title image


Smiley Re: Avast: Virus "Win32:Kuang2" gefunden in Virendatenbank
> Sieht nicht ganz vollständig aus. Wo befindet sich denn "ActiveScan"?



Bei mir war es unter:

C:/WINDOWS/SYSTEM/ActiveScan/imscan.dll



jetzt ist diese dll allerdings nicht mehr dort, da virenverseucht und nun in Container verschoben



Logfile

Logfile of HijackThis v1.99.1

Scan saved at 18:59:27, on 27.02.06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\SYMTRAY.EXE

C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE

C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE

C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAMME\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAMME\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAMME\1&1 PROGRAMME\CFOS\CFOSDW.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAMME\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE

C:\PROGRAMME\PERFECT SERIES\OPTICAL MOUSE\4.0\MOUSE32A.EXE

C:\PROGRAMME\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAMME\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAMME\ALWIL SOFTWARE\AVAST4\ASHSIMPL.EXE

C:\PROGRAMME\ALWIL SOFTWARE\AVAST4\ASHCHEST.EXE

C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACK AV\HIJACKTHIS.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

F1 - win.ini: run=C:\PROGRA~1\1&1PRO~1\CFOS\CFOSDW.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\nprotect.exe

O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAMME\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice

O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe "Norton SystemWorks"

O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programme\Norton SystemWorks\Norton CleanSweep\csinject.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - HKLM\..\RunServices: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\nprotect.exe

O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAMME\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [avast!] C:\Programme\Alwil Software\Avast4\ashServ.exe

O8 - Extra context menu item: &Google-Suche - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html

O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Ähnliche Seiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Verweisseiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab

O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB

O19 - User stylesheet: C:\Programme\Internet Explorer\userstyle.css

O20 - AppInit_DLLs: apitrap.dll;





mfg Achim

geschrieben von

Login

E-Mail:
  

Passwort:
  

Beitrag anfügen

Symbol:
 
 
 
 
 
 
 
 
 
 
 
 
 

Überschrift: