Hallo Nikita oder wer mir sonst helfen kann,
habe heute genau diesen Trojaner eingefangen. Mein Antivirprogramm konnte zwar ihn angeblich löschen, aber wie ich gelesen habe, ist er nicht so leicht zu entfernen. Außerdem kamen noch paar Meldungen (Worm und Virusbestanteile). Davor bekam ich nie Meldungen. Ich habe jetzt diesen Log gemacht. Bitte schaut euch das an, ich hoffe, alles ist sauber. Onlinevirenscanner, konnte auch nichts Verdächtiges finden.
DAAAAAAAAAAANKESCHÖN!!!!!!!!
Logfile of HijackThis v1.99.1
Scan saved at 21:30:42, on 24.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Programme\Opera75\opera.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\webHancer\programs\whAgent.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\F\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet3_88.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6DE2DFD-7BCD-437F-AFB4-7CCCD3595D16}: NameServer = 217.237.151.161 217.237.151.33
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Gruß
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
Trojanisches Pferd TR/Dldr.QDown.L
von Nikita am 24.02.2005, 23:14
Hallo@Utopie
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet3_88.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
PC neustarten
#LSPfix.exe
http://www.spychecker.com/program/lspfix.html
http://www10.brinkster.com/expl0iter/fr ... L2M/ts.htm
<"I know what I'm doing" --> anklicken
bringe die
newdotnet3_88.dll
whiehlpr.dll
von der linken auf die rechte Seite und loesche sie.
Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software"
webHancer
NewDotNet
eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen
-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann
+ das neue Log vom HijackThis
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet3_88.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
PC neustarten
#LSPfix.exe
http://www.spychecker.com/program/lspfix.html
http://www10.brinkster.com/expl0iter/fr ... L2M/ts.htm
<"I know what I'm doing" --> anklicken
bringe die
newdotnet3_88.dll
whiehlpr.dll
von der linken auf die rechte Seite und loesche sie.
Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software"
webHancer
NewDotNet
eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen
-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann
+ das neue Log vom HijackThis
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Utopie am 26.02.2005, 18:05
Hallo Nikita,
mit e'scan konnte ich nicht fertigscannen. Ist nach ung. 600 files stehen geblieben.
Sat Feb 26 15:12:25 2005 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Sat Feb 26 15:12:25 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Feb 26 15:12:25 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sat Feb 26 16:18:13 2005 => Please Wait Exiting Application...
Sat Feb 26 16:18:13 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sat Feb 26 16:18:14 2005 => Total Files Scanned: 577
Sat Feb 26 16:18:14 2005 => Total Virus(es) Found: 0
Sat Feb 26 16:18:14 2005 => Total Disinfected Files: 0
Sat Feb 26 16:18:14 2005 => Total Files Renamed: 0
Sat Feb 26 16:18:15 2005 => Total Deleted Files: 0
Sat Feb 26 16:18:15 2005 => Total Errors: 2
Sat Feb 26 16:18:15 2005 => Time Elapsed: 01:06:21
Sat Feb 26 16:18:15 2005 => ***** Scanning complete. *****
Sat Feb 26 16:18:15 2005 => Virus Database Date: 2005/02/23
Sat Feb 26 16:18:15 2005 => Virus Database Count: 119195
Sat Feb 26 16:18:15 2005 => Scan Completed.
----Nach ung. einer Stunde habe ich gestoppt. Brauchst Du das ganze Log, ist ja ziemlich lang?
----"kavupd.exe, die klickst du an--> (Update- in DOS) ausführen"---konnte ich auch nicht machen, da ich dieses Programm nicht finden konnte.
Von dem Ad-aware SE Personal 1.05 Updated soll ich etwa das ganze Log reinposten?? hier ist ein kleiner Teil
.
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:10.640
Objects scanned:109667
Objects identified:63
Objects ignored:0
New critical objects:63
und
hijack
Logfile of HijackThis v1.99.1
Scan saved at 17:02:19, on 26.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programme\Opera75\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\F\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6DE2DFD-7BCD-437F-AFB4-7CCCD3595D16}: NameServer = 217.237.151.161 217.237.151.33
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Was soll ich noch tun?
Gruß
mit e'scan konnte ich nicht fertigscannen. Ist nach ung. 600 files stehen geblieben.
Sat Feb 26 15:12:25 2005 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Sat Feb 26 15:12:25 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Feb 26 15:12:25 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sat Feb 26 16:18:13 2005 => Please Wait Exiting Application...
Sat Feb 26 16:18:13 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sat Feb 26 16:18:14 2005 => Total Files Scanned: 577
Sat Feb 26 16:18:14 2005 => Total Virus(es) Found: 0
Sat Feb 26 16:18:14 2005 => Total Disinfected Files: 0
Sat Feb 26 16:18:14 2005 => Total Files Renamed: 0
Sat Feb 26 16:18:15 2005 => Total Deleted Files: 0
Sat Feb 26 16:18:15 2005 => Total Errors: 2
Sat Feb 26 16:18:15 2005 => Time Elapsed: 01:06:21
Sat Feb 26 16:18:15 2005 => ***** Scanning complete. *****
Sat Feb 26 16:18:15 2005 => Virus Database Date: 2005/02/23
Sat Feb 26 16:18:15 2005 => Virus Database Count: 119195
Sat Feb 26 16:18:15 2005 => Scan Completed.
----Nach ung. einer Stunde habe ich gestoppt. Brauchst Du das ganze Log, ist ja ziemlich lang?
----"kavupd.exe, die klickst du an--> (Update- in DOS) ausführen"---konnte ich auch nicht machen, da ich dieses Programm nicht finden konnte.
Von dem Ad-aware SE Personal 1.05 Updated soll ich etwa das ganze Log reinposten?? hier ist ein kleiner Teil
.
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:10.640
Objects scanned:109667
Objects identified:63
Objects ignored:0
New critical objects:63
und
hijack
Logfile of HijackThis v1.99.1
Scan saved at 17:02:19, on 26.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programme\Opera75\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\F\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6DE2DFD-7BCD-437F-AFB4-7CCCD3595D16}: NameServer = 217.237.151.161 217.237.151.33
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Was soll ich noch tun?
Gruß
- Utopie
- Beiträge: 4
- Registriert: 24.02.2005, 21:44
von Nikita am 27.02.2005, 16:05
Hallo@
Start<Ausfuehren reinschreiben: %temp%
dort findest du die: "kavupd.exe, die klickst du an--> (Update- in DOS) ausführen" (hatte ich alles erklaert...oder nicht ? )
nach dem Scann:
View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
und das komplette Log vom AdAware, bitte posten
Start<Ausfuehren reinschreiben: %temp%
dort findest du die: "kavupd.exe, die klickst du an--> (Update- in DOS) ausführen" (hatte ich alles erklaert...oder nicht ? )
nach dem Scann:
View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
und das komplette Log vom AdAware, bitte posten
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Utopie am 27.02.2005, 22:32
Hallo Nikita,
das mit Ausführen hab ich jetzt hingekriegt. E'scan scannt trotzdem nicht. Bleibt an der gleichen Stelle stehen und macht nix mehr.
Hier nochmal Ende des Logs:
------->das sind die Fehlermeldungen:
Sun Feb 27 20:40:16 2005 => ***** Scanning C:\Dokumente und Einstellungen\F\Startmenu\Programme\Autostart Folder *****
Sun Feb 27 20:40:17 2005 => Scanning Folder: C:\Dokumente und Einstellungen\F\Startmenu\Programme\Autostart\*.*
Sun Feb 27 20:40:17 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\F\Startmenu\Programme\Autostart\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
Sun Feb 27 20:40:17 2005 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart Folder *****
Sun Feb 27 20:40:17 2005 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart\*.*
Sun Feb 27 20:40:17 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
------>das ist die Stelle, wo immer gestoppt wird:
Sun Feb 27 20:40:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Feb 27 20:40:17 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sun Feb 27 20:48:38 2005 => Please Wait Exiting Application...
Sun Feb 27 20:48:38 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sun Feb 27 20:48:39 2005 => Total Files Scanned: 674
Sun Feb 27 20:48:39 2005 => Total Virus(es) Found: 0
Sun Feb 27 20:48:39 2005 => Total Disinfected Files: 0
Sun Feb 27 20:48:39 2005 => Total Files Renamed: 0
Sun Feb 27 20:48:40 2005 => Total Deleted Files: 0
Sun Feb 27 20:48:40 2005 => Total Errors: 2
Sun Feb 27 20:48:40 2005 => Time Elapsed: 00:09:00
Sun Feb 27 20:48:40 2005 => ***** Scanning complete. *****
Sun Feb 27 20:48:40 2005 => Virus Database Date: 2005/02/23
Sun Feb 27 20:48:40 2005 => Virus Database Count: 119195
Sun Feb 27 20:48:40 2005 => Scan Completed.
Log Ad-Aware:
Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 27. Februar 2005 20:55:03
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):28 total references
Tracking Cookie(TAC index:3):32 total references
WebHancer(TAC index:9):28 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
27.02.2005 20:55:03 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\F\recent
Description : list of recently opened documents
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 528
ThreadCreationTime : 27.02.2005 12:09:30
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 27.02.2005 12:09:31
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung fur Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1008
ThreadCreationTime : 27.02.2005 12:09:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1052
ThreadCreationTime : 27.02.2005 12:09:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 27.02.2005 12:09:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1424
ThreadCreationTime : 27.02.2005 12:09:34
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1520
ThreadCreationTime : 27.02.2005 12:09:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_04\bin\
ProcessID : 1660
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
#:14 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1672
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausfuhren
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE
#:15 [zlclient.exe]
FilePath : C:\PROGRA~1\ZONELA~1\ZONEAL~1\
ProcessID : 1724
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
FileVersion : 4.5.594.000
ProductVersion : 4.5.594.000
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2003, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:16 [icqlite.exe]
FilePath : C:\Programme\ICQLite\
ProcessID : 1732
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
FileVersion : 20, 32, 2315, 0
ProductVersion : 20, 32, 2315, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe
#:17 [radio.exe]
FilePath : C:\Programme\radio\
ProcessID : 1744
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
#:18 [avgnt.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1752
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
#:19 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 1760
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:20 [avguard.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 996
ThreadCreationTime : 27.02.2005 12:10:41
BasePriority : Normal
#:21 [avwupsrv.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1036
ThreadCreationTime : 27.02.2005 12:10:41
BasePriority : Normal
#:22 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 27.02.2005 12:10:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:23 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1356
ThreadCreationTime : 27.02.2005 12:10:43
BasePriority : Normal
FileVersion : 4.5.594.000
ProductVersion : 4.5.594.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2003, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1652
ThreadCreationTime : 27.02.2005 12:11:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:25 [acrord32.exe]
FilePath : C:\Programme\Adobe\Acrobat 6.0\Reader\
ProcessID : 576
ThreadCreationTime : 27.02.2005 16:09:10
BasePriority : Normal
FileVersion : 6.0.1.2003110300
ProductVersion : 6.0.1.2003110300
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 6.0
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe
#:26 [opera.exe]
FilePath : C:\Programme\Opera75\
ProcessID : 3448
ThreadCreationTime : 27.02.2005 19:14:36
BasePriority : Normal
FileVersion : 3798
ProductVersion : 7.51
ProductName : Opera Internet Browser
CompanyName : Opera Software
FileDescription : Opera Internet Browser
InternalName : Opera
LegalCopyright : Copyright © Opera Software 1995-2004
OriginalFilename : Opera.exe
#:27 [mwavscan.com]
FilePath : C:\DOKUME~1\F\LOKALE~1\Temp\
ProcessID : 2132
ThreadCreationTime : 27.02.2005 19:30:35
BasePriority : Normal
FileVersion : 4, 0, 0, 1
ProductVersion : 4, 0, 0, 1
ProductName : MWAV
CompanyName : MicroWorld Technologies Inc.
FileDescription : eScan Toolkit Utility
InternalName : mwavscan
LegalCopyright : Copyright © 2003-2004 MicroWorld Technologies Inc.
OriginalFilename : mwavscan.exe
#:28 [kavss.exe]
FilePath : C:\DOKUME~1\F\LOKALE~1\Temp\
ProcessID : 1804
ThreadCreationTime : 27.02.2005 19:30:39
BasePriority : Normal
FileVersion : 4.0.2.10
ProductVersion : 4.0.2.10
ProductName : Kaspersky Anti-Virus Scanner Server
CompanyName : Kaspersky Lab.
FileDescription : Kaspersky Anti-Virus Single Scanner
InternalName : kavss.exe
LegalCopyright : Copyright (C) 1999-2002 Kaspersky Lab.
LegalTrademarks : Kaspersky is a registered trademark of Kaspersky Lab.
