Von: DaBrunoS
An: Nikita
Verfasst am: So Apr 10, 2005 5:30 pm
Titel: Hilfe! Hab mir einen Trojaner eingefangen! Nachricht zitieren
Hallo Nikita,

Wieder einmal wende ich mich hoffnungsvoll an dich!
Ich hab den Ttrojaner TR/StartPage,qr.dll auf meinem PC und bekomm ihn nicht weg! Mein AntiVir schafft das auch nicht! Bitte hilf mir! Ich weiß echt nicht mehr weiter, ahb schon einiges ausprobiert!
Weiter unten findest du das LOG von HiJackThis! Vielen Vielen lieben Dank schon einmal im Voraus!

Freundliche Grüße

D.B.



Logfile of HijackThis v1.99.0
Scan saved at 18:18:40, on 10.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Caere\OmniPagePro90\opware32.exe
C:\Programme\ahead\InCD\InCD.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\lexpps.exe
C:\Programme\InterVideo\WinDVR\WinScheduler.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\familie\LOKALE~1\Temp\Rar$EX00.531\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\familie\LOKALE~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\familie\LOKALE~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {0AF184D1-6073-460A-BB3E-99EBEEC111D0} - C:\WINDOWS\System32\delo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\VIREN-~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [OmniPage] C:\Programme\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Spyware Vanisher] C:\Programme\Viren-Killer\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Programme\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O18 - Filter: text/html - {37E7758B-2D4B-4BAC-A6AC-703A0D3E73DD} - C:\WINDOWS\System32\delo.dll
O18 - Filter: text/plain - {37E7758B-2D4B-4BAC-A6AC-703A0D3E73DD} - C:\WINDOWS\System32\delo.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE

Hallo@DaBrunoS

Hijacker about:blank - se.dll\sp.html
http://www.trojaner-info.de/anleitungen ... blank.html

scanne und poste mitr die log vom scann + das neue log vom HijackTHis

Hallo Nikita,

danke für die schnelle und effektive Hilfe.
Ich sende dir nun das 2. LOG von HiJackThis.
Danke für alles, ist echt super nett von dir.

MfG

D.B.

Logfile of HijackThis v1.99.0
Scan saved at 22:48:06, on 12.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Caere\OmniPagePro90\opware32.exe
C:\Programme\ahead\InCD\InCD.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\InterVideo\WinDVR\WinScheduler.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\familie\LOKALE~1\Temp\Rar$EX00.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\familie\LOKALE~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\VIREN-~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [OmniPage] C:\Programme\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Spyware Vanisher] C:\Programme\Viren-Killer\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Programme\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE

Hallo@DaBrunoS

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\familie\LOKALE~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Spyware Vanisher] C:\Programme\Viren-Killer\FreeScanner.exe -FastScan

pc neustarten

deinstalliere:
Spyware Vanisher

"Spyware remover" of dubious repute, see this list of Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

scanne noch mal mit diesem Tool
Hijacker about:blank - se.dll\sp.html

und poste das neue Log vom HijackThis

Hallo Nikita,

hier nun das LOG vom letzten Scan den ich durchgeführt habe!
Danke für alles! Wenn ich mich auf irgendeine Weise bei dir revangieren kann, dann lass es mich wissen!

MfG

D.B.

Logfile of HijackThis v1.99.0
Scan saved at 14:31:38, on 16.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Caere\OmniPagePro90\opware32.exe
C:\Programme\ahead\InCD\InCD.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\InterVideo\WinDVR\WinScheduler.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Programme\Viren-Killer\Troja2\SpywareGuard\SpywareGuard\sgmain.exe
C:\Programme\Viren-Killer\Troja2\SpywareGuard\SpywareGuard\sgbhp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\familie\LOKALE~1\Temp\Rar$EX00.438\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\familie\LOKALE~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\Viren-Killer\Troja2\SpywareGuard\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\VIREN-~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [OmniPage] C:\Programme\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: SpywareGuard.lnk = C:\Programme\Viren-Killer\Troja2\SpywareGuard\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Programme\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{4863A6EB-7090-44B8-84E7-A29A0CE76675}: NameServer = 195.71.150.69 193.189.244.205
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE

Hallo@DaBrunoS

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\familie\LOKALE~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

neustarten


CCleaner--> loesche alle *temp-Datein
http://www.ccleaner.com/ccdownload.asp



poste noch einmal das Log vom HijackThis

Hi Nikita,

ich hab jetzt alles probiert, was du gesagt hast, aber ich bekomm ihn einfach nicht weg! Der SpySweeper meldet immer wieder, dass die IE Homepage geändert wird und fragt mich ob ich es zulassen will, dann klick ich auf nein und das geht dann unendlich so weiter!
Wie kann das sein? Ich hab auf dem Rechner die Software O&O Software, die dazu dient, gelöschte Dateien wieder herzustellen!
Meinst du der Trojaner generiert sich über die Software? Und der SpyWare Vanisher, den ich - so wie du mir geraten hast - gelöscht hab ist auch noch auf meiner Festplatte!
Und von einigen Prozessen die laufen, hab ich keine Ahnung, wofür die sind?!
Hilf mir doch bitte weiter!
Hier das neueste LOG vom HiJackThis:

Danke, echt vielen lieben Dank!

Viele Grüße


DaBrunoS



Logfile of HijackThis v1.99.0
Scan saved at 22:52:09, on 19.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Caere\OmniPagePro90\opware32.exe
C:\Programme\ahead\InCD\InCD.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\InterVideo\WinDVR\WinScheduler.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Programme\Viren-Killer\Troja2\SpywareGuard\SpywareGuard\sgmain.exe
C:\Programme\Viren-Killer\Troja2\SpywareGuard\SpywareGuard\sgbhp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\familie\LOKALE~1\Temp\Rar$EX00.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\familie\LOKALE~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\Viren-Killer\Troja2\SpywareGuard\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\VIREN-~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [OmniPage] C:\Programme\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: SpywareGuard.lnk = C:\Programme\Viren-Killer\Troja2\SpywareGuard\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Programme\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{4863A6EB-7090-44B8-84E7-A29A0CE76675}: NameServer = 195.71.150.69 193.189.244.205
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\System32\ScsiAccess.EXE

wenn du mit dem Tool scannst--> dann suche das Log vom Scann und poste mir genau das.!!!!!!!!!!!!!!
Hierbei wird auch eine Log-Datei erstellt, welche die Desinfektion protokolliert.


Hijacker about:blank - se.dll\sp.html
http://www.trojaner-info.de/anleitungen ... blank.html

------------------------------------

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/vi ... mode.shtml

und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory

-->und "Scan " klicken.

•Gehe wieder in den Normalmodus:

•mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du "infected" ein

•jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten

Hallo Nikita,

hier nun das LOG, hab immer gedacht, du meinst das vom HiJackThis, Sorry!

(12.4.05 12:43:03) SPSeHjFix started v1.1.2
(12.4.05 12:43:03) OS: WinXP (5.1.2600)
(12.4.05 12:43:03) Language: deutsch
(12.4.05 12:43:03) Win-Path: C:\WINDOWS
(12.4.05 12:43:03) System-Path: C:\WINDOWS\System32
(12.4.05 12:43:03) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(12.4.05 12:43:08) Disinfection started
(12.4.05 12:43:08) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(12.4.05 12:43:08) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\delo.dll
(12.4.05 12:43:08) Searchassistant Uninstaller - Keys Deleted
(12.4.05 12:43:08) UBF: 6 - UBB: 1 - UBR: 16
(12.4.05 12:43:08) FilterKey: HKCR\text/html (deleted)
(12.4.05 12:43:08) FilterKey: HKCR\CLSID\{37E7758B-2D4B-4BAC-A6AC-703A0D3E73DD} (deleted)
(12.4.05 12:43:08) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(12.4.05 12:43:08) FilterKey: HKCR\text/plain (deleted)
(12.4.05 12:43:08) FilterKey: HKCR\CLSID\{37E7758B-2D4B-4BAC-A6AC-703A0D3E73DD} (error while deleting)
(12.4.05 12:43:08) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(12.4.05 12:43:08) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0AF184D1-6073-460A-BB3E-99EBEEC111D0} (deleted)
(12.4.05 12:43:08) BHO-Key: HKCR\CLSID\{0AF184D1-6073-460A-BB3E-99EBEEC111D0} (deleted)
(12.4.05 12:43:08) UBF: 4 - UBB: 0 - UBR: 16
(12.4.05 12:43:08) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(12.4.05 12:43:08) Stealth-String not found
(12.4.05 12:43:08) File added to delete: c:\windows\system32\delo.dll
(12.4.05 12:43:08) Reboot


(12.4.05 12:49:18) SPSeHjFix started v1.1.2
(12.4.05 12:49:18) OS: WinXP (5.1.2600)
(12.4.05 12:49:18) Language: deutsch
(12.4.05 12:49:18) Win-Path: C:\WINDOWS
(12.4.05 12:49:18) System-Path: C:\WINDOWS\System32
(12.4.05 12:49:18) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(12.4.05 12:49:59) Disinfection started
(12.4.05 12:49:59) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(12.4.05 12:49:59) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\delo.dll
(12.4.05 12:49:59) Searchassistant Uninstaller - Keys Deleted
(12.4.05 12:49:59) UBF: 6 - UBB: 1 - UBR: 16
(12.4.05 12:49:59) FilterKey: HKCR\text/html (deleted)
(12.4.05 12:49:59) FilterKey: HKCR\CLSID\{3C2B9D99-BD77-4B48-A3FA-591566167740} (deleted)
(12.4.05 12:49:59) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(12.4.05 12:49:59) FilterKey: HKCR\text/plain (deleted)
(12.4.05 12:49:59) FilterKey: HKCR\CLSID\{3C2B9D99-BD77-4B48-A3FA-591566167740} (error while deleting)
(12.4.05 12:49:59) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(12.4.05 12:49:59) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B01E46F-71D6-40D3-82C4-DCF77067E783} (deleted)
(12.4.05 12:49:59) BHO-Key: HKCR\CLSID\{1B01E46F-71D6-40D3-82C4-DCF77067E783} (deleted)
(12.4.05 12:49:59) UBF: 4 - UBB: 0 - UBR: 16
(12.4.05 12:49:59) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(12.4.05 12:49:59) Stealth-String not found
(12.4.05 12:49:59) File added to delete: c:\windows\system32\delo.dll
(12.4.05 12:49:59) Reboot


(12.4.05 12:51:22) SPSeHjFix started v1.1.2
(12.4.05 12:51:22) OS: WinXP (5.1.2600)
(12.4.05 12:51:22) Language: deutsch
(12.4.05 12:51:22) Win-Path: C:\WINDOWS
(12.4.05 12:51:22) System-Path: C:\WINDOWS\System32
(12.4.05 12:51:22) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\


(17.4.05 16:19:39) SPSeHjFix started v1.1.2
(17.4.05 16:19:39) OS: WinXP (5.1.2600)
(17.4.05 16:19:39) Language: deutsch
(17.4.05 16:19:39) Win-Path: C:\WINDOWS
(17.4.05 16:19:39) System-Path: C:\WINDOWS\System32
(17.4.05 16:19:39) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(17.4.05 16:19:43) Disinfection started
(17.4.05 16:19:43) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:19:43) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:19:43) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:19:43) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:19:43) Stealth-String not found
(17.4.05 16:19:43) No locked Files to delete. End without Reboot
(17.4.05 16:19:56) Disinfection started
(17.4.05 16:19:56) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:19:56) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:19:56) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:19:56) Bad IE-pages: (none)
(17.4.05 16:19:56) Stealth-String not found
(17.4.05 16:19:56) No locked Files to delete. End without Reboot
(17.4.05 16:20:18) Disinfection started
(17.4.05 16:20:18) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:20:18) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:18) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:18) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:20:18) Stealth-String not found
(17.4.05 16:20:18) No locked Files to delete. End without Reboot
(17.4.05 16:20:30) Disinfection started
(17.4.05 16:20:30) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:20:30) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:30) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:30) Bad IE-pages: (none)
(17.4.05 16:20:30) Stealth-String not found
(17.4.05 16:20:30) No locked Files to delete. End without Reboot
(17.4.05 16:20:47) Disinfection started
(17.4.05 16:20:47) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:20:47) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:47) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:47) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:20:47) Stealth-String not found
(17.4.05 16:20:47) No locked Files to delete. End without Reboot
(17.4.05 16:20:47) Disinfection started
(17.4.05 16:20:47) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:20:48) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:48) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:48) Bad IE-pages: (none)
(17.4.05 16:20:48) Stealth-String not found
(17.4.05 16:20:48) No locked Files to delete. End without Reboot
(17.4.05 16:20:48) Disinfection started
(17.4.05 16:20:48) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:20:48) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:48) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:48) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:20:48) Stealth-String not found
(17.4.05 16:20:48) No locked Files to delete. End without Reboot
(17.4.05 16:20:54) Disinfection started
(17.4.05 16:20:54) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:20:54) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:54) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:54) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
(17.4.05 16:20:54) Stealth-String not found
(17.4.05 16:20:54) No locked Files to delete. End without Reboot
(17.4.05 16:20:59) Disinfection started
(17.4.05 16:20:59) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:20:59) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:59) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:20:59) Bad IE-pages: (none)
(17.4.05 16:20:59) Stealth-String not found
(17.4.05 16:20:59) No locked Files to delete. End without Reboot
(17.4.05 16:21:47) Disinfection started
(17.4.05 16:21:47) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:47) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:47) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:47) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:21:47) Stealth-String not found
(17.4.05 16:21:47) No locked Files to delete. End without Reboot
(17.4.05 16:21:48) Disinfection started
(17.4.05 16:21:48) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:48) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:48) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:48) Bad IE-pages: (none)
(17.4.05 16:21:48) Stealth-String not found
(17.4.05 16:21:48) No locked Files to delete. End without Reboot
(17.4.05 16:21:49) Disinfection started
(17.4.05 16:21:49) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:21:50) Stealth-String not found
(17.4.05 16:21:50) No locked Files to delete. End without Reboot
(17.4.05 16:21:50) Disinfection started
(17.4.05 16:21:50) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) Bad IE-pages: (none)
(17.4.05 16:21:50) Stealth-String not found
(17.4.05 16:21:50) No locked Files to delete. End without Reboot
(17.4.05 16:21:50) Disinfection started
(17.4.05 16:21:50) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) Bad IE-pages: (none)
(17.4.05 16:21:50) Stealth-String not found
(17.4.05 16:21:50) No locked Files to delete. End without Reboot
(17.4.05 16:21:50) Disinfection started
(17.4.05 16:21:50) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) Bad IE-pages: (none)
(17.4.05 16:21:50) Stealth-String not found
(17.4.05 16:21:50) No locked Files to delete. End without Reboot
(17.4.05 16:21:50) Disinfection started
(17.4.05 16:21:50) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:50) Bad IE-pages: (none)
(17.4.05 16:21:50) Stealth-String not found
(17.4.05 16:21:50) No locked Files to delete. End without Reboot
(17.4.05 16:21:51) Disinfection started
(17.4.05 16:21:51) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) Bad IE-pages: (none)
(17.4.05 16:21:51) Stealth-String not found
(17.4.05 16:21:51) No locked Files to delete. End without Reboot
(17.4.05 16:21:51) Disinfection started
(17.4.05 16:21:51) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) Bad IE-pages: (none)
(17.4.05 16:21:51) Stealth-String not found
(17.4.05 16:21:51) No locked Files to delete. End without Reboot
(17.4.05 16:21:51) Disinfection started
(17.4.05 16:21:51) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) Bad IE-pages: (none)
(17.4.05 16:21:51) Stealth-String not found
(17.4.05 16:21:51) No locked Files to delete. End without Reboot
(17.4.05 16:21:51) Disinfection started
(17.4.05 16:21:51) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) Bad IE-pages: (none)
(17.4.05 16:21:51) Stealth-String not found
(17.4.05 16:21:51) No locked Files to delete. End without Reboot
(17.4.05 16:21:51) Disinfection started
(17.4.05 16:21:51) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:51) Bad IE-pages: (none)
(17.4.05 16:21:51) Stealth-String not found
(17.4.05 16:21:51) No locked Files to delete. End without Reboot
(17.4.05 16:21:52) Disinfection started
(17.4.05 16:21:52) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) Bad IE-pages: (none)
(17.4.05 16:21:52) Stealth-String not found
(17.4.05 16:21:52) No locked Files to delete. End without Reboot
(17.4.05 16:21:52) Disinfection started
(17.4.05 16:21:52) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) Bad IE-pages: (none)
(17.4.05 16:21:52) Stealth-String not found
(17.4.05 16:21:52) No locked Files to delete. End without Reboot
(17.4.05 16:21:52) Disinfection started
(17.4.05 16:21:52) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) Bad IE-pages: (none)
(17.4.05 16:21:52) Stealth-String not found
(17.4.05 16:21:52) No locked Files to delete. End without Reboot
(17.4.05 16:21:52) Disinfection started
(17.4.05 16:21:52) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) Bad IE-pages: (none)
(17.4.05 16:21:52) Stealth-String not found
(17.4.05 16:21:52) No locked Files to delete. End without Reboot
(17.4.05 16:21:52) Disinfection started
(17.4.05 16:21:52) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:52) Bad IE-pages: (none)
(17.4.05 16:21:52) Stealth-String not found
(17.4.05 16:21:52) No locked Files to delete. End without Reboot
(17.4.05 16:21:53) Disinfection started
(17.4.05 16:21:53) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:21:53) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:53) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:21:53) Bad IE-pages: (none)
(17.4.05 16:21:53) Stealth-String not found
(17.4.05 16:21:53) No locked Files to delete. End without Reboot
(17.4.05 16:25:23) Disinfection started
(17.4.05 16:25:23) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:25:23) UBF: 4 - UBB: 1 - UBR: 14
(17.4.05 16:25:23) UBF: 4 - UBB: 1 - UBR: 14
(17.4.05 16:25:23) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:25:23) Stealth-String not found
(17.4.05 16:25:23) No locked Files to delete. End without Reboot


(17.4.05 16:41:23) SPSeHjFix started v1.1.2
(17.4.05 16:41:23) OS: WinXP (5.1.2600)
(17.4.05 16:41:23) Language: deutsch
(17.4.05 16:41:23) Win-Path: C:\WINDOWS
(17.4.05 16:41:23) System-Path: C:\WINDOWS\System32
(17.4.05 16:41:23) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(17.4.05 16:41:37) Disinfection started
(17.4.05 16:41:38) Bad-Dll(IEP): (not found)
(17.4.05 16:41:38) Bad-Dll(IEP) in BHO: (not found)
(17.4.05 16:41:38) UBF: 4 - UBB: 1 - UBR: 14
(17.4.05 16:41:38) UBF: 4 - UBB: 1 - UBR: 14
(17.4.05 16:41:38) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:41:38) Stealth-String not found
(17.4.05 16:41:38) Not infected->END


(17.4.05 16:54:09) SPSeHjFix started v1.1.2
(17.4.05 16:54:09) OS: WinXP (5.1.2600)
(17.4.05 16:54:09) Language: deutsch
(17.4.05 16:54:09) Win-Path: C:\WINDOWS
(17.4.05 16:54:09) System-Path: C:\WINDOWS\System32
(17.4.05 16:54:09) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(17.4.05 16:54:12) Disinfection started
(17.4.05 16:54:12) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:12) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:12) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:12) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:54:12) Stealth-String not found
(17.4.05 16:54:12) No locked Files to delete. End without Reboot
(17.4.05 16:54:15) Disinfection started
(17.4.05 16:54:15) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:15) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:15) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:15) Bad IE-pages: (none)
(17.4.05 16:54:15) Stealth-String not found
(17.4.05 16:54:15) No locked Files to delete. End without Reboot
(17.4.05 16:54:16) Disinfection started
(17.4.05 16:54:16) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:16) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:16) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:16) Bad IE-pages: (none)
(17.4.05 16:54:16) Stealth-String not found
(17.4.05 16:54:16) No locked Files to delete. End without Reboot
(17.4.05 16:54:16) Disinfection started
(17.4.05 16:54:16) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:16) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:16) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:16) Bad IE-pages: (none)
(17.4.05 16:54:16) Stealth-String not found
(17.4.05 16:54:16) No locked Files to delete. End without Reboot
(17.4.05 16:54:17) Disinfection started
(17.4.05 16:54:17) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:17) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:17) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:17) Bad IE-pages: (none)
(17.4.05 16:54:17) Stealth-String not found
(17.4.05 16:54:17) No locked Files to delete. End without Reboot
(17.4.05 16:54:19) Disinfection started
(17.4.05 16:54:19) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:19) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:19) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:19) Bad IE-pages: (none)
(17.4.05 16:54:19) Stealth-String not found
(17.4.05 16:54:19) No locked Files to delete. End without Reboot
(17.4.05 16:54:20) Disinfection started
(17.4.05 16:54:20) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:20) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:20) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:20) Bad IE-pages: (none)
(17.4.05 16:54:20) Stealth-String not found
(17.4.05 16:54:20) No locked Files to delete. End without Reboot
(17.4.05 16:54:20) Disinfection started
(17.4.05 16:54:20) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:20) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:20) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:20) Bad IE-pages: (none)
(17.4.05 16:54:20) Stealth-String not found
(17.4.05 16:54:20) No locked Files to delete. End without Reboot
(17.4.05 16:54:20) Disinfection started
(17.4.05 16:54:20) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:20) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:20) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:20) Bad IE-pages: (none)
(17.4.05 16:54:20) Stealth-String not found
(17.4.05 16:54:20) No locked Files to delete. End without Reboot
(17.4.05 16:54:20) Disinfection started
(17.4.05 16:54:20) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:20) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:21) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:21) Bad IE-pages: (none)
(17.4.05 16:54:21) Stealth-String not found
(17.4.05 16:54:21) No locked Files to delete. End without Reboot
(17.4.05 16:54:21) Disinfection started
(17.4.05 16:54:21) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:21) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:21) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:21) Bad IE-pages: (none)
(17.4.05 16:54:21) Stealth-String not found
(17.4.05 16:54:21) No locked Files to delete. End without Reboot
(17.4.05 16:54:21) Disinfection started
(17.4.05 16:54:21) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:21) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:21) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:21) Bad IE-pages: (none)
(17.4.05 16:54:21) Stealth-String not found
(17.4.05 16:54:21) No locked Files to delete. End without Reboot
(17.4.05 16:54:22) Disinfection started
(17.4.05 16:54:22) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:22) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:22) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:22) Bad IE-pages: (none)
(17.4.05 16:54:22) Stealth-String not found
(17.4.05 16:54:22) No locked Files to delete. End without Reboot
(17.4.05 16:54:41) Disinfection started
(17.4.05 16:54:41) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:54:41) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:41) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:54:41) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:54:41) Stealth-String not found
(17.4.05 16:54:41) No locked Files to delete. End without Reboot
(17.4.05 16:55:26) Disinfection started
(17.4.05 16:55:26) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(17.4.05 16:55:26) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:55:26) UBF: 4 - UBB: 1 - UBR: 15
(17.4.05 16:55:26) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(17.4.05 16:55:26) Stealth-String not found
(17.4.05 16:55:26) No locked Files to delete. End without Reboot


(18.4.05 00:33:17) SPSeHjFix started v1.1.2
(18.4.05 00:33:17) OS: WinXP (5.1.2600)
(18.4.05 00:33:17) Language: deutsch
(18.4.05 00:33:17) Win-Path: C:\WINDOWS
(18.4.05 00:33:17) System-Path: C:\WINDOWS\System32
(18.4.05 00:33:17) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(18.4.05 00:33:19) Disinfection started
(18.4.05 00:33:19) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:19) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:19) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:19) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(18.4.05 00:33:19) Stealth-String not found
(18.4.05 00:33:19) No locked Files to delete. End without Reboot


(18.4.05 00:33:29) SPSeHjFix started v1.1.2
(18.4.05 00:33:29) OS: WinXP (5.1.2600)
(18.4.05 00:33:29) Language: deutsch
(18.4.05 00:33:29) Win-Path: C:\WINDOWS
(18.4.05 00:33:29) System-Path: C:\WINDOWS\System32
(18.4.05 00:33:29) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(18.4.05 00:33:30) Disinfection started
(18.4.05 00:33:30) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:30) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:30) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:30) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(18.4.05 00:33:30) Stealth-String not found
(18.4.05 00:33:30) No locked Files to delete. End without Reboot
(18.4.05 00:33:31) Disinfection started
(18.4.05 00:33:31) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) Bad IE-pages: (none)
(18.4.05 00:33:31) Stealth-String not found
(18.4.05 00:33:31) No locked Files to delete. End without Reboot
(18.4.05 00:33:31) Disinfection started
(18.4.05 00:33:31) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) Bad IE-pages: (none)
(18.4.05 00:33:31) Stealth-String not found
(18.4.05 00:33:31) No locked Files to delete. End without Reboot
(18.4.05 00:33:31) Disinfection started
(18.4.05 00:33:31) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) Bad IE-pages: (none)
(18.4.05 00:33:31) Stealth-String not found
(18.4.05 00:33:31) No locked Files to delete. End without Reboot
(18.4.05 00:33:31) Disinfection started
(18.4.05 00:33:31) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) Bad IE-pages: (none)
(18.4.05 00:33:31) Stealth-String not found
(18.4.05 00:33:31) No locked Files to delete. End without Reboot
(18.4.05 00:33:31) Disinfection started
(18.4.05 00:33:31) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:31) Bad IE-pages: (none)
(18.4.05 00:33:31) Stealth-String not found
(18.4.05 00:33:31) No locked Files to delete. End without Reboot
(18.4.05 00:33:31) Disinfection started
(18.4.05 00:33:31) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) Bad IE-pages: (none)
(18.4.05 00:33:32) Stealth-String not found
(18.4.05 00:33:32) No locked Files to delete. End without Reboot
(18.4.05 00:33:32) Disinfection started
(18.4.05 00:33:32) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) Bad IE-pages: (none)
(18.4.05 00:33:32) Stealth-String not found
(18.4.05 00:33:32) No locked Files to delete. End without Reboot
(18.4.05 00:33:32) Disinfection started
(18.4.05 00:33:32) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) Bad IE-pages: (none)
(18.4.05 00:33:32) Stealth-String not found
(18.4.05 00:33:32) No locked Files to delete. End without Reboot
(18.4.05 00:33:32) Disinfection started
(18.4.05 00:33:32) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) Bad IE-pages: (none)
(18.4.05 00:33:32) Stealth-String not found
(18.4.05 00:33:32) No locked Files to delete. End without Reboot
(18.4.05 00:33:32) Disinfection started
(18.4.05 00:33:32) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:32) Bad IE-pages: (none)
(18.4.05 00:33:32) Stealth-String not found
(18.4.05 00:33:32) No locked Files to delete. End without Reboot
(18.4.05 00:33:32) Disinfection started
(18.4.05 00:33:32) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:32) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) Bad IE-pages: (none)
(18.4.05 00:33:33) Stealth-String not found
(18.4.05 00:33:33) No locked Files to delete. End without Reboot
(18.4.05 00:33:33) Disinfection started
(18.4.05 00:33:33) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) Bad IE-pages: (none)
(18.4.05 00:33:33) Stealth-String not found
(18.4.05 00:33:33) No locked Files to delete. End without Reboot
(18.4.05 00:33:33) Disinfection started
(18.4.05 00:33:33) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) Bad IE-pages: (none)
(18.4.05 00:33:33) Stealth-String not found
(18.4.05 00:33:33) No locked Files to delete. End without Reboot
(18.4.05 00:33:33) Disinfection started
(18.4.05 00:33:33) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) Bad IE-pages: (none)
(18.4.05 00:33:33) Stealth-String not found
(18.4.05 00:33:33) No locked Files to delete. End without Reboot
(18.4.05 00:33:33) Disinfection started
(18.4.05 00:33:33) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:33) Bad IE-pages: (none)
(18.4.05 00:33:33) Stealth-String not found
(18.4.05 00:33:33) No locked Files to delete. End without Reboot
(18.4.05 00:33:34) Disinfection started
(18.4.05 00:33:34) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:34) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:34) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:34) Bad IE-pages: (none)
(18.4.05 00:33:34) Stealth-String not found
(18.4.05 00:33:34) No locked Files to delete. End without Reboot
(18.4.05 00:33:34) Disinfection started
(18.4.05 00:33:34) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:34) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:34) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:34) Bad IE-pages: (none)
(18.4.05 00:33:34) Stealth-String not found
(18.4.05 00:33:34) No locked Files to delete. End without Reboot
(18.4.05 00:33:34) Disinfection started
(18.4.05 00:33:34) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(18.4.05 00:33:34) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:34) UBF: 4 - UBB: 1 - UBR: 15
(18.4.05 00:33:34) Bad IE-pages: (none)
(18.4.05 00:33:34) Stealth-String not found
(18.4.05 00:33:34) No locked Files to delete. End without Reboot


(18.4.05 00:39:01) SPSeHjFix started v1.1.2
(18.4.05 00:39:01) OS: WinXP (5.1.2600)
(18.4.05 00:39:01) Language: deutsch
(18.4.05 00:39:01) Win-Path: C:\WINDOWS
(18.4.05 00:39:01) System-Path: C:\WINDOWS\System32
(18.4.05 00:39:01) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(18.4.05 00:39:02) Disinfection started
(18.4.05 00:39:02) Bad-Dll(IEP): (not found)
(18.4.05 00:39:02) Bad-Dll(IEP) in BHO: (not found)
(18.4.05 00:39:02) UBF: 4 - UBB: 1 - UBR: 14
(18.4.05 00:39:02) UBF: 4 - UBB: 1 - UBR: 14
(18.4.05 00:39:02) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(18.4.05 00:39:02) Stealth-String not found
(18.4.05 00:39:02) Not infected->END


(20.4.05 20:52:47) SPSeHjFix started v1.1.2
(20.4.05 20:52:47) OS: WinXP (5.1.2600)
(20.4.05 20:52:47) Language: deutsch
(20.4.05 20:52:47) Win-Path: C:\WINDOWS
(20.4.05 20:52:47) System-Path: C:\WINDOWS\System32
(20.4.05 20:52:47) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(20.4.05 20:52:49) Disinfection started
(20.4.05 20:52:49) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(20.4.05 20:52:49) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:52:49) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:52:49) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(20.4.05 20:52:49) Stealth-String not found
(20.4.05 20:52:49) No locked Files to delete. End without Reboot
(20.4.05 20:52:51) Disinfection started
(20.4.05 20:52:51) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(20.4.05 20:52:51) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:52:51) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:52:51) Bad IE-pages: (none)
(20.4.05 20:52:51) Stealth-String not found
(20.4.05 20:52:51) No locked Files to delete. End without Reboot
(20.4.05 20:53:02) Disinfection started
(20.4.05 20:53:02) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(20.4.05 20:53:02) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:02) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:02) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\dokume~1\familie\lokale~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(20.4.05 20:53:02) Stealth-String not found
(20.4.05 20:53:02) No locked Files to delete. End without Reboot
(20.4.05 20:53:03) Disinfection started
(20.4.05 20:53:03) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(20.4.05 20:53:03) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:03) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:03) Bad IE-pages: (none)
(20.4.05 20:53:03) Stealth-String not found
(20.4.05 20:53:03) No locked Files to delete. End without Reboot
(20.4.05 20:53:03) Disinfection started
(20.4.05 20:53:03) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(20.4.05 20:53:03) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:03) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:03) Bad IE-pages: (none)
(20.4.05 20:53:03) Stealth-String not found
(20.4.05 20:53:03) No locked Files to delete. End without Reboot
(20.4.05 20:53:03) Disinfection started
(20.4.05 20:53:03) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(20.4.05 20:53:03) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:03) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:03) Bad IE-pages: (none)
(20.4.05 20:53:03) Stealth-String not found
(20.4.05 20:53:03) No locked Files to delete. End without Reboot
(20.4.05 20:53:03) Disinfection started
(20.4.05 20:53:03) Bad-Dll(IEP): c:\dokume~1\familie\lokale~1\temp\se.dll
(20.4.05 20:53:03) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:03) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:03) Bad IE-pages: (none)
(20.4.05 20:53:03) Stealth-String not found
(20.4.05 20:53:03) No locked Files to delete. End without Reboot


(20.4.05 20:53:08) SPSeHjFix started v1.1.2
(20.4.05 20:53:08) OS: WinXP (5.1.2600)
(20.4.05 20:53:08) Language: deutsch
(20.4.05 20:53:08) Win-Path: C:\WINDOWS
(20.4.05 20:53:08) System-Path: C:\WINDOWS\System32
(20.4.05 20:53:08) Temp-Path: C:\DOKUME~1\familie\LOKALE~1\Temp\
(20.4.05 20:53:10) Disinfection started
(20.4.05 20:53:10) Bad-Dll(IEP): (not found)
(20.4.05 20:53:10) Bad-Dll(IEP) in BHO: (not found)
(20.4.05 20:53:10) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:10) UBF: 4 - UBB: 1 - UBR: 14
(20.4.05 20:53:10) Bad IE-pages: (none)
(20.4.05 20:53:10) Stealth-String not found
(20.4.05 20:53:10) Not infected->END

Hallo Nikita,

hab das LOG vom e-Scan vergessen!

Wed Apr 20 21:34:40 2005 => System found infected with morpheus Spyware/Adware! Action taken: No Action Taken.
Wed Apr 20 21:34:40 2005 => File System Found infected by "morpheus Spyware/Adware" Virus. Action Taken: No Action Taken.
Wed Apr 20 21:58:57 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Wed Apr 20 21:58:57 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\SE.DLL.001
Wed Apr 20 21:59:00 2005 => File C:\Programme\AVPersonal\INFECTED\SE.DLL.001 infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.
Wed Apr 20 21:59:00 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\SE.DLL.VIR
Wed Apr 20 21:59:02 2005 => File C:\Programme\AVPersonal\INFECTED\SE.DLL.VIR infected by "Trojan.Win32.StartPage.uz" Virus. Action Taken: No Action Taken.

Danke und bis zum nächsten Mal.

MfG

D.B.

sehr eigenartig, denn das Tool loescht normalerweise diesen Hijacker.

Poste bitte das neue Log vom HijackTHis.

(scanne aber vorher noch einmal alle Benutzerkonten, die existieren)

das ist leider nicht der Fall, dafür müsste ich das Tool kaufen! Bekomme immer eine Nachricht: "Buy e-Scan" oder so ähnlich!

DaBrunoS

ich spreche doch nicht vom escan, sondern von dem Tool, was eigens fuer den se.dll entwickelt wurde.

Poste bitte das neue Log vom HijackTHis.

Hijacker about:blank - se.dll\sp.html
http://www.trojaner-info.de/anleitungen ... blank.html

(scanne aber vorher noch einmal alle Benutzerkonten, die existieren)--> und scanne auch im abgesicherten Modus)

Hi Nikita,

Achso, na gut, aber ich hab den Fehler gefunden: es liegt an der Einstellung im SpySweeper! Unter den IE-HiJack-Schutzschild Einstellungen war die res://C:\DOKUME~1\familie\LOKALE~1\Temp\se.dll/spage.html gespeichert und dann hat er die immer wider generieren wollen, als Homepage.

Also vielen vielen Dank noch mal für alles!

Mit freundlichen Grüßen

D.B.