wie bekpmme ich diese spyware runter?

von **schlitz** am 19.03.2005, 19:01

--------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:54:46, on 19.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\Internet Explorer\iexplore.exe
E:\eMule\emule.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Dieter\LOKALE~1\Temp\Rar$EX00.281\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Dieter\LOKALE~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Dieter\LOKALE~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: Search - {A2E6E2A3-1A49-45ED-AC33-AAA0D7F479C7} - C:\WINDOWS\System32\Q43891859.dll (file missing)
R3 - URLSearchHook: (no name) - {5CFD49C4-93C4-A06E-D70F-3C6BDE50F460} - ABCXYZ.dll (file missing)
R3 - URLSearchHook: Search - {AFD43526-85C4-4571-AA5E-2005084EC100} - C:\WINDOWS\System32\Q43891859.dll (file missing)
R3 - URLSearchHook: Search - {54723D2C-E940-4450-AF8A-66E447BBD4B3} - C:\WINDOWS\System32\Q43891859.dll (file missing)
R3 - URLSearchHook: Search - {04D9EE07-7132-41C0-AB1F-AB281873D6DB} - C:\WINDOWS\System32\Q43891859.dll (file missing)
R3 - URLSearchHook: Search - {49E23786-1637-453C-B1DF-36A072247328} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {135D0FA6-4642-4F8B-8942-25D573A22AD4} - C:\WINDOWS\System32\gbia.dll
O2 - BHO: (no name) - {2FA472C9-82E1-4D69-A9FD-A334480C1C89} - C:\WINDOWS\System32\msef.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecustom32.dll
O3 - Toolbar: Search - {8B706873-75B7-43A1-9DE8-8B6F67E0E40E} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Search - {AB5E631B-4DDF-4F19-8D92-ED8B2DF02C9B} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Search - {88B73030-BDE4-4334-A730-7AB5303DE883} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Search - {14119FD2-EFFA-4BAF-9B25-321282C18B5D} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Search - {A6BC5C14-FB47-4696-9FF6-6C6E7BF14E1A} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe
O4 - HKLM\..\Run: [cnftips] PrcIdle.exe
O4 - HKLM\..\Run: [PrcIdle] nmdllw.exe
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\Dieter\LOKALE~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WareOut] "C:\Programme\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [WTFCTF] JAguAr.exe
O4 - HKCU\..\Run: [NsCplTray] driver32.exe
O4 - HKCU\..\Run: [vxdman] newbreed.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: T-COM WLAN Manager T-Sinus 154data.lnk = C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Search - {14119FD2-EFFA-4BAF-9B25-321282C18B5D} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Search - {88B73030-BDE4-4334-A730-7AB5303DE883} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Search - {8B706873-75B7-43A1-9DE8-8B6F67E0E40E} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Search - {A6BC5C14-FB47-4696-9FF6-6C6E7BF14E1A} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Search - {AB5E631B-4DDF-4F19-8D92-ED8B2DF02C9B} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: http://*.search-soft.net
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAccess/ex ... pecial.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AD822B2-C0A7-4295-9368-B8AC47287A91}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAC6E640-2D9C-4A7F-A38A-F1B21A24E2FF}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB22AA02-11AD-4859-A506-F86A51B13A1D}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AD822B2-C0A7-4295-9368-B8AC47287A91}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AD822B2-C0A7-4295-9368-B8AC47287A91}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS3\Services\Tcpip\..\{5AD822B2-C0A7-4295-9368-B8AC47287A91}: NameServer = 69.50.176.196,195.225.176.37
O18 - Filter: text/html - {B83A0391-587A-4A5E-BCB7-804466131320} - C:\WINDOWS\System32\gbia.dll
O18 - Filter: text/plain - {B83A0391-587A-4A5E-BCB7-804466131320} - C:\WINDOWS\System32\gbia.dll
O21 - SSODL: Web Event Logger - {7FFBADFF-E102-1332-ACDE-44659325C679} - C:\WINDOWS\System32\Jhbabfdi.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
:?:

von **Nikita** am 19.03.2005, 21:03

Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)

Hijacker about:blank - se.dll\sp.html--> laden und scannen
http://www.trojaner-info.de/anleitungen ... blank.html

•1) lade rem3v.zip
1) lade remv3.zip
http://bilder.informationsarchiv.net/Ni ... /remv3.zip

2) entpacke es im verzeichnis C:\WINDOWS\System32\
(es ist wichtig, dass es in diesem verzeichnis ist!)

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Dieter\LOKALE~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\Dieter\LOKALE~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: Search - {A2E6E2A3-1A49-45ED-AC33-AAA0D7F479C7} - C:\WINDOWS\System32\Q43891859.dll (file missing)
R3 - URLSearchHook: (no name) - {5CFD49C4-93C4-A06E-D70F-3C6BDE50F460} - ABCXYZ.dll (file missing)
R3 - URLSearchHook: Search - {AFD43526-85C4-4571-AA5E-2005084EC100} - C:\WINDOWS\System32\Q43891859.dll (file missing)
R3 - URLSearchHook: Search - {54723D2C-E940-4450-AF8A-66E447BBD4B3} - C:\WINDOWS\System32\Q43891859.dll (file missing)
R3 - URLSearchHook: Search - {04D9EE07-7132-41C0-AB1F-AB281873D6DB} - C:\WINDOWS\System32\Q43891859.dll (file missing)
R3 - URLSearchHook: Search - {49E23786-1637-453C-B1DF-36A072247328} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O2 - BHO: (no name) - {135D0FA6-4642-4F8B-8942-25D573A22AD4} - C:\WINDOWS\System32\gbia.dll
O2 - BHO: (no name) - {2FA472C9-82E1-4D69-A9FD-A334480C1C89} - C:\WINDOWS\System32\msef.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecustom32.dll
O3 - Toolbar: Search - {8B706873-75B7-43A1-9DE8-8B6F67E0E40E} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Search - {AB5E631B-4DDF-4F19-8D92-ED8B2DF02C9B} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Search - {88B73030-BDE4-4334-A730-7AB5303DE883} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Search - {14119FD2-EFFA-4BAF-9B25-321282C18B5D} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Search - {A6BC5C14-FB47-4696-9FF6-6C6E7BF14E1A} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe
O4 - HKLM\..\Run: [cnftips] PrcIdle.exe
O4 - HKLM\..\Run: [PrcIdle] nmdllw.exe
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [WareOut] "C:\Programme\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [WTFCTF] JAguAr.exe
O4 - HKCU\..\Run: [NsCplTray] driver32.exe
O4 - HKCU\..\Run: [vxdman] newbreed.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Search - {14119FD2-EFFA-4BAF-9B25-321282C18B5D} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Search - {88B73030-BDE4-4334-A730-7AB5303DE883} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Search - {8B706873-75B7-43A1-9DE8-8B6F67E0E40E} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Search - {A6BC5C14-FB47-4696-9FF6-6C6E7BF14E1A} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O9 - Extra button: Search - {AB5E631B-4DDF-4F19-8D92-ED8B2DF02C9B} - C:\WINDOWS\System32\Q43891859.dll (file missing)
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: http://*.search-soft.net
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAccess/ex ... pecial.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AD822B2-C0A7-4295-9368-B8AC47287A91}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAC6E640-2D9C-4A7F-A38A-F1B21A24E2FF}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB22AA02-11AD-4859-A506-F86A51B13A1D}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AD822B2-C0A7-4295-9368-B8AC47287A91}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AD822B2-C0A7-4295-9368-B8AC47287A91}: NameServer = 69.50.176.196,195.225.176.37
O17 - HKLM\System\CS3\Services\Tcpip\..\{5AD822B2-C0A7-4295-9368-B8AC47287A91}: NameServer = 69.50.176.196,195.225.176.37
O18 - Filter: text/html - {B83A0391-587A-4A5E-BCB7-804466131320} - C:\WINDOWS\System32\gbia.dll
O18 - Filter: text/plain - {B83A0391-587A-4A5E-BCB7-804466131320} - C:\WINDOWS\System32\gbia.dll

PC neustarten

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\Programme\WareOut\WareOut.exe
C:\Windows\Downloaded Program Files\access_special.ocx
C:\Windows\Downloaded Program Files\loader2.ocx
C:\WINDOWS\System32\Q43891859.dll
C:\WINDOWS\system32\rundll32.vbe
c:\spywarevanisher-free\FreeScanner.exe
C:\WINDOWS\System32\newbreed.exe
C:\WINDOWS\System32\taskopen.exe
C:\WINDOWS\System32\PrcIdle.exe
C:\WINDOWS\System32\JAguAr.exe
C:\WINDOWS\System32\iecustom32.dll
C:\WINDOWS\ABCXYZ.dll
C:\WINDOWS\System32\ABCXYZ.dll
C:\WINDOWS\System32\msef.dll

PC neustarten
3) starte den rechner im abgesicherten modus.
http://www.tu-berlin.de/www/software/vi ... mode.shtml

4) starte die datei rem.bat, scannen lassen.

5) starte den rechner anschließend im normalen modus.
6) unter C:\ sollte nun eine datei namens log.txt zu finden sein.
7) markiere den inhalt und füge ihn hier ein.
Cool erstelle ein aktuelles HijackThis log und poste es mit der log.txt von rem.

Please download DllCompare from here
http://www.atribune.org/downloads/DllCompare.exe
<klick: Locate.com button.
wenn der Scan beendet ist
<klick:Compare button
<klick: und erstelle das Log--->bitte posten

Lade: FindIt.zip-->
http://bilder.informationsarchiv.net/Ni ... FindIt.zip
Lade, entpacke und klicke auf: "find.bat" [ignoriere : File not found messages]
<DOS oeffnet sich -->warte den Scan ab --> es oeffnet sich der Texteditor --> und poste den Text von output.txt.

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->

von **schlitz** am 19.03.2005, 21:14

Ja Danke für die info aber das scheint mir eine Nr. zu hoch für mich zu sein.

von **Nikita** am 19.03.2005, 23:35

wieso ? Mach doch einfach alles...oder formatiere .....

wie bekpmme ich diese spyware runter?

wie bekpmme ich diese spyware runter?

Wer ist online?