OriginalFilename : kavss.exe
Comments : Dmitry A. Ryabov [ryabov@kaspersky.com]
#:29 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3192
ThreadCreationTime : 27.02.2005 19:44:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE
#:30 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1792
ThreadCreationTime : 27.02.2005 19:48:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE
#:31 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3392
ThreadCreationTime : 27.02.2005 19:54:50
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WebHancer Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
Value :
WebHancer Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
WebHancer Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\webhancer
WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\webhancer
Value :
WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\webhancer
Value : BaseDir
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 34
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:f@servedby.advertising.com/
Expires : 27.03.2005 19:58:48
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad12.bannerbank[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@ad12.bannerbank.ru/
Expires : 28.03.2005 15:44:56
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@cgi-bin[3].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@imrworldwide.com/cgi-bin
Expires : 19.01.2009
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad.bannerbank[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@ad.bannerbank.ru/
Expires : 26.03.2005 14:40:14
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad1.bannerbank[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@ad1.bannerbank.ru/
Expires : 29.03.2005 19:59:40
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@server.iad.liveperson[2].txt
Category : Data Miner
Comment : Hits:27
Value : Cookie:f@server.iad.liveperson.net/
Expires : 16.02.2006 14:28:24
LastSync : Hits:27
UseCount : 0
Hits : 27
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@mediaplex[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@mediaplex.com/
Expires : 22.06.2009 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ads.adserver[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:f@ads.adserver.ru/
Expires : 01.01.2021 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@spylog[1].txt
Category : Data Miner
Comment : Hits:447
Value : Cookie:f@spylog.com/
Expires : 26.08.2005 18:57:02
LastSync : Hits:447
UseCount : 0
Hits : 447
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@2o7[2].txt
Category : Data Miner
Comment : Hits:59
Value : Cookie:f@2o7.net/
Expires : 25.02.2010 12:44:02
LastSync : Hits:59
UseCount : 0
Hits : 59
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@counter2.hitslink[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:f@counter2.hitslink.com/
Expires : 18.01.2038 06:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@z1.adserver.com/
Expires : 18.02.2006 16:11:34
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@hotlog[2].txt
Category : Data Miner
Comment : Hits:36
Value : Cookie:f@hotlog.ru/
Expires : 24.02.2006 19:37:14
LastSync : Hits:36
UseCount : 0
Hits : 36
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@stat.stars.ru/cgi-bin
Expires : 10.11.2030 00:59:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad7.bannerbank[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@ad7.bannerbank.ru/
Expires : 21.03.2005 18:06:20
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@fastclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:f@fastclick.net/
Expires : 15.02.2007 19:30:02
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@overture[2].txt
Category : Data Miner
Comment : Hits:59
Value : Cookie:f@overture.com/
Expires : 25.02.2015 17:49:48
LastSync : Hits:59
UseCount : 0
Hits : 59
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@hitbox[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:f@hitbox.com/
Expires : 21.02.2006 11:48:30
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@phg.hitbox[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:f@phg.hitbox.com/
Expires : 21.02.2006 11:48:30
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@as1.falkag[2].txt
Category : Data Miner
Comment : Hits:629
Value : Cookie:f@as1.falkag.de/
Expires : 28.03.2005 16:06:58
LastSync : Hits:629
UseCount : 0
Hits : 629
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@atdmt[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:f@atdmt.com/
Expires : 20.02.2010 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@advertising[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:f@advertising.com/
Expires : 20.02.2010 11:34:48
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@doubleclick[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:f@doubleclick.net/
Expires : 21.02.2008 11:43:52
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad3.bannerbank[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:f@ad3.bannerbank.ru/
Expires : 23.03.2005 16:10:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@partners.webmasterplan[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@partners.webmasterplan.com/
Expires : 07.03.2005
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@edge.ru4[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@edge.ru4.com/
Expires : 11.03.2073 14:48:54
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@statcounter.com/
Expires : 15.02.2010 17:14:48
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad6.bannerbank[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@ad6.bannerbank.ru/
Expires : 21.03.2005 01:13:24
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad2.bannerbank[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:f@ad2.bannerbank.ru/
Expires : 23.03.2005 18:01:30
LastSync : Hits:17
UseCount : 0
Hits : 17
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@www.xfiles.ru/cgi-bin/
Expires : 01.01.2100 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad4.bannerbank[2].txt
Category : Data Miner
Comment : Hits:45
Value : Cookie:f@ad4.bannerbank.ru/
Expires : 29.03.2005 19:41:06
LastSync : Hits:45
UseCount : 0
Hits : 45
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@adrevolver[2].txt
Category : Data Miner
Comment : Hits:42
Value : Cookie:f@mbe.ru/adrevolver/
Expires : 23.02.2006 17:29:14
LastSync : Hits:42
UseCount : 0
Hits : 42
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 32
Objects found so far: 66
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WebHancer Object Recognized!
Type : File
Data : backup-20050225-225614-905.dll
Category : Data Miner
Comment :
Object : C:\Dokumente und Einstellungen\F\Lokale Einstellungen\Temp\backups\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll
WebHancer Object Recognized!
Type : File
Data : whSurvey.exe
Category : Data Miner
Comment :
Object : C:\Program Files\webHancer\Programs\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whSurvey.exe
WebHancer Object Recognized!
Type : File
Data : Webhdll.dll
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll
WebHancer Object Recognized!
Type : File
Data : WhAgent.exe
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whAgent.exe
WebHancer Object Recognized!
Type : File
Data : whiehlpr.dll
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll
WebHancer Object Recognized!
Type : File
Data : whInstaller.exe
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whInstaller.exe
WebHancer Object Recognized!
Type : File
Data : WhSurvey.exe
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whSurvey.exe
WebHancer Object Recognized!
Type : File
Data : A0007672.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{DB91113E-DE9C-4FEA-B07B-40AFA92837D8}\RP38\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whAgent.exe
WebHancer Object Recognized!
Type : File
Data : A0007674.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{DB91113E-DE9C-4FEA-B07B-40AFA92837D8}\RP38\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll
WebHancer Object Recognized!
Type : File
Data : A0007679.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{DB91113E-DE9C-4FEA-B07B-40AFA92837D8}\RP38\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll
WebHancer Object Recognized!
Type : File
Data : A0007686.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{DB91113E-DE9C-4FEA-B07B-40AFA92837D8}\RP38\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll
WebHancer Object Recognized!
Type : File
Data : whInstaller.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whInstaller.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 78
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 78
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 78
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WebHancer Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Programme\whInstall
WebHancer Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\program files\webHancer
WebHancer Object Recognized!
Type : File
Data : license.txt
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : readme.txt
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : Sporder.dll
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
FileVersion : 4.00
ProductVersion : 4.00
ProductName : Microsoft(R) Windows NT(TM) Operating System
CompanyName : Microsoft Corporation
FileDescription : WinSock2 reorder service providers
InternalName : sporder.dll
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1996
OriginalFilename : sporder.dll
WebHancer Object Recognized!
Type : File
Data : whAgent.inf
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : whAgent.ini
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : whInstaller.ini
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : whAgent.inf
Category : Data Miner
Comment :
Object : C:\WINDOWS\
WebHancer Object Recognized!
Type : File
Data : whInstaller.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 88
21:07:13 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:09.797
Objects scanned:112702
Objects identified:60
Objects ignored:0
New critical objects:60
Gruß
das mit Ausführen hab ich jetzt hingekriegt. E'scan scannt trotzdem nicht. Bleibt an der gleichen Stelle stehen und macht nix mehr.
Hier nochmal Ende des Logs:
------->das sind die Fehlermeldungen:
Sun Feb 27 20:40:16 2005 => ***** Scanning C:\Dokumente und Einstellungen\F\Startmenu\Programme\Autostart Folder *****
Sun Feb 27 20:40:17 2005 => Scanning Folder: C:\Dokumente und Einstellungen\F\Startmenu\Programme\Autostart\*.*
Sun Feb 27 20:40:17 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\F\Startmenu\Programme\Autostart\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
Sun Feb 27 20:40:17 2005 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart Folder *****
Sun Feb 27 20:40:17 2005 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart\*.*
Sun Feb 27 20:40:17 2005 => ERROR!!! FindFirstFile For C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart\*.* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
------>das ist die Stelle, wo immer gestoppt wird:
Sun Feb 27 20:40:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Feb 27 20:40:17 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sun Feb 27 20:48:38 2005 => Please Wait Exiting Application...
Sun Feb 27 20:48:38 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sun Feb 27 20:48:39 2005 => Total Files Scanned: 674
Sun Feb 27 20:48:39 2005 => Total Virus(es) Found: 0
Sun Feb 27 20:48:39 2005 => Total Disinfected Files: 0
Sun Feb 27 20:48:39 2005 => Total Files Renamed: 0
Sun Feb 27 20:48:40 2005 => Total Deleted Files: 0
Sun Feb 27 20:48:40 2005 => Total Errors: 2
Sun Feb 27 20:48:40 2005 => Time Elapsed: 00:09:00
Sun Feb 27 20:48:40 2005 => ***** Scanning complete. *****
Sun Feb 27 20:48:40 2005 => Virus Database Date: 2005/02/23
Sun Feb 27 20:48:40 2005 => Virus Database Count: 119195
Sun Feb 27 20:48:40 2005 => Scan Completed.
Log Ad-Aware:
Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 27. Februar 2005 20:55:03
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):28 total references
Tracking Cookie(TAC index:3):32 total references
WebHancer(TAC index:9):28 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
27.02.2005 20:55:03 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-220523388-1993962763-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\F\recent
Description : list of recently opened documents
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 528
ThreadCreationTime : 27.02.2005 12:09:30
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 27.02.2005 12:09:31
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung fur Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 27.02.2005 12:09:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1008
ThreadCreationTime : 27.02.2005 12:09:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1052
ThreadCreationTime : 27.02.2005 12:09:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 27.02.2005 12:09:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1424
ThreadCreationTime : 27.02.2005 12:09:34
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1520
ThreadCreationTime : 27.02.2005 12:09:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_04\bin\
ProcessID : 1660
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
#:14 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1672
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausfuhren
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE
#:15 [zlclient.exe]
FilePath : C:\PROGRA~1\ZONELA~1\ZONEAL~1\
ProcessID : 1724
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
FileVersion : 4.5.594.000
ProductVersion : 4.5.594.000
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2003, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:16 [icqlite.exe]
FilePath : C:\Programme\ICQLite\
ProcessID : 1732
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
FileVersion : 20, 32, 2315, 0
ProductVersion : 20, 32, 2315, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe
#:17 [radio.exe]
FilePath : C:\Programme\radio\
ProcessID : 1744
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
#:18 [avgnt.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1752
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
#:19 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 1760
ThreadCreationTime : 27.02.2005 12:09:36
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:20 [avguard.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 996
ThreadCreationTime : 27.02.2005 12:10:41
BasePriority : Normal
#:21 [avwupsrv.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1036
ThreadCreationTime : 27.02.2005 12:10:41
BasePriority : Normal
#:22 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 27.02.2005 12:10:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:23 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1356
ThreadCreationTime : 27.02.2005 12:10:43
BasePriority : Normal
FileVersion : 4.5.594.000
ProductVersion : 4.5.594.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2003, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1652
ThreadCreationTime : 27.02.2005 12:11:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:25 [acrord32.exe]
FilePath : C:\Programme\Adobe\Acrobat 6.0\Reader\
ProcessID : 576
ThreadCreationTime : 27.02.2005 16:09:10
BasePriority : Normal
FileVersion : 6.0.1.2003110300
ProductVersion : 6.0.1.2003110300
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 6.0
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe
#:26 [opera.exe]
FilePath : C:\Programme\Opera75\
ProcessID : 3448
ThreadCreationTime : 27.02.2005 19:14:36
BasePriority : Normal
FileVersion : 3798
ProductVersion : 7.51
ProductName : Opera Internet Browser
CompanyName : Opera Software
FileDescription : Opera Internet Browser
InternalName : Opera
LegalCopyright : Copyright © Opera Software 1995-2004
OriginalFilename : Opera.exe
#:27 [mwavscan.com]
FilePath : C:\DOKUME~1\F\LOKALE~1\Temp\
ProcessID : 2132
ThreadCreationTime : 27.02.2005 19:30:35
BasePriority : Normal
FileVersion : 4, 0, 0, 1
ProductVersion : 4, 0, 0, 1
ProductName : MWAV
CompanyName : MicroWorld Technologies Inc.
FileDescription : eScan Toolkit Utility
InternalName : mwavscan
LegalCopyright : Copyright © 2003-2004 MicroWorld Technologies Inc.
OriginalFilename : mwavscan.exe
#:28 [kavss.exe]
FilePath : C:\DOKUME~1\F\LOKALE~1\Temp\
ProcessID : 1804
ThreadCreationTime : 27.02.2005 19:30:39
BasePriority : Normal
FileVersion : 4.0.2.10
ProductVersion : 4.0.2.10
ProductName : Kaspersky Anti-Virus Scanner Server
CompanyName : Kaspersky Lab.
FileDescription : Kaspersky Anti-Virus Single Scanner
InternalName : kavss.exe
LegalCopyright : Copyright (C) 1999-2002 Kaspersky Lab.
LegalTrademarks : Kaspersky is a registered trademark of Kaspersky Lab.
OriginalFilename : kavss.exe
Comments : Dmitry A. Ryabov [ryabov@kaspersky.com]
#:29 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3192
ThreadCreationTime : 27.02.2005 19:44:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE
#:30 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1792
ThreadCreationTime : 27.02.2005 19:48:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE
#:31 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3392
ThreadCreationTime : 27.02.2005 19:54:50
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WebHancer Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
Value :
WebHancer Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
WebHancer Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\webhancer
WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\webhancer
Value :
WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\webhancer
Value : BaseDir
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 34
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:f@servedby.advertising.com/
Expires : 27.03.2005 19:58:48
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad12.bannerbank[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@ad12.bannerbank.ru/
Expires : 28.03.2005 15:44:56
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@cgi-bin[3].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@imrworldwide.com/cgi-bin
Expires : 19.01.2009
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad.bannerbank[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@ad.bannerbank.ru/
Expires : 26.03.2005 14:40:14
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad1.bannerbank[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@ad1.bannerbank.ru/
Expires : 29.03.2005 19:59:40
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@server.iad.liveperson[2].txt
Category : Data Miner
Comment : Hits:27
Value : Cookie:f@server.iad.liveperson.net/
Expires : 16.02.2006 14:28:24
LastSync : Hits:27
UseCount : 0
Hits : 27
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@mediaplex[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@mediaplex.com/
Expires : 22.06.2009 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ads.adserver[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:f@ads.adserver.ru/
Expires : 01.01.2021 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@spylog[1].txt
Category : Data Miner
Comment : Hits:447
Value : Cookie:f@spylog.com/
Expires : 26.08.2005 18:57:02
LastSync : Hits:447
UseCount : 0
Hits : 447
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@2o7[2].txt
Category : Data Miner
Comment : Hits:59
Value : Cookie:f@2o7.net/
Expires : 25.02.2010 12:44:02
LastSync : Hits:59
UseCount : 0
Hits : 59
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@counter2.hitslink[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:f@counter2.hitslink.com/
Expires : 18.01.2038 06:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@z1.adserver.com/
Expires : 18.02.2006 16:11:34
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@hotlog[2].txt
Category : Data Miner
Comment : Hits:36
Value : Cookie:f@hotlog.ru/
Expires : 24.02.2006 19:37:14
LastSync : Hits:36
UseCount : 0
Hits : 36
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@stat.stars.ru/cgi-bin
Expires : 10.11.2030 00:59:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad7.bannerbank[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@ad7.bannerbank.ru/
Expires : 21.03.2005 18:06:20
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@fastclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:f@fastclick.net/
Expires : 15.02.2007 19:30:02
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@overture[2].txt
Category : Data Miner
Comment : Hits:59
Value : Cookie:f@overture.com/
Expires : 25.02.2015 17:49:48
LastSync : Hits:59
UseCount : 0
Hits : 59
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@hitbox[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:f@hitbox.com/
Expires : 21.02.2006 11:48:30
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@phg.hitbox[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:f@phg.hitbox.com/
Expires : 21.02.2006 11:48:30
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@as1.falkag[2].txt
Category : Data Miner
Comment : Hits:629
Value : Cookie:f@as1.falkag.de/
Expires : 28.03.2005 16:06:58
LastSync : Hits:629
UseCount : 0
Hits : 629
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@atdmt[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:f@atdmt.com/
Expires : 20.02.2010 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@advertising[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:f@advertising.com/
Expires : 20.02.2010 11:34:48
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@doubleclick[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:f@doubleclick.net/
Expires : 21.02.2008 11:43:52
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad3.bannerbank[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:f@ad3.bannerbank.ru/
Expires : 23.03.2005 16:10:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@partners.webmasterplan[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@partners.webmasterplan.com/
Expires : 07.03.2005
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@edge.ru4[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@edge.ru4.com/
Expires : 11.03.2073 14:48:54
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@statcounter.com/
Expires : 15.02.2010 17:14:48
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad6.bannerbank[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:f@ad6.bannerbank.ru/
Expires : 21.03.2005 01:13:24
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad2.bannerbank[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:f@ad2.bannerbank.ru/
Expires : 23.03.2005 18:01:30
LastSync : Hits:17
UseCount : 0
Hits : 17
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:f@www.xfiles.ru/cgi-bin/
Expires : 01.01.2100 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@ad4.bannerbank[2].txt
Category : Data Miner
Comment : Hits:45
Value : Cookie:f@ad4.bannerbank.ru/
Expires : 29.03.2005 19:41:06
LastSync : Hits:45
UseCount : 0
Hits : 45
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : f@adrevolver[2].txt
Category : Data Miner
Comment : Hits:42
Value : Cookie:f@mbe.ru/adrevolver/
Expires : 23.02.2006 17:29:14
LastSync : Hits:42
UseCount : 0
Hits : 42
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 32
Objects found so far: 66
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WebHancer Object Recognized!
Type : File
Data : backup-20050225-225614-905.dll
Category : Data Miner
Comment :
Object : C:\Dokumente und Einstellungen\F\Lokale Einstellungen\Temp\backups\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll
WebHancer Object Recognized!
Type : File
Data : whSurvey.exe
Category : Data Miner
Comment :
Object : C:\Program Files\webHancer\Programs\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whSurvey.exe
WebHancer Object Recognized!
Type : File
Data : Webhdll.dll
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll
WebHancer Object Recognized!
Type : File
Data : WhAgent.exe
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whAgent.exe
WebHancer Object Recognized!
Type : File
Data : whiehlpr.dll
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll
WebHancer Object Recognized!
Type : File
Data : whInstaller.exe
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whInstaller.exe
WebHancer Object Recognized!
Type : File
Data : WhSurvey.exe
Category : Data Miner
Comment :
Object : C:\Programme\whInstall\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whSurvey.exe
WebHancer Object Recognized!
Type : File
Data : A0007672.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{DB91113E-DE9C-4FEA-B07B-40AFA92837D8}\RP38\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whAgent.exe
WebHancer Object Recognized!
Type : File
Data : A0007674.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{DB91113E-DE9C-4FEA-B07B-40AFA92837D8}\RP38\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer IE Helper Module
InternalName : WhIeHelper
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whiehlpr.dll
WebHancer Object Recognized!
Type : File
Data : A0007679.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{DB91113E-DE9C-4FEA-B07B-40AFA92837D8}\RP38\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll
WebHancer Object Recognized!
Type : File
Data : A0007686.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{DB91113E-DE9C-4FEA-B07B-40AFA92837D8}\RP38\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : webhdll.dll
WebHancer Object Recognized!
Type : File
Data : whInstaller.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 3.3.0
ProductVersion : 3.3.0
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Installer
InternalName : whInstaller
LegalCopyright : Copyright © 1999-2003 webHancer Corporation
OriginalFilename : whInstaller.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 78
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 78
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 78
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WebHancer Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Programme\whInstall
WebHancer Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\program files\webHancer
WebHancer Object Recognized!
Type : File
Data : license.txt
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : readme.txt
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : Sporder.dll
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
FileVersion : 4.00
ProductVersion : 4.00
ProductName : Microsoft(R) Windows NT(TM) Operating System
CompanyName : Microsoft Corporation
FileDescription : WinSock2 reorder service providers
InternalName : sporder.dll
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1996
OriginalFilename : sporder.dll
WebHancer Object Recognized!
Type : File
Data : whAgent.inf
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : whAgent.ini
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : whInstaller.ini
Category : Data Miner
Comment :
Object : C:\Programme\whinstall\
WebHancer Object Recognized!
Type : File
Data : whAgent.inf
Category : Data Miner
Comment :
Object : C:\WINDOWS\
WebHancer Object Recognized!
Type : File
Data : whInstaller.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 88
21:07:13 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:09.797
Objects scanned:112702
Objects identified:60
Objects ignored:0
New critical objects:60
Gruß
- Utopie
- Beiträge: 4
- Registriert: 24.02.2005, 21:44
von Nikita am 28.02.2005, 15:22
•LSPfix.exe
http://www.spychecker.com/program/lspfix.html
<"I know what I'm doing" -->anhaken
falls du eine Sporder.dll + whiehlpr.dll + Webhdll.dll
findest, bringe sie von der linken auf die rechte Seite und loesche sie (deleted)
#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
Deinstalliere: Webhancer,
•Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software"
falls es nicht geht, loesch alles das:
C:\Programme\whInstall\whiehlpr.dll
C:\Programme\whInstall\Webhdll.dll
C:\Programme\whInstall\WhAgent.exe
C:\Programme\whinstall\license.txt
C:\Programme\whinstall\readme.txt
C:\Programme\whinstall\whAgent.inf
C:\Programme\whinstall\whAgent.ini
C:\Programme\whinstall\whInstaller.ini
C:\WINDOWS\whAgent.inf
C:\WINDOWS\whInstaller.ini
•Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k
#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
dann poste das neue Log vom HijackThis
http://www.spychecker.com/program/lspfix.html
<"I know what I'm doing" -->anhaken
falls du eine Sporder.dll + whiehlpr.dll + Webhdll.dll
findest, bringe sie von der linken auf die rechte Seite und loesche sie (deleted)
#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
Deinstalliere: Webhancer,
•Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software"
falls es nicht geht, loesch alles das:
C:\Programme\whInstall\whiehlpr.dll
C:\Programme\whInstall\Webhdll.dll
C:\Programme\whInstall\WhAgent.exe
C:\Programme\whinstall\license.txt
C:\Programme\whinstall\readme.txt
C:\Programme\whinstall\whAgent.inf
C:\Programme\whinstall\whAgent.ini
C:\Programme\whinstall\whInstaller.ini
C:\WINDOWS\whAgent.inf
C:\WINDOWS\whInstaller.ini
•Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k
#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
dann poste das neue Log vom HijackThis
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Utopie am 28.02.2005, 21:03
Hallo Nikita,
alles gemacht. Habe trotzdem noch 19 Objekte, laut Ad-aware. Was soll ich mit denen tun?
Logfile of HijackThis v1.99.1
Scan saved at 19:45:13, on 28.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Opera75\opera.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\F\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6DE2DFD-7BCD-437F-AFB4-7CCCD3595D16}: NameServer = 217.237.151.161 217.237.151.33
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Gruß
alles gemacht. Habe trotzdem noch 19 Objekte, laut Ad-aware. Was soll ich mit denen tun?
Logfile of HijackThis v1.99.1
Scan saved at 19:45:13, on 28.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Opera75\opera.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\F\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6DE2DFD-7BCD-437F-AFB4-7CCCD3595D16}: NameServer = 217.237.151.161 217.237.151.33
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Gruß
- Utopie
- Beiträge: 4
- Registriert: 24.02.2005, 21:44
von Nikita am 01.03.2005, 00:47
scanne mit AdAware im abgesicherten modus und loesche alles, was nach dem Scann angezeigt wird.
dann scanne noch mal im Normalmodus und poste mir das Log
dann scanne noch mal im Normalmodus und poste mir das Log
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
Ähnliche Themen
| Trojanisches Pferd Forum: Online- und PC-Sicherheit Autor: Rio001 Antworten: |
Alle 10 Sek das Trojanische Pferd TR/Small.GS.2 Forum: Online- und PC-Sicherheit Autor: Richard Ritter Antworten: |
Temp\se.dll + TR/Dldr.Agent.BQ Forum: Online- und PC-Sicherheit Autor: Nikita Antworten: |
brauche hilfe! hijack log & tr/dldr.small.or Forum: Online- und PC-Sicherheit Autor: Nicolas Antworten: |
Neues Trojanisches Pferd Forum: Online- und PC-Sicherheit Autor: Jinxy Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste