Bin leider auch ein Virus-Burst-Geschädigter :(

Home » Spyware & Browser Hijacker Support Forum » Bin leider auch ein Virus-Burst-Geschädigter :( » Themenansicht

Seite(n): 1 2

Antworten

Bin leider auch ein Virus-Burst-Geschädigter :( Thema ist geschlossen!
Thema ist geschlossen!
24.09.2006, 14:44 Bolloman ...neu hier Beiträge: 9	#16 Hallo Sabina, hier die gewünschten Logs, der Avenger erzeugt jedoch folgende Fehlermeldung: "////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Fatal error: could not create new script file. Error code: 0 Error logged to errorlog.txt. Aborting now!" Hier die Logs, die funktioniert haben: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\ 06-09-24 14:20 0 sys.txt 06-09-24 14:20 12,193 system.txt 06-09-24 14:20 338 systemtemp.txt 06-09-24 14:19 97,502 system32.txt 06-09-24 14:13 22 backup-06-09-24-14.13.27.37.zip 06-09-24 14:13 0 backup.reg 06-09-24 14:13 536,399,872 hiberfil.sys 06-09-24 14:13 402,653,184 pagefile.sys 06-09-24 14:12 9,002 avenger.txt 06-09-24 14:12 1,080 hjjxhlac.bat 06-09-24 14:11 2,748 avexport.bat 06-09-24 14:04 1,473 backup-06-09-24-14.13.27.00.zip 06-09-24 14:02 1,080 ccljnnls.bat 06-09-24 13:59 22 backup-06-09-24-14.04.16.45.zip 06-09-24 13:57 1,080 hfgkohli.bat 06-09-24 13:54 45,700 backup-06-09-24-13.59.14.54.zip 06-09-24 13:52 1,080 pb^nymju.bat 06-09-24 13:51 1,080 pleduidp.bat 06-09-24 08:03 5,398 ComboFix.txt 06-09-24 07:53 1,144 rapport.txt 06-09-24 07:38 592,604 backup-06-09-24- 7.56.56.65.zip 06-09-24 07:37 126,976 zip.exe 06-09-19 20:56 113,300 dirdat.txt 06-09-19 16:39 128 ComboFix2.txt 06-09-19 16:36 128 ComboFix3.txt 06-09-19 16:11 1,068,421 backup-06-09-24- 7.38.49.23.zip 05-12-28 10:50 2,301 routcnf.txt 05-10-28 07:52 3,515 INSTALL.LOG 05-04-16 05:23 365 log.txt 04-02-13 20:41 47,580 NTDETECT.COM 04-02-13 20:41 235,296 ntldr 03-11-28 22:02 211 SOFTBALL.PRO 03-11-28 22:02 6 SOFTBALL.STA 03-11-28 22:02 660 SOFTBALL.HGH 03-11-11 23:58 0 TDSLCheck.txt 03-03-01 14:35 32 BLOCKOUT.SET 02-05-10 12:24 194 boot.ini 01-12-14 00:54 124 TOnlProt.log 01-09-24 16:46 164 IPH.PH 01-09-15 23:23 0 IO.SYS 01-09-15 23:23 0 MSDOS.SYS 01-09-15 23:23 0 AUTOEXEC.BAT 01-08-18 14:00 4,952 bootfont.bin 01-05-24 12:59 162,304 UNWISE.EXE 00-12-06 12:53 1 rave.exe 00-12-06 12:52 1 photopnt.exe 00-12-06 12:07 1 coreldrw.exe 00-07-15 03:57 15,375 wkhlpqms.hlp 48 Datei(en) 941,608,637 Bytes 0 Verzeichnis(se), 18,397,556,736 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\WINDOWS\system32 06-09-24 05:53 1,158 wpa.dbl 06-09-19 17:31 315,764 perfh009.dat 06-09-19 17:31 42,050 perfc009.dat 06-09-19 17:31 321,382 perfh007.dat 06-09-19 17:31 50,728 perfc007.dat 06-09-19 17:31 735,332 PerfStringBackup.INI 06-06-02 11:04 57,384 avsda.dll 06-03-18 21:51 34,064 lhacm.acm 05-09-09 14:25 94,208 EUMEX4SP.TSP 05-09-09 14:25 143,360 CAPI2032.DLL 05-04-14 20:26 16,832 amcompat.tlb 05-04-14 20:26 23,392 nscompat.tlb Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\WINDOWS 06-09-24 14:17 159 wiadebug.log 06-09-24 14:16 0 0.log 06-09-24 14:14 3,880 ModemLog_V9X HAM 1394V.txt 06-09-24 14:14 50 wiaservc.log 06-09-24 14:13 2,048 bootstat.dat 06-09-24 14:12 32,544 SchedLgU.Txt 06-09-24 11:06 208,064 setupapi.log 06-09-24 07:55 226,904 ntbtlog.txt 06-09-24 07:55 213,900 setupact.log 06-09-19 17:32 19,537 iis6.log 06-09-19 17:32 53,861 comsetup.log 06-09-19 17:32 35,683 ntdtcsetup.log 06-09-19 17:32 4,566 imsins.log 06-09-19 17:32 73,056 tsoc.log 06-09-19 17:32 7,870 ocmsn.log 06-09-19 17:32 112,334 ocgen.log 06-09-19 17:32 7,924 msgsocm.log 06-09-19 17:32 159,319 FaxSetup.log 06-09-18 00:50 81,726 wmsetup.log 06-08-21 04:09 1,501 IE4 Error Log.txt 06-08-21 03:59 346 system.ini 06-08-03 20:11 4,096 d3dx.dat 06-08-03 20:08 77,840 DirectX.log 06-07-30 18:28 103,532 War3Unin.dat 06-05-23 12:19 1,071 AWMODEM.INF 06-05-21 13:04 1,409 QTFont.for 06-05-21 13:04 54,156 QTFont.qfn 06-04-01 03:17 487 Capictrl.INI 06-02-24 06:14 796 stwin05.ini 06-02-24 06:13 810 d2hnav.ini 06-02-11 18:14 133,142 Windows Update.log 06-01-02 23:02 538 WINPHONE.INI Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\DOKUME~1\REN~1\LOKALE~1\Temp 06-09-24 14:13 16,384 Perflib_Perfdata_718.dat 06-09-24 13:52 11,158 Des2.tmp 2 Datei(en) 27,542 Bytes 0 Verzeichnis(se), 18,397,597,696 Bytes frei 09/24/06 14:21:33 [Info]: BlackLight Engine 1.0.46 initialized 09/24/06 14:21:33 [Info]: OS: 5.1 build 2600 (Service Pack 1) 09/24/06 14:21:34 [Note]: 7019 4 09/24/06 14:21:34 [Note]: 7005 0 09/24/06 14:21:37 [Note]: 7006 0 09/24/06 14:21:37 [Note]: 7011 1484 09/24/06 14:21:38 [Note]: 7026 0 09/24/06 14:21:38 [Note]: 7026 0 09/24/06 14:21:50 [Note]: FSRAW library version 1.7.1019 09/24/06 14:26:21 [Note]: 2000 1006 09/24/06 14:26:51 [Note]: 7006 0 09/24/06 14:26:51 [Note]: 7011 1484 09/24/06 14:26:51 [Note]: 7026 0 09/24/06 14:26:51 [Note]: 7026 0 09/24/06 14:26:59 [Note]: FSRAW library version 1.7.1019 09/24/06 14:31:27 [Note]: 2000 1006 09/24/06 14:31:47 [Note]: 7007 0 Ren‚ - 06-09-24 14:33:23.26 Service Pack 1 ComboFix 06.09.23.2 - Running from: "C:\Dokumente und Einstellungen\Ren‚\Desktop\Combofix" ((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 )))))))))))))))))))))))))))))))))) 2006-09-24 14:13 0 --a------ C:\backup.reg 2006-09-24 14:12 1,080 --a------ C:\hjjxhlac.bat 2006-09-24 14:02 1,080 --a------ C:\ccljnnls.bat 2006-09-24 13:57 1,080 --a------ C:\hfgkohli.bat 2006-09-24 13:52 1,080 --a------ C:\pb^nymju.bat 2006-09-24 13:51 1,080 --a------ C:\pleduidp.bat 2006-09-24 07:37 2,748 --a------ C:\avexport.bat 2006-09-24 07:37 126,976 --a------ C:\zip.exe 2006-09-19 17:00 57,384 --a------ C:\WINDOWS\system32\avsda.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-24 14:11 60416 --a------ C:\WINDOWS\system32\drivers\jcjynidt.sys 2006-09-24 14:04 -------- d-------- C:\Dokumente und Einstellungen\Ren‚\Anwendungsdaten\AdobeUM 2006-09-24 14:02 60416 --a------ C:\WINDOWS\system32\drivers\dbpptvnl.sys 2006-09-24 13:57 60416 --a------ C:\WINDOWS\system32\drivers\tkcpslpv.sys 2006-09-24 13:52 60416 --a------ C:\WINDOWS\system32\drivers\uttbgyci.sys 2006-09-24 13:51 60416 --a------ C:\WINDOWS\system32\drivers\tmraqlfx.sys 2006-09-19 17:52 -------- d-------- C:\Programme\Windows Media Player 2006-09-19 17:51 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic 2006-08-27 11:55 -------- d-------- C:\Programme\World of Warcraft (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe" "updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe" "Microsoft Works Portfolio"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe" "C-Media Mixer"="Mixer.exe /startup" "RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe" "nwiz"="nwiz.exe /install" "Corel Reminder"="" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "hrnkcmlu"="C:\\pjupgjnb.bat" "kposouyh"="C:\\pleduidp.bat" "wsggahtf"="C:\\pb^nymju.bat" "iyausbeg"="C:\\hfgkohli.bat" "ceucsnbh"="C:\\ccljnnls.bat" "tonnppko"="C:\\hjjxhlac.bat" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: 06-09-24 14:34:54.78 ComboFix.txt ComboFix2.txt ComboFix3.txt Logfile of HijackThis v1.99.1 Scan saved at 14:35, on 06-09-24 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Telekom\Eumex 704PC LAN\HNetCtrl.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Microsoft Office\Office10\msoffice.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\René\Desktop\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [hrnkcmlu] C:\pjupgjnb.bat O4 - HKLM\..\Run: [kposouyh] C:\pleduidp.bat O4 - HKLM\..\Run: [wsggahtf] C:\pb^nymju.bat O4 - HKLM\..\Run: [iyausbeg] C:\hfgkohli.bat O4 - HKLM\..\Run: [ceucsnbh] C:\ccljnnls.bat O4 - HKLM\..\Run: [tonnppko] C:\hjjxhlac.bat O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 O4 - Global Startup: HomeNet Control.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MedionShop - {FB7C19EE-F934-44AC-9AFC-EB60504D3B9E} - http://www.medionshop.de (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.mp3-projekt.de/InstallationsAssistent.ocx O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Übrigens: meine interexplorer-Startseite ist wieder da, folgende Fehlermeldung erscheint jedoch immer noch bei jedem (Neu-)Start als erstes: "cmd.exe - kein Datenträger Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR6" Vorab vielen Dank!

24.09.2006, 14:53 Sabina Ehrenmitglied Beiträge: 29434	#17 Bolloman virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\rave.exe C:\photopnt.exe C:\coreldrw.exe poste den report --------------------------------------------------------- Pocket KillBox http://virus-protect.org/killbox.html Options: "Delete on Reboot" und "Single File"--> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ..... C:\backup.reg C:\hjjxhlac.bat C:\avexport.bat C:\ccljnnls.bat C:\hfgkohli.bat C:\pb^nymju.bat C:\pleduidp.bat C:\WINDOWS\system32\drivers\jcjynidt.sys C:\WINDOWS\system32\drivers\dbpptvnl.sys C:\WINDOWS\system32\drivers\tkcpslpv.sys C:\WINDOWS\system32\drivers\uttbgyci.sys C:\WINDOWS\system32\drivers\tmraqlfx.sys PC neustarten öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [hrnkcmlu] C:\pjupgjnb.bat O4 - HKLM\..\Run: [kposouyh] C:\pleduidp.bat O4 - HKLM\..\Run: [wsggahtf] C:\pb^nymju.bat O4 - HKLM\..\Run: [iyausbeg] C:\hfgkohli.bat O4 - HKLM\..\Run: [ceucsnbh] C:\ccljnnls.bat O4 - HKLM\..\Run: [tonnppko] C:\hjjxhlac.bat PC neustarten scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html --------------------------------------------- __________ MfG Sabina rund um die PC-Sicherheit

24.09.2006, 16:42 Bolloman ...neu hier Beiträge: 9	#18 Hallo Sabina, Situation scheint sich zu stabilisieren, nach dem Neustart kam der Datenträger-Fehler nicht mehr. Anbei die logs: Antivirus Version Update Result AntiVir 7.2.0.18 09.23.2006 no virus found Authentium 4.93.8 09.23.2006 no virus found Avast 4.7.844.0 09.22.2006 no virus found AVG 386 09.22.2006 no virus found BitDefender 7.2 09.24.2006 no virus found CAT-QuickHeal 8.00 09.22.2006 no virus found ClamAV devel-20060426 09.24.2006 no virus found DrWeb 4.33 09.22.2006 no virus found eTrust-InoculateIT 23.73.4 09.24.2006 no virus found eTrust-Vet 30.3.3093 09.22.2006 no virus found Ewido 4.0 09.24.2006 no virus found Fortinet 2.82.0.0 09.24.2006 no virus found F-Prot 3.16f 09.23.2006 no virus found F-Prot4 4.2.1.29 09.23.2006 no virus found Ikarus 0.2.65.0 09.23.2006 no virus found Kaspersky 4.0.2.24 09.24.2006 no virus found McAfee 4858 09.22.2006 no virus found Microsoft 1.1560 09.24.2006 no virus found NOD32v2 1.1771 09.23.2006 no virus found Norman 5.90.23 09.22.2006 no virus found Panda 9.0.0.4 09.24.2006 no virus found Sophos 4.09.0 09.24.2006 no virus found Symantec 8.0 09.24.2006 no virus found TheHacker 6.0.1.078 09.24.2006 no virus found UNA 1.83 09.22.2006 no virus found VBA32 3.11.1 09.24.2006 no virus found VirusBuster 4.3.7:9 09.24.2006 no virus found Aditional Information File size: 1 bytes MD5: c4ca4238a0b923820dcc509a6f75849b SHA1: 356a192b7913b04c54574d18c28d46e6395428ab Antivirus Version Update Result AntiVir 7.2.0.18 09.23.2006 no virus found Authentium 4.93.8 09.23.2006 no virus found Avast 4.7.844.0 09.22.2006 no virus found AVG 386 09.22.2006 no virus found BitDefender 7.2 09.24.2006 no virus found CAT-QuickHeal 8.00 09.22.2006 no virus found ClamAV devel-20060426 09.24.2006 no virus found DrWeb 4.33 09.22.2006 no virus found eTrust-InoculateIT 23.73.4 09.24.2006 no virus found eTrust-Vet 30.3.3093 09.22.2006 no virus found Ewido 4.0 09.24.2006 no virus found Fortinet 2.82.0.0 09.24.2006 no virus found F-Prot 3.16f 09.23.2006 no virus found F-Prot4 4.2.1.29 09.23.2006 no virus found Ikarus 0.2.65.0 09.23.2006 no virus found Kaspersky 4.0.2.24 09.24.2006 no virus found McAfee 4858 09.22.2006 no virus found Microsoft 1.1560 09.24.2006 no virus found NOD32v2 1.1771 09.23.2006 no virus found Norman 5.90.23 09.22.2006 no virus found Panda 9.0.0.4 09.24.2006 no virus found Sophos 4.09.0 09.24.2006 no virus found Symantec 8.0 09.24.2006 no virus found TheHacker 6.0.1.078 09.24.2006 no virus found UNA 1.83 09.22.2006 no virus found VBA32 3.11.1 09.24.2006 no virus found VirusBuster 4.3.7:9 09.24.2006 no virus found Aditional Information File size: 1 bytes STATUS: FINISHEDComplete scanning result of "rave.exe", received in VirusTotal at 09.24.2006, 15:11:17 (CET). Antivirus Version Update Result AntiVir 7.2.0.18 09.23.2006 no virus found Authentium 4.93.8 09.23.2006 no virus found Avast 4.7.844.0 09.22.2006 no virus found AVG 386 09.22.2006 no virus found BitDefender 7.2 09.24.2006 no virus found CAT-QuickHeal 8.00 09.22.2006 no virus found ClamAV devel-20060426 09.24.2006 no virus found DrWeb 4.33 09.22.2006 no virus found eTrust-InoculateIT 23.73.4 09.24.2006 no virus found eTrust-Vet 30.3.3093 09.22.2006 no virus found Ewido 4.0 09.24.2006 no virus found Fortinet 2.82.0.0 09.24.2006 no virus found F-Prot 3.16f 09.23.2006 no virus found F-Prot4 4.2.1.29 09.23.2006 no virus found Ikarus 0.2.65.0 09.23.2006 no virus found Kaspersky 4.0.2.24 09.24.2006 no virus found McAfee 4858 09.22.2006 no virus found Microsoft 1.1560 09.24.2006 no virus found NOD32v2 1.1771 09.23.2006 no virus found Norman 5.90.23 09.22.2006 no virus found Panda 9.0.0.4 09.24.2006 no virus found Sophos 4.09.0 09.24.2006 no virus found Symantec 8.0 09.24.2006 no virus found TheHacker 6.0.1.078 09.24.2006 no virus found UNA 1.83 09.22.2006 no virus found VBA32 3.11.1 09.24.2006 no virus found VirusBuster 4.3.7:9 09.23.2006 no virus found Aditional Information File size: 1 bytes MD5: eccbc87e4b5ce2fe28308fd9f2a7baf3 SHA1: 77de68daecd823babbb58edb1c8e14d7106e83bb ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Dialer.Generic Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial Risk: High Name: Dialer.Generic Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial\CLSID Risk: High Name: Dialer.Generic Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial\CurVer Risk: High Name: Dialer.Generic Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial.1 Risk: High Name: Dialer.Generic Path: HKLM\SOFTWARE\IntexusDial Risk: High Name: Adware.Generic Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Risk: Medium Name: Adware.Generic Path: HKU\S-1-5-21-1434109735-1774555873-3433309461-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b} Risk: Medium Name: Adware.Msnagent Path: C:\backup-06-09-24- 7.56.56.65.zip/avenger/{C46867D7-4B61-47CF-AFD0-DC5C69C7606F}.exe Risk: Medium Name: Rootkit.Agent.cf Path: C:\backup-06-09-24-13.59.14.54.zip/avenger/ntio256.sys.ren Risk: High Name: Proxy.Wopla.ac Path: C:\backup-06-09-24-13.59.14.54.zip/avenger/protector.exe.ren Risk: High Name: Trojan.NoClose.i Path: C:\Dokumente und Einstellungen\Silvia\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M3AH6783\exitpoplighthostsk[1].htm Risk: High Name: Adware.MemoryWatcher Path: C:\Programme\MemoryWatcher Risk: Medium Name: Adware.MemoryWatcher Path: C:\Programme\MemoryWatcher\EULA.URL Risk: Medium Name: Adware.Gator Path: C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll Risk: Medium Vielen Dank für die schnellen Antworten.

24.09.2006, 16:53 Sabina Ehrenmitglied Beiträge: 29434	#19 gehe in die registry Start - Ausfuehren - regedit «« bearbeiten - suchen - IntexusDial HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial -> loeschen «« bearbeiten - suchen - {6af69c4d-420a-4c95-b34f-e4635f84f53b} HKU\S-1-5-21-1434109735-1774555873-3433309461-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\ {6af69c4d-420a-4c95-b34f-e4635f84f53b} -> loeschen «« bearbeiten - suchen - IEAccess HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEAccess2.IEDial HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EAccess2.IEDial.1 -> loeschen «« bearbeiten - suchen - {c95fe080-8f5d-11d2-a20b-00aa003c157a} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> loeschen ---------------------------------------------------------- Avenger Zitat Files to delete: C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll C:\Dokumente und Einstellungen\Silvia\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M3AH6783\exitpoplighthostsk[1].htm Folders to delete: C:\Programme\MemoryWatcher PC neustarten loesche alle backups vom avenger C:\backup-06-09-24- 7.56.56.65.zip..und die anderen....... poste noch mal die 4 logs von datfindbat « __________ MfG Sabina rund um die PC-Sicherheit

24.09.2006, 18:30 Ruetz Herman ...neu hier Beiträge: 3	#20 Hallo Sabina! Hier die txt von Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\evwgwrue ***************** Script file located at: \??\I:\vslssfig.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at I:\Avenger *************** Beginning to process script file: File I:\WINDOWS\system32\zphnok.dll deleted successfully. File I:\Dokumente und Einstellungen\Hermann Ruetz\Anwendungsdaten\errorsafefreeinstall_de[1].exe deleted successfully. Folder I:\Programme\Error Safe not found! Deletion of folder I:\Programme\Error Safe failed! Could not process line: I:\Programme\Error Safe Status: 0xc0000034 Folder I:\Programme\MPVIDEOCODEC deleted successfully. Folder I:\Programme\Spy-Heal deleted successfully. Folder I:\Programme\vb deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\ErrorSafe not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\ErrorSafe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96E6B1C3-B5D0-89CC-4909-92D85A48B1A0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8407F578-6FA7-446A-8852-53E6A147472E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8407F578-6FA7-446A-8852-53E6A147472E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85A126D1-2706-443D-9979-8841A1C5B482} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85A126D1-2706-443D-9979-8841A1C5B482} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70305bc2-b289-4209-a344-be21f22bc930} deleted successfully. Completed script processing. ***************** Finished! Terminate. Bitte um weitere Unterstützung, danke

24.09.2006, 20:03 Sabina Ehrenmitglied Beiträge: 29434	#21 Ruetz Herman arbeite noch hijackThis ab und scanne mit smitfraudfix (schaue auf der anderen Seite, meine Anleitung) dann berichte __________ MfG Sabina rund um die PC-Sicherheit

24.09.2006, 21:02 Bolloman ...neu hier Beiträge: 9	#22 Hallo Sabina, habe mich wohl zu früh gefreut, der "cmd.exe - kein Datenträger Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR6" war nach dem Neustart nach dem avenger wieder da. Die IntexusDial {6af69c4d-420a-4c95-b34f-e4635f84f53b} IEAccess wurden nicht gefunden, die {c95fe080-8f5d-11d2-a20b-00aa003c157a} konnte ich löschen. Hier der Log vom Avenger bzw. die 4 Logs vom datfindbat: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ffccvkyo ***************** Script file located at: \??\C:\WINDOWS\aoiojlkx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll deleted successfully. File C:\Dokumente und Einstellungen\Silvia\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M3AH6783\exitpoplighthostsk[1].htm deleted successfully. Folder C:\Programme\MemoryWatcher deleted successfully. Completed script processing. ***************** Finished! Terminate. Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\ 06-09-24 20:54 0 sys.txt 06-09-24 20:54 12,193 system.txt 06-09-24 20:54 429 systemtemp.txt 06-09-24 20:54 97,502 system32.txt 06-09-24 20:49 536,399,872 hiberfil.sys 06-09-24 20:49 402,653,184 pagefile.sys 06-09-24 20:49 1,994 avenger.txt 06-09-24 14:34 5,072 ComboFix.txt 06-09-24 08:03 5,398 ComboFix2.txt 06-09-24 07:53 1,144 rapport.txt 06-09-19 20:56 113,300 dirdat.txt 06-09-19 16:39 128 ComboFix3.txt 05-12-28 10:50 2,301 routcnf.txt 05-10-28 07:52 3,515 INSTALL.LOG 05-04-16 05:23 365 log.txt 04-02-13 20:41 47,580 NTDETECT.COM 04-02-13 20:41 235,296 ntldr 03-11-28 22:02 211 SOFTBALL.PRO 03-11-28 22:02 6 SOFTBALL.STA 03-11-28 22:02 660 SOFTBALL.HGH 03-11-11 23:58 0 TDSLCheck.txt 03-03-01 14:35 32 BLOCKOUT.SET 02-05-10 12:24 194 boot.ini 01-12-14 00:54 124 TOnlProt.log 01-09-24 16:46 164 IPH.PH 01-09-15 23:23 0 AUTOEXEC.BAT 01-09-15 23:23 0 MSDOS.SYS 01-09-15 23:23 0 IO.SYS 01-08-18 14:00 4,952 bootfont.bin 01-05-24 12:59 162,304 UNWISE.EXE 00-12-06 12:53 1 rave.exe 00-12-06 12:52 1 photopnt.exe 00-12-06 12:07 1 coreldrw.exe 00-07-15 03:57 15,375 wkhlpqms.hlp 34 Datei(en) 939,763,298 Bytes 0 Verzeichnis(se), 18,453,164,032 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\WINDOWS\system32 06-09-24 05:53 1,158 wpa.dbl 06-09-19 17:31 315,764 perfh009.dat 06-09-19 17:31 42,050 perfc009.dat 06-09-19 17:31 321,382 perfh007.dat 06-09-19 17:31 50,728 perfc007.dat 06-09-19 17:31 735,332 PerfStringBackup.INI 06-06-02 11:04 57,384 avsda.dll 06-03-18 21:51 34,064 lhacm.acm 05-09-09 14:25 94,208 EUMEX4SP.TSP 05-09-09 14:25 143,360 CAPI2032.DLL 05-04-14 20:26 16,832 amcompat.tlb 05-04-14 20:26 23,392 nscompat.tlb Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\WINDOWS 06-09-24 20:50 0 0.log 06-09-24 20:50 3,880 ModemLog_V9X HAM 1394V.txt 06-09-24 20:50 159 wiadebug.log 06-09-24 20:50 50 wiaservc.log 06-09-24 20:49 2,048 bootstat.dat 06-09-24 20:48 32,544 SchedLgU.Txt 06-09-24 15:37 208,554 setupapi.log 06-09-24 07:55 226,904 ntbtlog.txt 06-09-24 07:55 213,900 setupact.log 06-09-19 17:32 19,537 iis6.log 06-09-19 17:32 53,861 comsetup.log 06-09-19 17:32 35,683 ntdtcsetup.log 06-09-19 17:32 4,566 imsins.log 06-09-19 17:32 73,056 tsoc.log 06-09-19 17:32 7,870 ocmsn.log 06-09-19 17:32 112,334 ocgen.log 06-09-19 17:32 7,924 msgsocm.log 06-09-19 17:32 159,319 FaxSetup.log 06-09-18 00:50 81,726 wmsetup.log 06-08-21 04:09 1,501 IE4 Error Log.txt 06-08-21 03:59 346 system.ini 06-08-03 20:11 4,096 d3dx.dat 06-08-03 20:08 77,840 DirectX.log 06-07-30 18:28 103,532 War3Unin.dat 06-05-23 12:19 1,071 AWMODEM.INF 06-05-21 13:04 1,409 QTFont.for 06-05-21 13:04 54,156 QTFont.qfn 06-04-01 03:17 487 Capictrl.INI 06-02-24 06:14 796 stwin05.ini 06-02-24 06:13 810 d2hnav.ini 06-02-11 18:14 133,142 Windows Update.log 06-01-02 23:02 538 WINPHONE.INI Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\DOKUME~1\REN~1\LOKALE~1\Temp 06-09-24 20:50 16,384 Perflib_Perfdata_6c0.dat 06-09-24 20:48 14,038 Des3.tmp 06-09-24 15:05 13,078 Des2.tmp 06-09-24 14:55 16,384 ~DFBA94.tmp 4 Datei(en) 59,884 Bytes 0 Verzeichnis(se), 18,453,172,224 Bytes frei Vielen Dank!

24.09.2006, 21:10 Sabina Ehrenmitglied Beiträge: 29434	#23 Bolloman «« poste das neue log von combofix «« poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit

24.09.2006, 22:04 Bolloman ...neu hier Beiträge: 9	#24 Hallo Sabina, anbei die Logs: Ren‚ - 06-09-24 22:00:16.75 Service Pack 1 ComboFix 06.09.23.2 - Running from: "C:\Dokumente und Einstellungen\Ren‚\Desktop\Combofix" ((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 )))))))))))))))))))))))))))))))))) 2006-09-19 17:00 57,384 --a------ C:\WINDOWS\system32\avsda.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-24 14:04 -------- d-------- C:\Dokumente und Einstellungen\Ren‚\Anwendungsdaten\AdobeUM 2006-09-19 17:52 -------- d-------- C:\Programme\Windows Media Player 2006-09-19 17:51 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic 2006-08-27 11:55 -------- d-------- C:\Programme\World of Warcraft (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe" "updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe" "Microsoft Works Portfolio"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe" "C-Media Mixer"="Mixer.exe /startup" "RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe" "nwiz"="nwiz.exe /install" "Corel Reminder"="" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: 06-09-24 22:01:47.87 ComboFix.txt ComboFix2.txt ComboFix3.txt Logfile of HijackThis v1.99.1 Scan saved at 22:02, on 06-09-24 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Telekom\Eumex 704PC LAN\HNetCtrl.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Microsoft Office\Office10\msoffice.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\René\Desktop\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 O4 - Global Startup: HomeNet Control.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MedionShop - {FB7C19EE-F934-44AC-9AFC-EB60504D3B9E} - http://www.medionshop.de (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.mp3-projekt.de/InstallationsAssistent.ocx O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Danke!

25.09.2006, 09:53 Ruetz Herman ...neu hier Beiträge: 3	#25 Hallo Sabina! Danke für Deine professionelle Unterstützung. Läuft wieder alles wie gewohnt. Danke

25.09.2006, 11:11 Sabina Ehrenmitglied Beiträge: 29434	#26 Bolloman «« loesche den Avenger und die Combofix, mache die WindowsUpdates - lade SP2 «« TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner dann berichte, wie es laeuft __________ MfG Sabina rund um die PC-Sicherheit

01.10.2006, 17:26 Bolloman ...neu hier Beiträge: 9	#27 Hallo Sabina, habe Anweisungen vom 25.09.06 ausgeführt, System läuft stabil und unauffällig. Auch der Trojaner "TR/SrchSpy.G", den Antivir immer mal wieder aufgespürt hatte, wird seither nicht mehr gefunden. In der Hoffnung, dass nun alles in Ordnung ist, möchte ich mich verabschieden und vielmals bei Dir für die schnelle und professionelle Hilfe bedanken - das war echt super! Erleichterte Grüße vom Bolloman

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2