Bin leider auch ein Virus-Burst-Geschädigter :(

Thema ist geschlossen!
Thema ist geschlossen!
24.09.2006, 14:44
...neu hier

Beiträge: 9
#16 Hallo Sabina,

hier die gewünschten Logs, der Avenger erzeugt jedoch folgende Fehlermeldung:

"//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error: could not create new script file.
Error code: 0
Error logged to errorlog.txt. Aborting now!"

Hier die Logs, die funktioniert haben:

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94

Verzeichnis von C:\

06-09-24 14:20 0 sys.txt
06-09-24 14:20 12,193 system.txt
06-09-24 14:20 338 systemtemp.txt
06-09-24 14:19 97,502 system32.txt
06-09-24 14:13 22 backup-06-09-24-14.13.27.37.zip
06-09-24 14:13 0 backup.reg
06-09-24 14:13 536,399,872 hiberfil.sys
06-09-24 14:13 402,653,184 pagefile.sys
06-09-24 14:12 9,002 avenger.txt
06-09-24 14:12 1,080 hjjxhlac.bat
06-09-24 14:11 2,748 avexport.bat
06-09-24 14:04 1,473 backup-06-09-24-14.13.27.00.zip
06-09-24 14:02 1,080 ccljnnls.bat
06-09-24 13:59 22 backup-06-09-24-14.04.16.45.zip
06-09-24 13:57 1,080 hfgkohli.bat
06-09-24 13:54 45,700 backup-06-09-24-13.59.14.54.zip
06-09-24 13:52 1,080 pb^nymju.bat
06-09-24 13:51 1,080 pleduidp.bat
06-09-24 08:03 5,398 ComboFix.txt
06-09-24 07:53 1,144 rapport.txt
06-09-24 07:38 592,604 backup-06-09-24- 7.56.56.65.zip
06-09-24 07:37 126,976 zip.exe
06-09-19 20:56 113,300 dirdat.txt
06-09-19 16:39 128 ComboFix2.txt
06-09-19 16:36 128 ComboFix3.txt
06-09-19 16:11 1,068,421 backup-06-09-24- 7.38.49.23.zip
05-12-28 10:50 2,301 routcnf.txt
05-10-28 07:52 3,515 INSTALL.LOG
05-04-16 05:23 365 log.txt
04-02-13 20:41 47,580 NTDETECT.COM
04-02-13 20:41 235,296 ntldr
03-11-28 22:02 211 SOFTBALL.PRO
03-11-28 22:02 6 SOFTBALL.STA
03-11-28 22:02 660 SOFTBALL.HGH
03-11-11 23:58 0 TDSLCheck.txt
03-03-01 14:35 32 BLOCKOUT.SET
02-05-10 12:24 194 boot.ini
01-12-14 00:54 124 TOnlProt.log
01-09-24 16:46 164 IPH.PH
01-09-15 23:23 0 IO.SYS
01-09-15 23:23 0 MSDOS.SYS
01-09-15 23:23 0 AUTOEXEC.BAT
01-08-18 14:00 4,952 bootfont.bin
01-05-24 12:59 162,304 UNWISE.EXE
00-12-06 12:53 1 rave.exe
00-12-06 12:52 1 photopnt.exe
00-12-06 12:07 1 coreldrw.exe
00-07-15 03:57 15,375 wkhlpqms.hlp
48 Datei(en) 941,608,637 Bytes
0 Verzeichnis(se), 18,397,556,736 Bytes frei

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94

Verzeichnis von C:\WINDOWS\system32

06-09-24 05:53 1,158 wpa.dbl
06-09-19 17:31 315,764 perfh009.dat
06-09-19 17:31 42,050 perfc009.dat
06-09-19 17:31 321,382 perfh007.dat
06-09-19 17:31 50,728 perfc007.dat
06-09-19 17:31 735,332 PerfStringBackup.INI
06-06-02 11:04 57,384 avsda.dll
06-03-18 21:51 34,064 lhacm.acm
05-09-09 14:25 94,208 EUMEX4SP.TSP
05-09-09 14:25 143,360 CAPI2032.DLL
05-04-14 20:26 16,832 amcompat.tlb
05-04-14 20:26 23,392 nscompat.tlb


Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94

Verzeichnis von C:\WINDOWS

06-09-24 14:17 159 wiadebug.log
06-09-24 14:16 0 0.log
06-09-24 14:14 3,880 ModemLog_V9X HAM 1394V.txt
06-09-24 14:14 50 wiaservc.log
06-09-24 14:13 2,048 bootstat.dat
06-09-24 14:12 32,544 SchedLgU.Txt
06-09-24 11:06 208,064 setupapi.log
06-09-24 07:55 226,904 ntbtlog.txt
06-09-24 07:55 213,900 setupact.log
06-09-19 17:32 19,537 iis6.log
06-09-19 17:32 53,861 comsetup.log
06-09-19 17:32 35,683 ntdtcsetup.log
06-09-19 17:32 4,566 imsins.log
06-09-19 17:32 73,056 tsoc.log
06-09-19 17:32 7,870 ocmsn.log
06-09-19 17:32 112,334 ocgen.log
06-09-19 17:32 7,924 msgsocm.log
06-09-19 17:32 159,319 FaxSetup.log
06-09-18 00:50 81,726 wmsetup.log
06-08-21 04:09 1,501 IE4 Error Log.txt
06-08-21 03:59 346 system.ini
06-08-03 20:11 4,096 d3dx.dat
06-08-03 20:08 77,840 DirectX.log
06-07-30 18:28 103,532 War3Unin.dat
06-05-23 12:19 1,071 AWMODEM.INF
06-05-21 13:04 1,409 QTFont.for
06-05-21 13:04 54,156 QTFont.qfn
06-04-01 03:17 487 Capictrl.INI
06-02-24 06:14 796 stwin05.ini
06-02-24 06:13 810 d2hnav.ini
06-02-11 18:14 133,142 Windows Update.log
06-01-02 23:02 538 WINPHONE.INI

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94

Verzeichnis von C:\DOKUME~1\REN~1\LOKALE~1\Temp

06-09-24 14:13 16,384 Perflib_Perfdata_718.dat
06-09-24 13:52 11,158 Des2.tmp
2 Datei(en) 27,542 Bytes
0 Verzeichnis(se), 18,397,597,696 Bytes frei


09/24/06 14:21:33 [Info]: BlackLight Engine 1.0.46 initialized
09/24/06 14:21:33 [Info]: OS: 5.1 build 2600 (Service Pack 1)
09/24/06 14:21:34 [Note]: 7019 4
09/24/06 14:21:34 [Note]: 7005 0
09/24/06 14:21:37 [Note]: 7006 0
09/24/06 14:21:37 [Note]: 7011 1484
09/24/06 14:21:38 [Note]: 7026 0
09/24/06 14:21:38 [Note]: 7026 0
09/24/06 14:21:50 [Note]: FSRAW library version 1.7.1019
09/24/06 14:26:21 [Note]: 2000 1006
09/24/06 14:26:51 [Note]: 7006 0
09/24/06 14:26:51 [Note]: 7011 1484
09/24/06 14:26:51 [Note]: 7026 0
09/24/06 14:26:51 [Note]: 7026 0
09/24/06 14:26:59 [Note]: FSRAW library version 1.7.1019
09/24/06 14:31:27 [Note]: 2000 1006
09/24/06 14:31:47 [Note]: 7007 0

Ren‚ - 06-09-24 14:33:23.26 Service Pack 1
ComboFix 06.09.23.2 - Running from: "C:\Dokumente und Einstellungen\Ren‚\Desktop\Combofix"

((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))


2006-09-24 14:13 0 --a------ C:\backup.reg
2006-09-24 14:12 1,080 --a------ C:\hjjxhlac.bat
2006-09-24 14:02 1,080 --a------ C:\ccljnnls.bat
2006-09-24 13:57 1,080 --a------ C:\hfgkohli.bat
2006-09-24 13:52 1,080 --a------ C:\pb^nymju.bat
2006-09-24 13:51 1,080 --a------ C:\pleduidp.bat
2006-09-24 07:37 2,748 --a------ C:\avexport.bat
2006-09-24 07:37 126,976 --a------ C:\zip.exe
2006-09-19 17:00 57,384 --a------ C:\WINDOWS\system32\avsda.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-24 14:11 60416 --a------ C:\WINDOWS\system32\drivers\jcjynidt.sys
2006-09-24 14:04 -------- d-------- C:\Dokumente und Einstellungen\Ren‚\Anwendungsdaten\AdobeUM
2006-09-24 14:02 60416 --a------ C:\WINDOWS\system32\drivers\dbpptvnl.sys
2006-09-24 13:57 60416 --a------ C:\WINDOWS\system32\drivers\tkcpslpv.sys
2006-09-24 13:52 60416 --a------ C:\WINDOWS\system32\drivers\uttbgyci.sys
2006-09-24 13:51 60416 --a------ C:\WINDOWS\system32\drivers\tmraqlfx.sys
2006-09-19 17:52 -------- d-------- C:\Programme\Windows Media Player
2006-09-19 17:51 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-08-27 11:55 -------- d-------- C:\Programme\World of Warcraft


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe"
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"Microsoft Works Portfolio"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"C-Media Mixer"="Mixer.exe /startup"
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe"
"nwiz"="nwiz.exe /install"
"Corel Reminder"=""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"hrnkcmlu"="C:\\pjupgjnb.bat"
"kposouyh"="C:\\pleduidp.bat"
"wsggahtf"="C:\\pb^nymju.bat"
"iyausbeg"="C:\\hfgkohli.bat"
"ceucsnbh"="C:\\ccljnnls.bat"
"tonnppko"="C:\\hjjxhlac.bat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-09-24 14:34:54.78
ComboFix.txt
ComboFix2.txt
ComboFix3.txt


Logfile of HijackThis v1.99.1
Scan saved at 14:35, on 06-09-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Telekom\Eumex 704PC LAN\HNetCtrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Microsoft Office\Office10\msoffice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\René\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [hrnkcmlu] C:\pjupgjnb.bat
O4 - HKLM\..\Run: [kposouyh] C:\pleduidp.bat
O4 - HKLM\..\Run: [wsggahtf] C:\pb^nymju.bat
O4 - HKLM\..\Run: [iyausbeg] C:\hfgkohli.bat
O4 - HKLM\..\Run: [ceucsnbh] C:\ccljnnls.bat
O4 - HKLM\..\Run: [tonnppko] C:\hjjxhlac.bat
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Global Startup: HomeNet Control.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MedionShop - {FB7C19EE-F934-44AC-9AFC-EB60504D3B9E} - http://www.medionshop.de (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.mp3-projekt.de/InstallationsAssistent.ocx
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Übrigens: meine interexplorer-Startseite ist wieder da, folgende Fehlermeldung erscheint jedoch immer noch bei jedem (Neu-)Start als erstes:

"cmd.exe - kein Datenträger

Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR6"

Vorab vielen Dank!
Seitenanfang Seitenende
24.09.2006, 14:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 Bolloman

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\rave.exe
C:\photopnt.exe
C:\coreldrw.exe


poste den report

---------------------------------------------------------

Pocket KillBox
http://virus-protect.org/killbox.html

Options: "Delete on Reboot" und "Single File"--> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: .....

C:\backup.reg
C:\hjjxhlac.bat
C:\avexport.bat
C:\ccljnnls.bat
C:\hfgkohli.bat
C:\pb^nymju.bat
C:\pleduidp.bat
C:\WINDOWS\system32\drivers\jcjynidt.sys
C:\WINDOWS\system32\drivers\dbpptvnl.sys
C:\WINDOWS\system32\drivers\tkcpslpv.sys
C:\WINDOWS\system32\drivers\uttbgyci.sys
C:\WINDOWS\system32\drivers\tmraqlfx.sys

PC neustarten


öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [hrnkcmlu] C:\pjupgjnb.bat
O4 - HKLM\..\Run: [kposouyh] C:\pleduidp.bat
O4 - HKLM\..\Run: [wsggahtf] C:\pb^nymju.bat
O4 - HKLM\..\Run: [iyausbeg] C:\hfgkohli.bat
O4 - HKLM\..\Run: [ceucsnbh] C:\ccljnnls.bat
O4 - HKLM\..\Run: [tonnppko] C:\hjjxhlac.bat

PC neustarten

scanne mit ewido und poste den scanreport
http://virus-protect.org/ewido.html

---------------------------------------------
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.09.2006, 16:42
...neu hier

Beiträge: 9
#18 Hallo Sabina,

Situation scheint sich zu stabilisieren, nach dem Neustart kam der Datenträger-Fehler nicht mehr.

Anbei die logs:

Antivirus Version Update Result
AntiVir 7.2.0.18 09.23.2006 no virus found
Authentium 4.93.8 09.23.2006 no virus found
Avast 4.7.844.0 09.22.2006 no virus found
AVG 386 09.22.2006 no virus found
BitDefender 7.2 09.24.2006 no virus found
CAT-QuickHeal 8.00 09.22.2006 no virus found
ClamAV devel-20060426 09.24.2006 no virus found
DrWeb 4.33 09.22.2006 no virus found
eTrust-InoculateIT 23.73.4 09.24.2006 no virus found
eTrust-Vet 30.3.3093 09.22.2006 no virus found
Ewido 4.0 09.24.2006 no virus found
Fortinet 2.82.0.0 09.24.2006 no virus found
F-Prot 3.16f 09.23.2006 no virus found
F-Prot4 4.2.1.29 09.23.2006 no virus found
Ikarus 0.2.65.0 09.23.2006 no virus found
Kaspersky 4.0.2.24 09.24.2006 no virus found
McAfee 4858 09.22.2006 no virus found
Microsoft 1.1560 09.24.2006 no virus found
NOD32v2 1.1771 09.23.2006 no virus found
Norman 5.90.23 09.22.2006 no virus found
Panda 9.0.0.4 09.24.2006 no virus found
Sophos 4.09.0 09.24.2006 no virus found
Symantec 8.0 09.24.2006 no virus found
TheHacker 6.0.1.078 09.24.2006 no virus found
UNA 1.83 09.22.2006 no virus found
VBA32 3.11.1 09.24.2006 no virus found
VirusBuster 4.3.7:9 09.24.2006 no virus found


Aditional Information
File size: 1 bytes
MD5: c4ca4238a0b923820dcc509a6f75849b
SHA1: 356a192b7913b04c54574d18c28d46e6395428ab


Antivirus Version Update Result
AntiVir 7.2.0.18 09.23.2006 no virus found
Authentium 4.93.8 09.23.2006 no virus found
Avast 4.7.844.0 09.22.2006 no virus found
AVG 386 09.22.2006 no virus found
BitDefender 7.2 09.24.2006 no virus found
CAT-QuickHeal 8.00 09.22.2006 no virus found
ClamAV devel-20060426 09.24.2006 no virus found
DrWeb 4.33 09.22.2006 no virus found
eTrust-InoculateIT 23.73.4 09.24.2006 no virus found
eTrust-Vet 30.3.3093 09.22.2006 no virus found
Ewido 4.0 09.24.2006 no virus found
Fortinet 2.82.0.0 09.24.2006 no virus found
F-Prot 3.16f 09.23.2006 no virus found
F-Prot4 4.2.1.29 09.23.2006 no virus found
Ikarus 0.2.65.0 09.23.2006 no virus found
Kaspersky 4.0.2.24 09.24.2006 no virus found
McAfee 4858 09.22.2006 no virus found
Microsoft 1.1560 09.24.2006 no virus found
NOD32v2 1.1771 09.23.2006 no virus found
Norman 5.90.23 09.22.2006 no virus found
Panda 9.0.0.4 09.24.2006 no virus found
Sophos 4.09.0 09.24.2006 no virus found
Symantec 8.0 09.24.2006 no virus found
TheHacker 6.0.1.078 09.24.2006 no virus found
UNA 1.83 09.22.2006 no virus found
VBA32 3.11.1 09.24.2006 no virus found
VirusBuster 4.3.7:9 09.24.2006 no virus found


Aditional Information
File size: 1 bytes

STATUS: FINISHEDComplete scanning result of "rave.exe", received in VirusTotal at 09.24.2006, 15:11:17 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.18 09.23.2006 no virus found
Authentium 4.93.8 09.23.2006 no virus found
Avast 4.7.844.0 09.22.2006 no virus found
AVG 386 09.22.2006 no virus found
BitDefender 7.2 09.24.2006 no virus found
CAT-QuickHeal 8.00 09.22.2006 no virus found
ClamAV devel-20060426 09.24.2006 no virus found
DrWeb 4.33 09.22.2006 no virus found
eTrust-InoculateIT 23.73.4 09.24.2006 no virus found
eTrust-Vet 30.3.3093 09.22.2006 no virus found
Ewido 4.0 09.24.2006 no virus found
Fortinet 2.82.0.0 09.24.2006 no virus found
F-Prot 3.16f 09.23.2006 no virus found
F-Prot4 4.2.1.29 09.23.2006 no virus found
Ikarus 0.2.65.0 09.23.2006 no virus found
Kaspersky 4.0.2.24 09.24.2006 no virus found
McAfee 4858 09.22.2006 no virus found
Microsoft 1.1560 09.24.2006 no virus found
NOD32v2 1.1771 09.23.2006 no virus found
Norman 5.90.23 09.22.2006 no virus found
Panda 9.0.0.4 09.24.2006 no virus found
Sophos 4.09.0 09.24.2006 no virus found
Symantec 8.0 09.24.2006 no virus found
TheHacker 6.0.1.078 09.24.2006 no virus found
UNA 1.83 09.22.2006 no virus found
VBA32 3.11.1 09.24.2006 no virus found
VirusBuster 4.3.7:9 09.23.2006 no virus found


Aditional Information
File size: 1 bytes
MD5: eccbc87e4b5ce2fe28308fd9f2a7baf3
SHA1: 77de68daecd823babbb58edb1c8e14d7106e83bb


ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________



Name: Dialer.Generic
Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial
Risk: High

Name: Dialer.Generic
Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial\CLSID
Risk: High

Name: Dialer.Generic
Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial\CurVer
Risk: High

Name: Dialer.Generic
Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial.1
Risk: High

Name: Dialer.Generic
Path: HKLM\SOFTWARE\IntexusDial
Risk: High

Name: Adware.Generic
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-1434109735-1774555873-3433309461-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}
Risk: Medium

Name: Adware.Msnagent
Path: C:\backup-06-09-24- 7.56.56.65.zip/avenger/{C46867D7-4B61-47CF-AFD0-DC5C69C7606F}.exe
Risk: Medium

Name: Rootkit.Agent.cf
Path: C:\backup-06-09-24-13.59.14.54.zip/avenger/ntio256.sys.ren
Risk: High

Name: Proxy.Wopla.ac
Path: C:\backup-06-09-24-13.59.14.54.zip/avenger/protector.exe.ren
Risk: High

Name: Trojan.NoClose.i
Path: C:\Dokumente und Einstellungen\Silvia\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M3AH6783\exitpoplighthostsk[1].htm
Risk: High

Name: Adware.MemoryWatcher
Path: C:\Programme\MemoryWatcher
Risk: Medium

Name: Adware.MemoryWatcher
Path: C:\Programme\MemoryWatcher\EULA.URL
Risk: Medium

Name: Adware.Gator
Path: C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll
Risk: Medium

Vielen Dank für die schnellen Antworten.
Seitenanfang Seitenende
24.09.2006, 16:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 gehe in die registry
Start - Ausfuehren - regedit

««
bearbeiten - suchen - IntexusDial

HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial -> loeschen

««
bearbeiten - suchen - {6af69c4d-420a-4c95-b34f-e4635f84f53b}

HKU\S-1-5-21-1434109735-1774555873-3433309461-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\
{6af69c4d-420a-4c95-b34f-e4635f84f53b} -> loeschen

««
bearbeiten - suchen - IEAccess

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEAccess2.IEDial
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EAccess2.IEDial.1
-> loeschen

««
bearbeiten - suchen -
{c95fe080-8f5d-11d2-a20b-00aa003c157a}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> loeschen

----------------------------------------------------------

Avenger

Zitat

Files to delete:
C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll
C:\Dokumente und Einstellungen\Silvia\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M3AH6783\exitpoplighthostsk[1].htm

Folders to delete:
C:\Programme\MemoryWatcher
PC neustarten

**
loesche alle backups vom avenger
C:\backup-06-09-24- 7.56.56.65.zip..und die anderen.......

**
poste noch mal die 4 logs von datfindbat



«
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.09.2006, 18:30
...neu hier

Beiträge: 3
#20 Hallo Sabina!

Hier die txt von Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\evwgwrue

*******************

Script file located at: \??\I:\vslssfig.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at I:\Avenger

*******************

Beginning to process script file:

File I:\WINDOWS\system32\zphnok.dll deleted successfully.
File I:\Dokumente und Einstellungen\Hermann Ruetz\Anwendungsdaten\errorsafefreeinstall_de[1].exe deleted successfully.


Folder I:\Programme\Error Safe not found!
Deletion of folder I:\Programme\Error Safe failed!

Could not process line:
I:\Programme\Error Safe
Status: 0xc0000034

Folder I:\Programme\MPVIDEOCODEC deleted successfully.
Folder I:\Programme\Spy-Heal deleted successfully.
Folder I:\Programme\vb deleted successfully.


Registry key HKEY_LOCAL_MACHINE\Software\ErrorSafe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\Software\ErrorSafe failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96E6B1C3-B5D0-89CC-4909-92D85A48B1A0} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8407F578-6FA7-446A-8852-53E6A147472E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8407F578-6FA7-446A-8852-53E6A147472E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85A126D1-2706-443D-9979-8841A1C5B482} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85A126D1-2706-443D-9979-8841A1C5B482} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70305bc2-b289-4209-a344-be21f22bc930} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Bitte um weitere Unterstützung, danke
Seitenanfang Seitenende
24.09.2006, 20:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 Ruetz Herman

arbeite noch hijackThis ab und scanne mit smitfraudfix (schaue auf der anderen Seite, meine Anleitung)
dann berichte ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.09.2006, 21:02
...neu hier

Beiträge: 9
#22 Hallo Sabina,

habe mich wohl zu früh gefreut, der

"cmd.exe - kein Datenträger

Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR6"

war nach dem Neustart nach dem avenger wieder da.

Die

IntexusDial
{6af69c4d-420a-4c95-b34f-e4635f84f53b}
IEAccess

wurden nicht gefunden, die

{c95fe080-8f5d-11d2-a20b-00aa003c157a}

konnte ich löschen.

Hier der Log vom Avenger bzw. die 4 Logs vom datfindbat:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ffccvkyo

*******************

Script file located at: \??\C:\WINDOWS\aoiojlkx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll deleted successfully.
File C:\Dokumente und Einstellungen\Silvia\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M3AH6783\exitpoplighthostsk[1].htm deleted successfully.
Folder C:\Programme\MemoryWatcher deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94

Verzeichnis von C:\

06-09-24 20:54 0 sys.txt
06-09-24 20:54 12,193 system.txt
06-09-24 20:54 429 systemtemp.txt
06-09-24 20:54 97,502 system32.txt
06-09-24 20:49 536,399,872 hiberfil.sys
06-09-24 20:49 402,653,184 pagefile.sys
06-09-24 20:49 1,994 avenger.txt
06-09-24 14:34 5,072 ComboFix.txt
06-09-24 08:03 5,398 ComboFix2.txt
06-09-24 07:53 1,144 rapport.txt
06-09-19 20:56 113,300 dirdat.txt
06-09-19 16:39 128 ComboFix3.txt
05-12-28 10:50 2,301 routcnf.txt
05-10-28 07:52 3,515 INSTALL.LOG
05-04-16 05:23 365 log.txt
04-02-13 20:41 47,580 NTDETECT.COM
04-02-13 20:41 235,296 ntldr
03-11-28 22:02 211 SOFTBALL.PRO
03-11-28 22:02 6 SOFTBALL.STA
03-11-28 22:02 660 SOFTBALL.HGH
03-11-11 23:58 0 TDSLCheck.txt
03-03-01 14:35 32 BLOCKOUT.SET
02-05-10 12:24 194 boot.ini
01-12-14 00:54 124 TOnlProt.log
01-09-24 16:46 164 IPH.PH
01-09-15 23:23 0 AUTOEXEC.BAT
01-09-15 23:23 0 MSDOS.SYS
01-09-15 23:23 0 IO.SYS
01-08-18 14:00 4,952 bootfont.bin
01-05-24 12:59 162,304 UNWISE.EXE
00-12-06 12:53 1 rave.exe
00-12-06 12:52 1 photopnt.exe
00-12-06 12:07 1 coreldrw.exe
00-07-15 03:57 15,375 wkhlpqms.hlp
34 Datei(en) 939,763,298 Bytes
0 Verzeichnis(se), 18,453,164,032 Bytes frei

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94

Verzeichnis von C:\WINDOWS\system32

06-09-24 05:53 1,158 wpa.dbl
06-09-19 17:31 315,764 perfh009.dat
06-09-19 17:31 42,050 perfc009.dat
06-09-19 17:31 321,382 perfh007.dat
06-09-19 17:31 50,728 perfc007.dat
06-09-19 17:31 735,332 PerfStringBackup.INI
06-06-02 11:04 57,384 avsda.dll
06-03-18 21:51 34,064 lhacm.acm
05-09-09 14:25 94,208 EUMEX4SP.TSP
05-09-09 14:25 143,360 CAPI2032.DLL
05-04-14 20:26 16,832 amcompat.tlb
05-04-14 20:26 23,392 nscompat.tlb

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94

Verzeichnis von C:\WINDOWS

06-09-24 20:50 0 0.log
06-09-24 20:50 3,880 ModemLog_V9X HAM 1394V.txt
06-09-24 20:50 159 wiadebug.log
06-09-24 20:50 50 wiaservc.log
06-09-24 20:49 2,048 bootstat.dat
06-09-24 20:48 32,544 SchedLgU.Txt
06-09-24 15:37 208,554 setupapi.log
06-09-24 07:55 226,904 ntbtlog.txt
06-09-24 07:55 213,900 setupact.log
06-09-19 17:32 19,537 iis6.log
06-09-19 17:32 53,861 comsetup.log
06-09-19 17:32 35,683 ntdtcsetup.log
06-09-19 17:32 4,566 imsins.log
06-09-19 17:32 73,056 tsoc.log
06-09-19 17:32 7,870 ocmsn.log
06-09-19 17:32 112,334 ocgen.log
06-09-19 17:32 7,924 msgsocm.log
06-09-19 17:32 159,319 FaxSetup.log
06-09-18 00:50 81,726 wmsetup.log
06-08-21 04:09 1,501 IE4 Error Log.txt
06-08-21 03:59 346 system.ini
06-08-03 20:11 4,096 d3dx.dat
06-08-03 20:08 77,840 DirectX.log
06-07-30 18:28 103,532 War3Unin.dat
06-05-23 12:19 1,071 AWMODEM.INF
06-05-21 13:04 1,409 QTFont.for
06-05-21 13:04 54,156 QTFont.qfn
06-04-01 03:17 487 Capictrl.INI
06-02-24 06:14 796 stwin05.ini
06-02-24 06:13 810 d2hnav.ini
06-02-11 18:14 133,142 Windows Update.log
06-01-02 23:02 538 WINPHONE.INI

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94

Verzeichnis von C:\DOKUME~1\REN~1\LOKALE~1\Temp

06-09-24 20:50 16,384 Perflib_Perfdata_6c0.dat
06-09-24 20:48 14,038 Des3.tmp
06-09-24 15:05 13,078 Des2.tmp
06-09-24 14:55 16,384 ~DFBA94.tmp
4 Datei(en) 59,884 Bytes
0 Verzeichnis(se), 18,453,172,224 Bytes frei

Vielen Dank!
Seitenanfang Seitenende
24.09.2006, 21:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 Bolloman

««
poste das neue log von combofix
««
poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.09.2006, 22:04
...neu hier

Beiträge: 9
#24 Hallo Sabina,

anbei die Logs:

Ren‚ - 06-09-24 22:00:16.75 Service Pack 1
ComboFix 06.09.23.2 - Running from: "C:\Dokumente und Einstellungen\Ren‚\Desktop\Combofix"

((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))


2006-09-19 17:00 57,384 --a------ C:\WINDOWS\system32\avsda.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-24 14:04 -------- d-------- C:\Dokumente und Einstellungen\Ren‚\Anwendungsdaten\AdobeUM
2006-09-19 17:52 -------- d-------- C:\Programme\Windows Media Player
2006-09-19 17:51 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-08-27 11:55 -------- d-------- C:\Programme\World of Warcraft


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe"
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"Microsoft Works Portfolio"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"C-Media Mixer"="Mixer.exe /startup"
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe"
"nwiz"="nwiz.exe /install"
"Corel Reminder"=""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-09-24 22:01:47.87
ComboFix.txt
ComboFix2.txt
ComboFix3.txt


Logfile of HijackThis v1.99.1
Scan saved at 22:02, on 06-09-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Telekom\Eumex 704PC LAN\HNetCtrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Microsoft Office\Office10\msoffice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\René\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Global Startup: HomeNet Control.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MedionShop - {FB7C19EE-F934-44AC-9AFC-EB60504D3B9E} - http://www.medionshop.de (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.mp3-projekt.de/InstallationsAssistent.ocx
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Danke!
Seitenanfang Seitenende
25.09.2006, 09:53
...neu hier

Beiträge: 3
#25 Hallo Sabina!
Danke für Deine professionelle Unterstützung.
Läuft wieder alles wie gewohnt.

Danke
Seitenanfang Seitenende
25.09.2006, 11:11
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 Bolloman

««
loesche den Avenger und die Combofix, mache die WindowsUpdates - lade SP2

««
TuneUp 2006 (30 Tage free) Shareware
http://virus-protect.org/reinigungstoolsregistry.html
wende an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner

dann berichte, wie es laeuft
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.10.2006, 17:26
...neu hier

Beiträge: 9
#27 Hallo Sabina,

habe Anweisungen vom 25.09.06 ausgeführt, System läuft stabil und unauffällig. Auch der Trojaner "TR/SrchSpy.G", den Antivir immer mal wieder aufgespürt hatte, wird seither nicht mehr gefunden.

In der Hoffnung, dass nun alles in Ordnung ist, möchte ich mich verabschieden und vielmals bei Dir für die schnelle und professionelle Hilfe bedanken - das war echt super!

Erleichterte Grüße vom Bolloman
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: