NewDotNet/NewDotNet.dll /A.7.Virus - keine Internetverbindung mehr ?

#121 Uriel

nichts von new.net sichtbar

poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#122 Stefan - 06-12-03 11:47:58,84 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Stefan\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-11-30 22:51 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-11-30 22:51 <DIR> d-------- C:\Programme\GameJack 5
2006-11-30 22:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-30 22:40 <DIR> d-------- C:\Programme\Grisoft
2006-11-30 22:38 <DIR> dr-h----- C:\Dokumente und Einstellungen\Stefan\Recent
2006-11-30 22:36 <DIR> d-------- C:\Programme\CCleaner
2006-11-30 22:36 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2006-11-29 20:22 <DIR> d-------- C:\Programme\CleanUp!
2006-11-19 13:03 <DIR> d-------- C:\Programme\MSXML 4.0
2006-11-08 18:30 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2006-11-08 18:13 <DIR> d-------- C:\KAV_6.0
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-03 10:49 13440 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS
2006-12-02 23:43 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-12-02 17:14 28382 --a------ C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\wklnhst.dat
2006-12-01 21:19 -------- d-------- C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\X-Chat 2
2006-11-30 22:51 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-11-30 22:36 -------- d-------- C:\Programme\Yahoo!
2006-11-28 23:35 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-11-28 23:35 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-11-28 23:35 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-11-28 17:17 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-11-19 13:01 -------- d-------- C:\Programme\Internet Explorer
2006-11-18 13:05 -------- d-------- C:\Programme\a-squared Free
2006-11-09 17:01 -------- d-a------ C:\Programme\FunWebProducts
2006-11-09 17:01 -------- d-------- C:\Programme\Save
2006-11-08 21:40 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-11-08 21:40 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-11-08 21:28 -------- d-------- C:\Programme\Kaspersky Lab
2006-11-08 21:23 -------- d-------- C:\Programme\HHVcdV5Sys
2006-11-08 21:22 -------- d-------- C:\Programme\WinRAR
2006-11-08 21:22 -------- d-------- C:\Programme\Windows NT
2006-11-08 21:22 -------- d-------- C:\Programme\Windows Media Player
2006-11-08 21:22 -------- d-------- C:\Programme\Windows Journal Viewer
2006-11-08 21:22 -------- d-------- C:\Programme\WinAce
2006-11-08 21:22 -------- d-------- C:\Programme\QuickTime
2006-11-08 21:22 -------- d-------- C:\Programme\Outlook Express
2006-11-08 21:22 -------- d-------- C:\Programme\Mozilla Firefox
2006-11-08 21:22 -------- d-------- C:\Programme\Microsoft Works
2006-11-08 21:22 -------- d-------- C:\Programme\Messenger
2006-11-08 21:22 -------- d-------- C:\Programme\iTunes
2006-11-08 21:22 -------- d-------- C:\Programme\IrfanView
2006-11-08 21:22 -------- d-------- C:\Programme\ICQToolbar
2006-11-08 21:22 -------- d-------- C:\Programme\ICQLite
2006-11-08 21:22 -------- d-------- C:\Programme\GameSpy Arcade
2006-11-08 21:22 -------- d-------- C:\Programme\DigitalSimulatorV5.57
2006-11-08 21:22 -------- d-------- C:\Programme\Diablo II
2006-11-08 21:22 -------- d-------- C:\Programme\AOL 8.0
2006-11-08 21:22 -------- d-------- C:\Programme\Animake
2006-11-08 21:21 -------- d-------- C:\Programme\X Codec Pack
2006-11-08 21:21 -------- d-------- C:\Programme\SoftCodec
2006-11-08 21:17 -------- d-------- C:\Programme\X-Chat 2
2006-11-08 21:17 -------- d-------- C:\Programme\Quake III Arena
2006-11-08 21:17 -------- d-------- C:\Programme\NetMeeting
2006-11-08 21:17 -------- d-------- C:\Programme\MSN Messenger
2006-11-08 21:17 -------- d-------- C:\Programme\Movie Maker
2006-11-08 21:17 -------- d-------- C:\Programme\Microsoft Picture It! 9
2006-11-08 21:17 -------- d-------- C:\Programme\Microsoft AutoRoute
2006-11-08 21:17 -------- d-------- C:\Programme\GTA2
2006-11-08 21:17 -------- d-------- C:\Programme\GStudio
2006-11-01 21:14 -------- d-------- C:\Programme\T-Online
2006-10-31 18:46 -------- d-------- C:\Programme\EA Games
2006-10-21 10:35 -------- d-------- C:\Programme\Bikini Desktop
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-07 17:05 -------- d-------- C:\Programme\VirusBurster
2006-10-04 21:03 9639336 --a------ C:\WINDOWS\system32\MRT(2).exe
2006-10-02 13:08 21840 --a--c-t- C:\WINDOWS\system32\SIntfNT(2).dll
2006-10-02 13:08 17212 --a--c-t- C:\WINDOWS\system32\SIntf32(2).dll
2006-10-02 13:08 12067 --a--c-t- C:\WINDOWS\system32\SIntf16(2).dll
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3(3).dll
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3(2).dll
2006-09-04 07:12 1494016 --a------ C:\WINDOWS\system32\shdocvw(4).dll
2006-09-04 07:12 1494016 --a------ C:\WINDOWS\system32\shdocvw(3).dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DrvMon.exe"="C:\\WINDOWS\\system32\\DrvMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Dit"="Dit.exe"
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"Prism_Utility"="Prismsta.exe"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"DataLayer"="C:\\PROGRA~1\\GEMEIN~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"DAEMON Tools-1033"="\"D:\\D-Tools\\daemon.exe\" -lang 1033"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"VC5Player"="C:\\Programme\\HHVcdV5Sys\\VC5Play.exe"
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"kav"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Brockhaus-Direktsuche(2).lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Brockhaus-Direktsuche(2).lnk"
"backup"="C:\\WINDOWS\\pss\\Brockhaus-Direktsuche(2).lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\BROCKH~1\\BROCKH~1\\pgbmm.exe "
"item"="Brockhaus-Direktsuche(2)"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Brockhaus-Direktsuche(3).lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Brockhaus-Direktsuche(3).lnk"
"backup"="C:\\WINDOWS\\pss\\Brockhaus-Direktsuche(3).lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\BROCKH~1\\BROCKH~1\\pgbmm.exe "
"item"="Brockhaus-Direktsuche(3)"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Brockhaus-Direktsuche.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Brockhaus-Direktsuche.lnk"
"backup"="C:\\WINDOWS\\pss\\Brockhaus-Direktsuche.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\BROCKH~1\\BROCKH~1\\pgbmm.exe "
"item"="Brockhaus-Direktsuche"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LiveUpdate"
"hkey"="HKLM"
"command"="C:\\Programme\\AceGain\\LiveUpdate\\LiveUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Elaborate Bytes\\CloneDVD\\ElbyCheck.exe\" /L ElbyDelay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Programme\\SlySoft\\AnyDVD\\ElbyCheck.exe\" /L AnyDVD"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ToADiMon"
"hkey"="HKLM"
"command"="C:\\Programme\\T-Online\\T-Online_Software_5\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Monitor"
"hkey"="HKLM"
"command"="C:\\Programme\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-03 11:50:02.85
C:\ComboFix.txt ... 06-12-03 11:50


auch nix von nem anderen Virus oder sowas in der Art zu sehen? Weil die 1mb -Verbindungen sind immernoch da. Laut meiner T-Online Nutzungsdatenauflistung sinds immer konstant Einlogabstände von entweder 10, 15 oder 20 Minuten. Vieleicht hilft das ja bei der Identifizierung weiter.

Thx schonmal.

Grz Uriel

#123 Uriel

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurster
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurster

Folders to delete:
C:\Programme\FunWebProducts
C:\Programme\Save
C:\Programme\SoftCodec
C:\Programme\VirusBurster
C:\Programme\X Codec Pack

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

-----------------------------------------------------------------

##
scanne mit counterspy, stelle nach dem scan alles auf "remove" und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#124 Spyware Scan Details
Start Date: 05.12.2006 19:10:49
End Date: 05.12.2006 20:25:02
Total Time: 1 hrs 14 mins 13 secs

Detected spyware

Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Infected files detected
c:\programme\aws\eula.txt


Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Infected files detected
c:\windows\gatoruninstaller_cme_u.log
c:\windows\gatoruninstaller_cme.log

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} uets
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GEF 1744
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMG 4596AA35-B54E-47E8-9393-3A20D4DB461E
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI 586485751
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SSeq 821
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} LastInstall 1131900644
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SEvt 3826
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} PAK
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI64
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs StartTime 265
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs OldestTime 265
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 265-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 265-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Proxy UsingWininet 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Proxy Enabled 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat Guid 5963C3B5-ADED-42BE-9EAB-FD1108EAC110
HKEY_LOCAL_MACHINE\software\gator.com
HKEY_LOCAL_MACHINE\software\gator.com\CMEII AppHist DivXNetwork2359Installed113179132800022BIC_DivXNetwork2245NI HKEY_LOCAL_MACHINE\software\gator.com\CMEII numInst 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs StartTime 265
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs OldestTime 265
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs 265-200 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs 265-bytes 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\Proxy UsingWininet 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\Proxy Enabled 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat Guid 5963C3B5-ADED-42BE-9EAB-FD1108EAC110
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs StartTime 265
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs OldestTime 265
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 265-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 265-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Proxy UsingWininet 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Proxy Enabled 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat Guid 5963C3B5-ADED-42BE-9EAB-FD1108EAC110


DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\security troubleshooting.url
c:\dokumente und einstellungen\all users\startmenü\online security guide.url


WinCrash RAT more information...
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\lustich\kopfstand\kopfstand.exe


Advertbar Adware (General) more information...
Details: Advertbar is a set of programs, which includes the MessageMates software from Adtools, Inc. These small advertising Windows programs have various characters that display across the screen, such as the animals from "Ice Age," the animated movie.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\AdTools, Inc.
HKEY_CURRENT_USER\Software\AdTools, Inc.\Connection Installed 1
HKEY_CURRENT_USER\Software\AdTools, Inc.\DMM data1 3
HKEY_CURRENT_USER\Software\AdTools, Inc.\Temp Dir C:\DOKUME~1\Stefan\LOKALE~1\Temp\B\
HKEY_CURRENT_USER\Software\AdTools, Inc.\UserInfo Identifier 02e327e4-2862-47ef-96c9-0fa0b718f27e


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source
HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net
HKEY_LOCAL_MACHINE\software\new.net Activity 12158
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 458774
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet7_22.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=030b21aeef2be7b085de3e53cd51ed86
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source NNADFS~1
HKEY_LOCAL_MACHINE\software\new.net Prt NNADFS638
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29824621
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -2055562112
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\software\new.net XpiDone 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag


WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib {E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 MyWebSearch Pseudo Transparent Plugin


Marketscore.RelevantKnowledge Adware (General) more information...
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\InprocServer32 C:\WINDOWS\system32\cemetrix.dll
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\ProgID ICEClientAtl.SurveyClientCtl.1
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\ToolboxBitmap32 C:\WINDOWS\system32\cemetrix.dll, 101
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\TypeLib {FE844296-3C38-4B78-A272-87557622C953}
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2}\VersionIndependentProgID ICEClientAtl.SurveyClientCtl
HKEY_CLASSES_ROOT\CLSID\{CD1B7795-13BC-4A12-BF42-A52748971AA2} SurveyClientCtl Class
HKEY_CLASSES_ROOT\TypeLib\{FE844296-3C38-4B78-A272-87557622C953}
HKEY_CLASSES_ROOT\TypeLib\{FE844296-3C38-4B78-A272-87557622C953}\1.0\0\win32 C:\WINDOWS\system32\cemetrix.dll
HKEY_CLASSES_ROOT\TypeLib\{FE844296-3C38-4B78-A272-87557622C953}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{FE844296-3C38-4B78-A272-87557622C953}\1.0\HELPDIR C:\WINDOWS\system32\
HKEY_CLASSES_ROOT\TypeLib\{FE844296-3C38-4B78-A272-87557622C953}\1.0 ICEClientAtl 1.0 Type Library
HKEY_CLASSES_ROOT\ICEClientAtl.SurveyClientCtl
HKEY_CLASSES_ROOT\ICEClientAtl.SurveyClientCtl\CLSID {CD1B7795-13BC-4A12-BF42-A52748971AA2}
HKEY_CLASSES_ROOT\ICEClientAtl.SurveyClientCtl\CurVer ICEClientAtl.SurveyClientCtl.1
HKEY_CLASSES_ROOT\ICEClientAtl.SurveyClientCtl SurveyClientCtl Class
HKEY_CLASSES_ROOT\ICEClientAtl.SurveyClientCtl.1
HKEY_CLASSES_ROOT\ICEClientAtl.SurveyClientCtl.1\CLSID {CD1B7795-13BC-4A12-BF42-A52748971AA2}
HKEY_CLASSES_ROOT\ICEClientAtl.SurveyClientCtl.1 SurveyClientCtl Class


Trojan-Downloader.Win32.VB.ahc Trojan Downloader more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR\Security Security
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR\Enum 0 Root\LEGACY_XPROTECTOR\0000
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR\Enum Count 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR\Enum NextInstance 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR Type 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR Start 2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR ErrorControl 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR ImagePath \??\C:\WINDOWS\system32\drivers\XPROTECTOR.SYS
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR DisplayName XPROTECTOR


WindUpdates.AdTools Adware (General) more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\AdTools, Inc.
HKEY_CURRENT_USER\Software\AdTools, Inc.\Connection Installed 1
HKEY_CURRENT_USER\Software\AdTools, Inc.\DMM data1 3
HKEY_CURRENT_USER\Software\AdTools, Inc.\Temp Dir C:\DOKUME~1\Stefan\LOKALE~1\Temp\B\
HKEY_CURRENT_USER\Software\AdTools, Inc.\UserInfo Identifier 02e327e4-2862-47ef-96c9-0fa0b718f27e


Backdoor.Win32.Rbot.adf Backdoor more information...
Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.SdBot.aad Backdoor more information...
Details: SdBot is the name of a family of trojans, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.IRCBot.az Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.EggDrop.v Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.Agobot.zo Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.Rbot.bis Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Trojan-Downloader.Win32.Banload.bkm Trojan Downloader more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations


Backdoor.Win32.Rbot.bjm Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.Rbot.aeu Backdoor more information...
Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


W32.IRCBot Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE

scheint ja ne ganze Menge drauf gewesen zu sein...

#125 Uriel

auf dem Rechner ist ein Backdoor, also jemand hat sich in den Rechner eingehackt und somit die Kontrolle uebernommen.

««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#126 System32

06.12.2006 19:29 2.206 wpa.dbl
05.12.2006 18:35 0 tmp.txt
05.12.2006 18:35 3.472 tmp.reg
28.11.2006 23:35 21.840 SIntfNT.dll
28.11.2006 23:35 17.212 SIntf32.dll
28.11.2006 23:35 12.067 SIntf16.dll
16.11.2006 06:20 10.474.920 MRT.exe
04.11.2006 14:14 1.245.696 msxml4.dll
29.10.2006 11:32 376.016 perfh009.dat
29.10.2006 11:32 386.338 perfh007.dat
29.10.2006 11:32 51.814 perfc009.dat
29.10.2006 11:32 62.578 perfc007.dat
29.10.2006 11:32 886.580 PerfStringBackup(2).INI
29.10.2006 11:32 886.580 PerfStringBackup.INI
16.10.2006 11:40 123.392 xpsp3res.dll
13.10.2006 13:35 146.432 nwprovau.dll
04.10.2006 21:03 9.639.336 MRT(2).exe
02.10.2006 13:08 21.840 SIntfNT(2).dll
02.10.2006 13:08 17.212 SIntf32(2).dll
02.10.2006 13:08 12.067 SIntf16(2).dll

Systemtemp

06.12.2006 19:31 32.768 ~DF3CA9.tmp
06.12.2006 19:29 16.384 ~DF380C.tmp
06.12.2006 19:29 49.152 ~DFD9EA.tmp
06.12.2006 19:29 16.384 ~DF5380.tmp
06.12.2006 17:12 206 jusched.log
06.12.2006 17:03 32.768 ~DF28EB.tmp
06.12.2006 17:02 16.384 ~DFAD6.tmp
06.12.2006 17:02 49.152 ~DFA3DF.tmp
06.12.2006 17:02 16.384 ~DFBDEF.tmp
9 Datei(en) 229.582 Bytes
0 Verzeichnis(se), 9.163.841.536 Bytes frei

System

06.12.2006 19:28 0 0.log
06.12.2006 19:28 1.704.856 WindowsUpdate.log
06.12.2006 19:28 157 wiadebug.log
06.12.2006 19:28 50 wiaservc.log
06.12.2006 19:27 2.048 bootstat.dat
06.12.2006 17:38 32.548 SchedLgU.Txt
06.12.2006 17:09 54.156 QTFont.qfn
06.12.2006 16:53 1.409 QTFont.for
05.12.2006 18:39 223.993 setupact.log
01.12.2006 22:28 40 nfsc_patch.ini
01.12.2006 22:10 418.893 DirectX.log
29.11.2006 22:14 844.586 setupapi.log
28.11.2006 17:24 1.173 ie7_main.log
28.11.2006 17:17 483 SIERRA.INI
25.11.2006 20:13 135 NeroDigital.ini
19.11.2006 13:03 119.627 iis6.log
19.11.2006 13:03 263.876 comsetup.log
19.11.2006 13:03 162.450 ntdtcsetup.log
19.11.2006 13:03 308.429 tsoc.log
19.11.2006 13:03 41.256 ocmsn.log
19.11.2006 13:03 1.393 imsins.log
19.11.2006 13:03 16.159 KB923980.log
19.11.2006 13:03 416.134 ocgen.log
19.11.2006 13:03 39.313 msgsocm.log
19.11.2006 13:03 788.252 FaxSetup.log
19.11.2006 13:03 1.393 imsins.BAK
19.11.2006 13:03 16.306 KB924270.log
19.11.2006 13:03 40.812 updspapi.log
19.11.2006 13:02 18.021 KB920213.log
19.11.2006 13:01 17.750 KB922760.log
13.11.2006 16:08 227 system.ini
13.11.2006 16:08 701 win.ini
11.11.2006 17:49 267.686 wmsetup.log
31.10.2006 18:58 2.150 eReg.dat
24.10.2006 18:13 135 NeroDigital(2).ini
14.10.2006 16:52 13.690 KB924191.log
14.10.2006 16:52 13.512 KB922819.log
14.10.2006 16:52 12.387 KB923414.log
14.10.2006 16:51 12.365 KB924496.log
14.10.2006 16:51 9.960 KB923191.log
02.10.2006 13:07 294 SIERRA(2).INI

tmp


06.12.2006 19:37 8.192 cch~1a55a2dc228.htp
06.12.2006 19:37 8.192 cch~1a559ec4560.htp
06.12.2006 19:37 8.192 cch~1a501c85aea.htp
06.12.2006 19:37 8.192 cch~1a50365394a.htp
06.12.2006 19:37 8.192 cch~1a4b0153220.htp
06.12.2006 19:37 8.192 cch~1a4affc18c4.htp
06.12.2006 19:36 8.192 cch~189a7d89954.htp
06.12.2006 19:36 8.192 cch~189a7be0e10.htp
06.12.2006 19:29 409 WGANotify.settings
06.12.2006 19:28 16.384 Perflib_Perfdata_76c.dat
06.12.2006 19:28 43 WGAErrLog.txt
06.12.2006 19:27 16.384 ~DF1574.tmp
12 Datei(en) 98.756 Bytes
0 Verzeichnis(se), 9.163.853.824 Bytes frei

Down

27.08.2005 12:30 5.065 swflash.inf

Sys

06.12.2006 19:42 0 sys.txt
06.12.2006 19:40 812 down.txt
06.12.2006 19:40 892 tmp.txt
06.12.2006 19:39 25.695 system.txt
06.12.2006 19:38 675 systemtemp.txt
06.12.2006 19:38 229.401 system32.txt
06.12.2006 19:27 536.399.872 hiberfil.sys
06.12.2006 19:27 805.306.368 pagefile.sys
05.12.2006 18:35 1.122 rapport.txt
05.12.2006 18:31 5.462 avenger.txt
03.12.2006 11:50 15.585 ComboFix.txt
29.11.2006 21:37 865 DirDPF.txt
29.11.2006 21:37 2 DirDPFCns.txt
13.11.2006 16:08 211 boot.ini

Ich hoffe du meintest das ichs hier reinkopieren sollte oder?

Grz Uriel

#127 Uriel

ich finde nichts....
bealssen wir es also so... wenn es Probleme geben sollte -melde dich
__________
MfG Sabina

rund um die PC-Sicherheit

#128 Mach ich. Bis hierhin erstmal ein extrem großes Danke an dich. Du bist echt klasse.

Grz Uriel

#129 Ich bekomme den Virus nicht von meinem Rechner. Kann mir jemand helfen?
Anbei mein Hijackthis-Logfile.

Gruß und Danke
Sven

Logfile of HijackThis v1.99.1
Scan saved at 14:40:07, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\Dokumente und Einstellungen\Sven Lakner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [GMX_GMX Upload-Manager] "C:\Programme\GMX\GMX Upload-Manager\DAVSRV.EXE" /hide
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02785129-81DB-48E8-B555-57F388B5EF06}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{99B4C630-B771-45D6-A538-180F3B2FB492}: NameServer = 81.173.194.68 194.8.194.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{02785129-81DB-48E8-B555-57F388B5EF06}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{02785129-81DB-48E8-B555-57F388B5EF06}: NameServer = 192.168.2.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

#130 Frontlooper

LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing" -- Remove
- und lösche die newdotnet7_48.dll (eventuell musst du die dll von links nach rechts bringen) + Remove

««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

««
wende das an und poste das log
http://virus-protect.org/artikel/tools/adfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#131 hallo,

nachdem ich im Spyware & Browser Hijacker Support Forum keine threads (erste seite..) zu diesem thema sehe, wie hier im ersten post verlangt, klink ich mich einfach mal hier mit ein. hoffe das ist ok so.

im gegensatz zu anderen geht meine internetverbindung (noch). allerdings stark eingeschränkt. bedeutet: alles, was nicht übern firefox läuft kann keine verbindung herstellen (icq, thunderbird, antivir,...). außerdem komme ich mir vor wie mit nem 56k modem.
mein antivir hat den new.net gefunden und gelöscht. also taucht er auch nicht mehr bei systemsteuerung\software auf.

hier ist mal das hjt-log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\WinPoET Broadband Connection\winpppoverethernet.exe
C:\Programme\ULI5289\ALi5289.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\AOL\1158174292\ee\AOLSoftware.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\WinPoET Broadband Connection\WrOS.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
H:\09_incoming#general\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\01-progs\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\01-progs\flashfxp\IEFlash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Programme\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ALi5289] C:\Programme\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1158174292\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] D:\01-progs\winamp\winampa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\01-progs\adobe\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\01-progs\firefox\plugins\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\01-progs\firefox\plugins\bin\ssv.dll
O9 - Extra button: Add eBay auction to Auction Defender - {35C9C643-5ECE-49DC-A8CF-5D58785A3B93} - D:\01-progs\auction defender\AuctionDefender.dll
O9 - Extra 'Tools' menuitem: Auction Defender - {35C9C643-5ECE-49DC-A8CF-5D58785A3B93} - D:\01-progs\auction defender\AuctionDefender.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\01-progs\icq\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\01-progs\icq\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Programme\WinPoET Broadband Connection\WrOS.EXE


hab mit diesem tool noch nie gearbeitet und bin auch sonst nicht grade der crack am pc. wär cool, wenn ihr mir weiterhelfen könntet.
hab zwar versucht die anweisungen zu befolgen aber entweder mache ich dabei was falsch oder es hilft nichts (wobei ich auf ersteres tippe)

schönen gruß

edit: ach ja, winsockfix führt zu keinem ergebnis und außerdem würd mich am rande noch interessieren was dieses google.icq.com (bei R1) eigentlich soll?

#132 jwsd2

poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#133 hui, fixes backup! thx


"myname" - 07-01-13 0:13:06 Service Pack 2
ComboFix 07-01-12 - Running from: "D:\04-RARs"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programme\INSTALL.LOG


((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 ))))))))))))))))))))))))))))))))))


2007-01-12 21:31 <DIR> d-------- C:\avenger
2006-12-19 22:35 <DIR> d-------- C:\DOKUME~1\myname\Anwendungsdaten\dvdcss


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-12 22:00 -------- d-------- C:\Programme\winpoet broadband connection
2007-01-10 10:01 -------- d-------- C:\Programme\java
2007-01-10 00:34 -------- d-------- C:\Programme\antivir personaledition classic
2007-01-09 20:30 -------- d-------- C:\DOKUME~1\myname\Anwendungsdaten\skype
2007-01-01 16:53 -------- d-------- C:\DOKUME~1\myname\Anwendungsdaten\adobe
2006-12-01 10:31 -------- d-------- C:\DOKUME~1\myname\Anwendungsdaten\openoffice.org2
2006-11-30 12:47 -------- d-------- C:\Programme\openoffice.org 2.0
2006-11-13 17:04 -------- d-------- C:\DOKUME~1\myname\Anwendungsdaten\talkback


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"a-winpoet-service"="\"C:\\Programme\\WinPoET Broadband Connection\\winpppoverethernet.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ALi5289"="C:\\Programme\\ULI5289\\ALi5289.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1158174292\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Programme\\Gemeinsame Dateien\\AOL\\IPHSend\\IPHSend.exe"
"WinampAgent"="D:\\01-progs\\winamp\\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


Completion time: 07-01-13 0:14:23

#134 ich finde nichts
scanne und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#135 ..mir scheint ich hab mehr ungebetene gäste als nur newdonet


Scan History Details
Start Date: 13.01.2007 01:42:02
End Date: 13.01.2007 02:37:31
Total Time: 55 Min 29 Sec
Detected security risks

Cookie: Adserver Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Ignored

Cookies detected
c:\dokumente und einstellungen\myname\cookies\myname@adserver[1].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Ignored

Cookies detected
c:\dokumente und einstellungen\myname\cookies\myname@atdmt[2].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Ignored

Cookies detected
c:\dokumente und einstellungen\myname\cookies\myname@doubleclick[1].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Ignored

Cookies detected
c:\dokumente und einstellungen\myname\cookies\myname@mediaplex[1].txt


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Ignored

Files detected
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe

Registry entries detected
HKEY_USERS\S-1-5-21-861567501-1770027372-839522115-1003\SOFTWARE\NEW.NET


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Ignored

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Ignored

Cookies detected
c:\dokumente und einstellungen\myname\cookies\myname@advertising[2].txt


Cookie: Weborama Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Ignored

Cookies detected
c:\dokumente und einstellungen\myname\cookies\myname@weborama[2].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Ignored

Cookies detected
c:\dokumente und einstellungen\myname\cookies\myname@tradedoubler[1].txt



MyNetProtector Rogue Security Program more information...
Status: Ignored

Files detected
D:\RECYCLER\S-1-5-21-1960408961-1454471165-682003330-1003\Dd148.wav