Hallo!
Hab einen PC bei dem sich die Internet Explorer Startseite dauernd selbst ändert.
Zudem kommen öfter Mal Popups einfach so hoch. Ist Windows XP.
Hoffe auf Eure Hilfe.
Hier folgen: Hijackthis-Log, CleanUp-Log, SilentRunners-Log und datFind-Log.
Logfile of HijackThis v1.99.1
Scan saved at 01:35:42 PM, on 2006/06/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\NMSENFU5\gast_2005[1].exe
C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
C:\WINDOWS\system32\atmclk.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save page in SuperOffice - res://C:\PROGRA~1\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Program Files\SuperOffice\SoIeExtensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = de.saf-axles.com,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = de.saf-axles.com,
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
CleanUp! started on 06/08/06 14:37:29.
...
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\Index[1].htm - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\MiniNavBar[1].htm - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\NavBar[1].xml - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\searchblurb[1].htm - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\shared[1].css - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\shared[1].js - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\shared[2].css - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\shared[3].css - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\shared[4].css - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\GHUZCLQV\shared[5].css - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\blank[1].htm - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\button_sm[1].gif - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\CAWB6NMT.HTM - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\Common[1].js - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\Common[2].js - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\Context[1].htm - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\coUAprint[1].css - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\firstpage[1].htm - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\Homepage__DESKTOP[1].js - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\Homepage__SHARED[1].js - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\icon_monitor[1].jpg - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\Layout[1].css - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\progbar[1].gif - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\shared[1].css - deleted
C:\Documents and Settings\Graham Williams\locals~1\tempor~1\Content.IE5\S1U7496R\shared[2].css - deleted
C:\Documents and Settings\Graham Williams\Cookies\graham williams@sun[1].txt - deleted
C:\Documents and Settings\Graham Williams\Cookies\index.dat - deleted
C:\Documents and Settings\Graham Williams\Local Settings\History\History.IE5\index.dat - deleted
C:\Documents and Settings\Graham Williams\Local Settings\History\History.IE5\MSHist012005062920050630\index.dat - deleted
C:\Documents and Settings\Graham Williams\Local Settings\History\History.IE5\MSHist012005063020050701\index.dat - deleted
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"notepad.exe" = "msmsgs.exe" [MS]
"notepad2.exe" = "popuper.exe" [file not found]
"wininet.dll" = "regperf.exe" [null data]
"kernel32.dll" = "C:\WINDOWS\system32\atmclk.exe" [null data]
"dcomcfg.exe" = "dcomcfg.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]
"SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray" ["Analog Devices, Inc."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
"eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]
"hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Company"]
"WatchDog" = "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."]
"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"NDPS" = "C:\WINDOWS\system32\dpmw32.exe" ["Novell, Inc."]
"NWTRAY" = "NWTRAY.EXE" ["Novell, Inc."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"DataLayer" = "C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [empty string]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*b" (unwritable string)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{686a161d-5bd1-4999-8832-6393f41e564c}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Nothing"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hp100.tmp" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Wireless Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Wheel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Activities Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Buttons Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{AF8DE18D-9065-4102-BC40-EB294A95BB07}" = "Novell Connections"
-> {HKLM...CLSID} = "Novell Connections"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nwshlxnt.dll" ["Novell, Inc."]
"{04c23aa0-3d34-11d2-b788-008029605ac7}" = "NDPS Shell Extension"
-> {HKLM...CLSID} = "NDPS Shell Extension"
\InProcServer32\(Default) = "ndpsprop.dll" ["Novell, Inc."]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "My Bluetooth Places"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation"]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\NokiaPhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\ContactView.dll" ["Nokia"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{e5b1e382-817e-4b74-8a96-ec78751e6acf}" = "incatenate"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\imfdfcj.dll" [file not found]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "GinaDLL" = "NWGINA.DLL" ["Novell, Inc."]
INFECTION WARNING! "Shell" = "Explorer.exe, msmsgs.exe" [MS], [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! PCANotify\DLLName = "PCANotify.dll" ["Symantec Corporation"]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NetWareMenuItems\(Default) = "{e3bbbfc0-f61f-11cf-bb16-00c04fd371f4}"
-> {HKLM...CLSID} = "Menu Handlers for NetWare Capture"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NetWareMenuItems\(Default) = "{e3bbbfc0-f61f-11cf-bb16-00c04fd371f4}"
-> {HKLM...CLSID} = "Menu Handlers for NetWare Capture"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]
NetWareServerMenu\(Default) = "{9b173360-732b-11ce-aa22-00805f9834b0}"
-> {HKLM...CLSID} = "Shell Extensions for NetWare Trees and Servers"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "BritsW" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
"BTTray" -> shortcut to: "C:\Program Files\Belkin\Bluetooth Software\BTTray.exe" ["Broadcom Corporation"]
"Cisco Systems VPN Client" -> shortcut to: "C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe "-run_only_if_connected" "-auto_initiation"" ["Cisco Systems, Inc."]
"Digimax Viewer 2.1" -> shortcut to: "C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe /s" ["STOIK Imaging (www.stoik.com)"]
"DVD Check" -> shortcut to: "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"HP Image Zone Fast Start" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]
"Service Manager" -> shortcut to: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\netware\NWWS2NDS.DLL" ["Novell, Inc."]
000000000005\LibraryPath = "%SystemRoot%\system32\netware\NWWS2SAP.DLL" ["Novell, Inc."]
000000000006\LibraryPath = "%SystemRoot%\system32\netware\NWWS2SLP.DLL" ["Novell, Inc."]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{CC88D81F-6166-4F46-AC89-B75CD9CEB292}\
"ButtonText" = "SuperOffice"
"CLSIDExtension" = "{76E2006B-AC76-4710-AC10-4ADE018779EB}"
-> {HKLM...CLSID} = "SoCommands Class"
\InProcServer32\(Default) = "C:\Program Files\SuperOffice\SoIeExtensions.dll" ["SuperOffice ASA"]
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Bluetooth Service, btwdins, "C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation"]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Cisco Systems, Inc. VPN Service, CVPND, ""C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"" ["Cisco Systems, Inc."]
HP WMI Interface, hpqwmi, "C:\Program Files\HPQ\SHARED\HPQWMI.exe" ["Hewlett-Packard Development Company, L.P."]
MSSQLSERVER, MSSQLSERVER, "C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER" [MS]
pcAnywhere Host-Modul, awhost32, "C:\Program Files\Symantec\pcAnywhere\awhost32.exe" ["Symantec Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation"]
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"]
hpzlnt10\Driver = "hpzlnt10.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
pcAnywhere Remote Printing\Driver = "awmon.dll" ["Symantec Corporation"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 57 seconds, including 12 seconds for message boxes)
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\WINDOWS\system32
2006/06/08 02:37 PM 5,024 stdole3.tlb
2006/06/08 01:29 PM 11,564 atmclk.exe
2006/06/08 01:09 PM 24 fwlog.txt
2006/06/08 11:45 AM 402,294 perfh009.dat
2006/06/08 11:45 AM 61,804 perfc009.dat
2006/06/08 11:45 AM 469,538 PerfStringBackup.INI
2006/06/08 11:41 AM 6,656 simpole.tlb
2006/06/08 11:41 AM 30,208 hp100.tmp
2006/06/08 11:41 AM 34,317 ld101.tmp
2006/06/08 08:05 AM 4,286 ot.ico
2006/06/08 08:05 AM 4,286 ts.ico
2006/06/08 08:05 AM 51,200 dcomcfg.exe
2006/06/07 03:45 PM 224,024 FNTCACHE.DAT
2006/06/05 08:54 AM 42,509 regperf.exe
2006/06/05 08:05 AM 2,206 wpa.dbl
2006/05/03 09:26 PM 5,818,784 MRT.exe
2006/03/30 11:16 AM 1,492,480 shdocvw.dll
2006/03/30 03:00 AM 16,384 xpsp3res.dll
2006/03/23 10:32 PM 3,053,568 mshtml.dll
2006/03/18 01:09 PM 613,376 urlmon.dll
Volume in drive C has no label.
Volume Serial Number is A459-EF5C
Directory of C:\DOCUME~1\hp\LOCALS~1\Temp
2006/06/08 01:42 PM 81,920 ~DFE5CF.tmp
2006/06/08 01:07 PM 61,440 mss140.tmp
2006/06/08 11:46 AM 81,920 ~DF4479.tmp
2006/06/08 11:41 AM 47,122 DIO134.tmp
2006/06/08 11:41 AM 16,384 ~DFF9FB.tmp
2006/06/08 11:41 AM 16,384 ~DF98D8.tmp
2006/06/08 11:41 AM 533 pcf19.tmp
2006/06/08 11:41 AM 66,189 jusched.log
2006/06/08 09:15 AM 3,962 NBU13F.tmp
2006/06/08 08:07 AM 47,122 DIO133.tmp
2006/06/08 08:06 AM 47,122 DIO132.tmp
2006/06/08 07:58 AM 16,384 ~DF1421.tmp
2006/06/08 07:58 AM 533 pcf18.tmp
2006/06/07 04:43 PM 3,962 NBU147.tmp
2006/06/07 04:29 PM 81,920 ~DF1871.tmp
2006/06/07 04:24 PM 540,672 ~WRF0001.tmp
2006/06/07 03:46 PM 47,122 DIO130.tmp
2006/06/07 03:46 PM 16,384 ~DF93BF.tmp
2006/06/07 03:46 PM 533 pcf17.tmp
2006/06/07 03:41 PM 3,962 NBU267.tmp
2006/06/07 03:39 PM 9,206 Microsoft Office 2003 Setup(0002).txt
2006/06/07 03:39 PM 315,996 Microsoft Office 2003 Setup(0002)_Task(0001).txt
2006/06/07 03:35 PM 1,457 Microsoft Office 2003 Setup(0001).txt
2006/06/07 03:34 PM 435 WksSetup(0002).txt
2006/06/07 03:34 PM 1,170,722 WksSetup(0002)_MsiExec.txt
2006/06/07 03:22 PM 435 WksSetup(0001).txt
2006/06/07 03:22 PM 2,689,290 WksSetup(0001)_MsiExec.txt
2006/06/07 03:14 PM 81,920 ~DF416.tmp
2006/06/07 03:09 PM 81,920 ~DFC14D.tmp
2006/06/07 03:07 PM 47,122 DIO1BC.tmp
2006/06/07 03:07 PM 1,208 PLanguage.ini
2006/06/07 03:07 PM 16,384 ~DFCBAD.tmp
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
Internet Explorer Startseite ändert sich selbst
5 Beiträge • Seite 1 von 1
Internet Explorer Startseite ändert sich selbst
von sniperhardy am 08.06.2006, 14:02
Zuletzt geändert von sniperhardy am 08.06.2006, 15:04, insgesamt 1-mal geändert.
- sniperhardy
- Beiträge: 29
- Registriert: 20.04.2006, 14:33
von Nikita am 08.06.2006, 14:59
du brauchst nicht zu formatieren...das kann man reinigen 
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html
C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\NMSENFU5\gast_2005[1].exe
C:\WINDOWS\system32\msmsgs.exe
poste den bericht
--------------------------------------------------------------------
poste das log vom Silentrunner
http://virus-protect.org/silentrunner.html
--------
Frage:
ist dir das ein Begriff?
Tcpip\Parameters: SearchList = de.saf-axles.com
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html
C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\NMSENFU5\gast_2005[1].exe
C:\WINDOWS\system32\msmsgs.exe
poste den bericht
--------------------------------------------------------------------
poste das log vom Silentrunner
http://virus-protect.org/silentrunner.html
--------
Frage:
ist dir das ein Begriff?
Tcpip\Parameters: SearchList = de.saf-axles.com
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von sniperhardy am 08.06.2006, 15:19
Für die fehlenden Logs habe ich meinen ersten Beitrag editiert.
Zu den Dateien, welche ich prüfen soll. Die msmsgs.exe existiert auf dem kompletten PC nicht.
Und die Gast_2005.exe ist das Programm, mit welchem ich auf dem infizierten PC eingewählt bin. (PCVisit)
Der infizierte PC steht nämlich wo anders.
Danke übrigens für die schnelle Antwort.
Oh....
de.saf-axles.com ist die Windows-Domäne, an die der PC abund zu angemeldet wird.
Sollte auch OK sein.
Zu den Dateien, welche ich prüfen soll. Die msmsgs.exe existiert auf dem kompletten PC nicht.
Und die Gast_2005.exe ist das Programm, mit welchem ich auf dem infizierten PC eingewählt bin. (PCVisit)
Der infizierte PC steht nämlich wo anders.
Danke übrigens für die schnelle Antwort.
Oh....
de.saf-axles.com ist die Windows-Domäne, an die der PC abund zu angemeldet wird.
Sollte auch OK sein.
- sniperhardy
- Beiträge: 29
- Registriert: 20.04.2006, 14:33
von Nikita am 08.06.2006, 15:24
es fehlen zwei Logs von datfindbat !!!
1.Log Verzeichnis von C:\WINDOWS\system32
2.Log Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp
3.Log Verzeichnis von C:\WINDOWS
4.Log Verzeichnis von C:\
--------------------------------------------------------------------------
1.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen
2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:
**
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
**
poste das log vom Avenger
**
smitfraud.fix
http://virus-protect.org/artikel/tools/ ... utfix.html
arbeite das ab (du kannst gleich alles machen , ohne den abgesicherten Modus)
poste mir dann den report
**
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann nach der Reinigung wieder aktivieren)
**
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
PC neustarten
1.Log Verzeichnis von C:\WINDOWS\system32
2.Log Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp
3.Log Verzeichnis von C:\WINDOWS
4.Log Verzeichnis von C:\
--------------------------------------------------------------------------
1.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen
2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:
Files to delete:
C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\simpole.tlb
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\ts.ico
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\msmsgs.exe
C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\System32\helper.exe
C:\Windows\System32\ole32vbs.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url
**
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
**
poste das log vom Avenger
**
smitfraud.fix
http://virus-protect.org/artikel/tools/ ... utfix.html
arbeite das ab (du kannst gleich alles machen , ohne den abgesicherten Modus)
poste mir dann den report
**
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann nach der Reinigung wieder aktivieren)
**
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
PC neustarten
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von sniperhardy am 08.06.2006, 16:32
Hallo!
Super, hab das alles gemacht und es funzt wieder.
Hab jetzt grad noch alle Windows-Updates eingespielt, den Windows-Defender installiert und die Firewall aktiviert.
Vielen Vielen Dank!!
Super, hab das alles gemacht und es funzt wieder.
Hab jetzt grad noch alle Windows-Updates eingespielt, den Windows-Defender installiert und die Firewall aktiviert.
Vielen Vielen Dank!!
- sniperhardy
- Beiträge: 29
- Registriert: 20.04.2006, 14:33
5 Beiträge • Seite 1 von 1
Ähnliche Themen
| Internet problem Forum: Software-Hilfe Autor: noodlez Antworten: |
PC hängt sich beim Runterladen mit flashget auf Forum: Software-Hilfe Autor: Anonymous Antworten: |
Computer geht net selbst aus!! Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Fernsehen über Internet Forum: Off-Topic Hilfe Autor: Anonymous Antworten: |
Amilo A - Sound - Internet-Telefonie (PC<->PC) - Echo Forum: Hardware-Hilfe Autor: chriskmuc Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast