\Software\Microsoft\Code Store Database\Distribution Units ------------------------------------------------------------------ c:\winnt\downlo~1\oscan82.ocx (BitDefender) {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} * c:\programme\divx\divx web player\npdivx32.dll (DivX,Inc.) {67DABFBF-D0AB-41FA-9C46-CC0F21721616} c:\winnt\downloaded program files\yuplapp.dll (Yahoo! Inc.) {8714912E-380D-11D5-B8AA-00D0B78F3D48} GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} c:\winnt\opuc.dll (Microsoft Corporation) {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} 105 HKCU\Software\Microsoft\Internet Explorer\MenuExt ----------------------------------------------------- &Alles mit FlashGet laden : C:\Programme\FlashGet\jc_all.htm &Mit FlashGet laden : C:\Programme\FlashGet\jc_link.htm 173 HKCR\*\shellex\ContextMenuHandlers -------------------------------------- * c:\programme\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} * c:\winnt\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000} c:\programme\izarc\izarccm.dll {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} c:\programme\notepad++\nppcm.dll (Burgaud.com) {120B94B5-2E6A-4F13-94D0-414BCB64FA0F} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} * c:\programme\zone labs\zonealarm\zlavscan.dll (Zone Labs, LLC) {D9872D13-7651-4471-9EEE-F0A00218BEBB} 212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath --------------------------------------------------------------------------------- C:\WINNT\system32\dfrg.msc 221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers ------------------------------------------------------- * c:\programme\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} * c:\winnt\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000} c:\programme\izarc\izarccm.dll {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} c:\programme\notepad++\nppcm.dll (Burgaud.com) {120B94B5-2E6A-4F13-94D0-414BCB64FA0F} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} * c:\programme\zone labs\zonealarm\zlavscan.dll (Zone Labs, LLC) {D9872D13-7651-4471-9EEE-F0A00218BEBB} 223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- c:\programme\a-squared free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF} c:\programme\dmexbar\dmexmenu\dmexmenu.dll {8AF756EB-9082-4197-8C85-5952CDA2A959} * c:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} c:\programme\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} 225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------ c:\programme\a-squared free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF} c:\programme\a-squared free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF} * c:\winnt\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000} * c:\winnt\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000} * c:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} * c:\programme\malwarebytes' anti-malware\mbamext.dll (Malwarebytes) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} c:\programme\avira\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} c:\programme\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} c:\programme\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} * c:\programme\zone labs\zonealarm\zlavscan.dll (Zone Labs, LLC) {D9872D13-7651-4471-9EEE-F0A00218BEBB} * c:\programme\zone labs\zonealarm\zlavscan.dll (Zone Labs, LLC) {D9872D13-7651-4471-9EEE-F0A00218BEBB} 227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers --------------------------------------------------------------- GUID / CLSID not found {73B24247-042E-4EF5-ADC2-42F62E6FD654} c:\programme\izarc\izarccm.dll {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} 229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- c:\programme\dmexbar\dmexmenu\dmexmenu.dll {8AF756EB-9082-4197-8C85-5952CDA2A959} 231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------- c:\programme\dmexbar\dmexcol\dmexcol.dll GUID / CLSID not found NeroDigitalExt.NeroDigitalColumnHandler c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info 241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers --------------------------------------------------------------------------------------- c:\programme\dmexbar\dmexsik.dll {D3584CB6-AF7B-4D49-9819-3BD7C1E88F6D} |
Hast Du noch Meldungen? Das System nun mit Avira (vorher updaten und wie hier beschrieben einstellen) scannen. Den Scanbericht hier posten, es kann durchaus sein das noch Kopien in der Systemwiederherstellung zu finden sind. Nach dem scannen, setzte die Einstellungen wieder zurück sie sind nicht ganz alltagstauglich. :) Dann poste noch ein neuen HiJackThis Logfile. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 12:32 Uhr. |
Copyright ©2000-2025, Trojaner-Board