Winantivirus 2006 Problem!

Home » Viren, Trojaner & Malware Forum » Winantivirus 2006 Problem! » Themenansicht

Seite(n): 1 2

Antworten

Winantivirus 2006 Problem! Thema ist geschlossen!
Thema ist geschlossen!
10.10.2006, 07:06 Kenan ...neu hier Beiträge: 9	#1 Hallo, wie ich im Forum nachlesen konnte haben einige das Problem mit Winantivirus 2006, welches sich im PC eingenistet hat und durch ständig öffnende Fenster versucht, Kunden zu generieren! Nun habe ich dasselbe Problem und hoffe auf Hilfe!!! Hier sende ich, wie beschrieben, die notwendigen Anhänge: Hier der Hijack: Logfile of HijackThis v1.99.1 Scan saved at 01:40:31, on 09.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe C:\WINDOWS\system32\SSCFBTN.EXE C:\Programme\Samsung\SmarThru\PORTCTRL.EXE C:\Programme\Microsoft Hardware\Keyboard\type32.exe C:\Programme\Microsoft Hardware\Mouse\point32.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Saitek\Software\Profiler.exe C:\Programme\Saitek\Software\SaiSmart.exe C:\Programme\Saitek\Software\SaiMfd.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\FRITZ!\IWatch.exe C:\Programme\CASIO\Photo Loader\Plauto.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\DOKUME~1\kunde\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Programme\Safety Bar\SafetyBar.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [SSCFBTN.EXE] SSCFBTN.EXE O4 - HKLM\..\Run: [GW Port Controller] C:\Programme\Samsung\SmarThru\PORTCTRL.EXE O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [SaiMfd] C:\Programme\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [WLAN Quick-Starter] "C:\Programme\WLAN Quick-Starter\WLAN Quick-Starter.exe" -update O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/ O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/7daff65d4572edf188f63d7da01106ac_35.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://www.liporn.com/install/tload.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: bw+0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {3C07FE77-881B-441A-9E13-8E8B2269C9CA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Hier der combofix: kunde - 06-10-09 2:11:01,40 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\kunde\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components C:\Programme\Gemeinsame Dateien\{30F6F3B6-0A2D-1031-0124-030301240031} C:\Programme\Gemeinsame Dateien\{C0F6F3B6-0A2D-1031-0124-030301240031} C:\WINDOWS\system32\urroxtl.dll ((((((((((((((((((((((((((((((( Files Created from 2006-09-09 to 2006-10-09 )))))))))))))))))))))))))))))))))) 2006-10-09 00:55 86,036 --a------ C:\WINDOWS\system32\undrnduh.dll 2006-10-08 00:04 360,252 ---hs---- C:\WINDOWS\system32\hgjlm.bak2 2006-10-07 00:04 684,084 ---hs---- C:\WINDOWS\system32\mljgh.dll 2006-10-07 00:04 357,852 ---hs---- C:\WINDOWS\system32\hgjlm.bak1 2006-10-07 00:04 143,380 --a------ C:\WINDOWS\system32\bmilyurn.exe 2006-10-06 23:58 40,973 ---hs---- C:\WINDOWS\system32\ssqoopp.dll 2006-10-06 23:58 15,872 --a------ C:\WINDOWS\system32\winmmt32.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-09 02:11 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-10-08 23:19 -------- d-------- C:\Programme\WLAN Quick-Starter 2006-10-08 23:19 -------- d-------- C:\Programme\WLAN Monitor 2006-10-07 01:58 -------- d-------- C:\Programme\Gemeinsame Dateien\AccSys 2006-10-07 01:43 -------- d-------- C:\Programme\Anti-Spy.Info 2006-10-07 00:46 -------- d-------- C:\Programme\QuickTime 2006-10-07 00:42 -------- d-------- C:\Programme\Messenger 2006-10-07 00:42 -------- d-------- C:\Programme\Lexmark X1100 Series 2006-10-07 00:41 -------- d-------- C:\Programme\Internet Explorer 2006-10-07 00:41 -------- d-------- C:\Programme\Google 2006-10-07 00:40 -------- d-------- C:\Programme\FRITZ! 2006-10-06 19:23 -------- d-------- C:\Dokumente und Einstellungen\kunde\Anwendungsdaten\Macromedia 2006-09-30 21:42 -------- d-------- C:\Programme\Managed DirectX (0900) 2006-09-30 21:38 -------- d-------- C:\Programme\EA SPORTS 2006-09-30 00:58 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-09-03 14:25 -------- d-------- C:\Dokumente und Einstellungen\kunde\Anwendungsdaten\Google 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe" "VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg" "PCMService"="C:\\Programme\\Medion Home CinemaXL\\PowerCinema\\PCMService.exe" "SSCFBTN.EXE"="SSCFBTN.EXE" "GW Port Controller"="C:\\Programme\\Samsung\\SmarThru\\PORTCTRL.EXE" "IntelliType"="\"C:\\Programme\\Microsoft Hardware\\Keyboard\\type32.exe\"" "POINTER"="point32.exe" "Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "TaskMon"="C:\\WINDOWS\\System32\\taskmon.exe" Hier die 6 Logs von datfindbat der letzten 3 Monate: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\system32 09.10.2006 02:45 367.974 hgjlm.ini 09.10.2006 02:33 1.816 ModemLog_AVM ISDN Custom Config.txt 09.10.2006 02:13 2.206 wpa.dbl 09.10.2006 02:13 1.796 ModemLog_AVM ISDN BTX.txt 09.10.2006 02:13 1.834 ModemLog_AVM ISDN Analog Modem (V.32bis).txt 09.10.2006 02:13 1.806 ModemLog_AVM ISDN FAX (G3).txt 09.10.2006 02:13 1.816 ModemLog_AVM ISDN - ISDN (X.75).txt 09.10.2006 02:13 1.818 ModemLog_AVM ISDN Mailbox (X.75).txt 09.10.2006 02:13 1.846 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt 09.10.2006 02:13 1.828 ModemLog_AVM ISDN RAS (PPP over ISDN).txt 09.10.2006 02:13 1.838 ModemLog_AVM ISDN Internet (PPP over ISDN).txt 09.10.2006 00:55 86.036 undrnduh.dll 09.10.2006 00:04 360.252 hgjlm.bak2 07.10.2006 00:24 2.550 Uninstall.ico 07.10.2006 00:24 1.406 Help.ico 07.10.2006 00:04 4.286 ot.ico 07.10.2006 00:04 4.286 ts.ico 07.10.2006 00:04 143.380 bmilyurn.exe 07.10.2006 00:04 357.852 hgjlm.bak1 07.10.2006 00:04 684.084 mljgh.dll 06.10.2006 23:58 40.973 ssqoopp.dll 06.10.2006 23:58 15.872 winmmt32.dll 06.10.2006 15:18 375.406 perfh009.dat 06.10.2006 15:18 51.204 perfc009.dat 06.10.2006 15:18 385.728 perfh007.dat 06.10.2006 15:18 61.968 perfc007.dat 06.10.2006 15:18 858.334 PerfStringBackup.INI 11.09.2006 19:37 8.960.936 MRT.exe 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS 09.10.2006 02:13 0 0.log 09.10.2006 02:13 4.796 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 09.10.2006 02:13 159 wiadebug.log 09.10.2006 02:13 50 wiaservc.log 09.10.2006 02:13 1.205.377 WindowsUpdate.log 09.10.2006 02:12 2.048 bootstat.dat 09.10.2006 01:16 1.078.221 setupapi.log 08.10.2006 21:58 32.634 SchedLgU.Txt 06.10.2006 15:20 5.788 COM+.log 06.10.2006 00:43 396 system.ini 29.09.2006 16:52 3.582 DirectX.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\ 09.10.2006 02:50 0 sys.txt 09.10.2006 02:49 1.620 down.txt 09.10.2006 02:49 318 tmp.txt 09.10.2006 02:49 15.139 system.txt 09.10.2006 02:48 432 systemtemp.txt 09.10.2006 02:48 114.634 system32.txt 09.10.2006 02:13 8.960 ComboFix.txt 09.10.2006 02:12 536.399.872 hiberfil.sys 09.10.2006 02:12 805.306.368 pagefile.sys 03.10.2006 23:46 1.737 wlan.ini 30.09.2006 21:50 395 IPH.PH 30.09.2006 00:59 3.372 LGSInst.Log 22.09.2006 04:48 0 EPG_Chan.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\DOKUME~1\kunde\LOKALE~1\Temp 09.10.2006 02:45 40.960 rtdrvmon.exe 09.10.2006 02:24 206 jusched.log 09.10.2006 02:14 88 LVCOMSX.LOG Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\Temp 09.10.2006 02:32 13.080 idd2.tmp.exe 09.10.2006 02:32 33.280 win1.tmp.exe 2 Datei(en) 46.360 Bytes 0 Verzeichnis(se), 30.543.450.112 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\Downloaded Program Files 21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe 18.07.2006 19:08 82.432 UWA6P_0001_N91M1807NetInstaller.exe Nach der Reinigung mit Clean-Up sah es zunächst so aus, dass Winantivirus nicht mehr da war. Denkste... es kommt wieder und immer wieder. Critical Error Warnungen kommen; laufende Programme werden unterbrochen und man wird umgeleitet auf die Winantivirus 2006 - Seite... Ich bedanke mich jetzt schon einmal für Eure Bemühungen. In der Hoffnung auf Abhilfe...

10.10.2006, 10:19 Sabina Ehrenmitglied Beiträge: 29434	#2 Kenan 1. scanne mit vundofix (poste den report) http://virus-protect.org/artikel/tools/vundofixx.html 2. avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljgh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmmt32 Files to delete: C:\WINDOWS\system32\hgjlm.ini C:\WINDOWS\system32\undrnduh.dll C:\WINDOWS\system32\hgjlm.bak2 C:\WINDOWS\system32\Uninstall.ico C:\WINDOWS\system32\Help.ico C:\WINDOWS\system32\ot.ico C:\WINDOWS\system32\ts.ico C:\WINDOWS\system32\bmilyurn.exe C:\WINDOWS\system32\hgjlm.bak1 C:\WINDOWS\system32\mljgh.dll C:\WINDOWS\system32\ssqoopp.dll C:\WINDOWS\system32\winmmt32.dll C:\WINDOWS\system32\urroxtl.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PU_0001_N91M2107NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PU_0001_N91M2107NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PU_0001_N91M2107NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PU_0001_N91M2107NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PU_0001_N91M2107NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PU_0001_N91M2107NetInstaller.exe C:\WINDOWS\Downloaded Program Files\UWA6PU_0001_N91M2107NetInstaller.exe C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Temp\idd2.tmp.exe C:\WINDOWS\Temp\win1.tmp.exe Folders to delete: C:\Programme\RXToolBar Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten nach dem neustart erscheint das log vom Avenger - poste es hier dann poste noch mal das log von combofix + die 6 logs von datfindbat, 3 monate von jedem - bitte komplett !! Verzeichnis von C:\WINDOWS\Downloaded Program Files vor allem muss ich komplett sehen !!! _________ öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten** Zitat O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Programme\Safety Bar\SafetyBar.dll (file missing) O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/7daff65d4572edf188f63d7da01106ac_35.exe O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://www.liporn.com/install/tload.cab O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll __________ MfG Sabina rund um die PC-Sicherheit

10.10.2006, 13:51 Kenan ...neu hier Themenstarter Beiträge: 9	#3 Sabina, danke für die schnelle Antwort. Ich werde die Anweisungen heute Abend befolgen, bin gerade im Office. Allgemein: Macht eine Säuberung Sinn, oder ist das einfach nur ´Flickschusterei´? Macht da ein Formatieren evtl. mehr Sinn? Wie sieht es mit der Sicherheit aus?! Passwörter, Online-banking beispielsweise? Alles gefährdet jetzt? Ich find Euren Support klasse. Besten Dank erneut...

11.10.2006, 02:01 Sabina Ehrenmitglied Beiträge: 29434	#4 eine Reinigung in diesem Fall macht Sinn, mache dir keine Sorgen wegen sensiblen Daten, die Betrueger wollen dir nur fuer viel Geld eine angebliches Antivirentool aufschwatzen. (was natuerlich keins ist, sondern eine Geldmaschine... fuer die Betrueger) __________ MfG Sabina rund um die PC-Sicherheit

11.10.2006, 08:08 Kenan ...neu hier Themenstarter Beiträge: 9	#5 So... hier der Log vom Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\usudcxyx ***************** Script file located at: \??\C:\WINDOWS\system32\vrxmtwcq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ***************** Beginning to process script file: File C:\WINDOWS\system32\hgjlm.ini not found! Deletion of file C:\WINDOWS\system32\hgjlm.ini failed! Could not process line: C:\WINDOWS\system32\hgjlm.ini Status: 0xc0000034 File C:\WINDOWS\system32\undrnduh.dll not found! Deletion of file C:\WINDOWS\system32\undrnduh.dll failed! Could not process line: C:\WINDOWS\system32\undrnduh.dll Status: 0xc0000034 File C:\WINDOWS\system32\hgjlm.bak2 not found! Deletion of file C:\WINDOWS\system32\hgjlm.bak2 failed! Could not process line: C:\WINDOWS\system32\hgjlm.bak2 Status: 0xc0000034 File C:\WINDOWS\system32\Uninstall.ico deleted successfully. File C:\WINDOWS\system32\Help.ico deleted successfully. File C:\WINDOWS\system32\ot.ico not found! Deletion of file C:\WINDOWS\system32\ot.ico failed! Could not process line: C:\WINDOWS\system32\ot.ico Status: 0xc0000034 File C:\WINDOWS\system32\ts.ico not found! Deletion of file C:\WINDOWS\system32\ts.ico failed! Could not process line: C:\WINDOWS\system32\ts.ico Status: 0xc0000034 File C:\WINDOWS\system32\bmilyurn.exe not found! Deletion of file C:\WINDOWS\system32\bmilyurn.exe failed! Could not process line: C:\WINDOWS\system32\bmilyurn.exe Status: 0xc0000034 File C:\WINDOWS\system32\hgjlm.bak1 not found! Deletion of file C:\WINDOWS\system32\hgjlm.bak1 failed! Could not process line: C:\WINDOWS\system32\hgjlm.bak1 Status: 0xc0000034 File C:\WINDOWS\system32\mljgh.dll not found! Deletion of file C:\WINDOWS\system32\mljgh.dll failed! Could not process line: C:\WINDOWS\system32\mljgh.dll Status: 0xc0000034 File C:\WINDOWS\system32\ssqoopp.dll deleted successfully. File C:\WINDOWS\system32\winmmt32.dll deleted successfully. File C:\WINDOWS\system32\urroxtl.dll not found! Deletion of file C:\WINDOWS\system32\urroxtl.dll failed! Could not process line: C:\WINDOWS\system32\urroxtl.dll Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. Could not delete file C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe Status: 0xc0000035 File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. Could not delete file C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PU_0001_N91M2107NetInstaller.exe Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PU_0001_N91M2107NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PU_0001_N91M2107NetInstaller.exe Status: 0xc0000035 File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Temp\idd2.tmp.exe deleted successfully. File C:\WINDOWS\Temp\win1.tmp.exe not found! Deletion of file C:\WINDOWS\Temp\win1.tmp.exe failed! Der Combofix: kunde - 06-10-11 7:44:57,70 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\kunde\Desktop\Virus" ((((((((((((((((((((((((((((((( Files Created from 2006-09-11 to 2006-10-11 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-11 07:42 -------- d-------- C:\Programme\WLAN Quick-Starter 2006-10-11 07:42 -------- d-------- C:\Programme\WLAN Monitor 2006-10-09 03:32 -------- d-------- C:\Programme\QuickTime 2006-10-09 03:30 -------- d-------- C:\Programme\Messenger 2006-10-09 03:29 -------- d-------- C:\Programme\Lexmark X1100 Series 2006-10-09 03:28 -------- d-------- C:\Programme\Internet Explorer 2006-10-09 03:27 -------- d-------- C:\Programme\Gemeinsame Dateien\AccSys 2006-10-09 03:27 -------- d-------- C:\Programme\FRITZ! 2006-10-09 02:59 -------- d-------- C:\Programme\CleanUp! 2006-10-09 02:11 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-10-07 01:43 -------- d-------- C:\Programme\Anti-Spy.Info 2006-10-07 00:41 -------- d-------- C:\Programme\Google 2006-10-06 19:23 -------- d-------- C:\Dokumente und Einstellungen\kunde\Anwendungsdaten\Macromedia 2006-09-30 21:42 -------- d-------- C:\Programme\Managed DirectX (0900) 2006-09-30 21:38 -------- d-------- C:\Programme\EA SPORTS 2006-09-30 00:58 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-09-03 14:25 -------- d-------- C:\Dokumente und Einstellungen\kunde\Anwendungsdaten\Google 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe" "VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg" "PCMService"="C:\\Programme\\Medion Home CinemaXL\\PowerCinema\\PCMService.exe" "SSCFBTN.EXE"="SSCFBTN.EXE" "GW Port Controller"="C:\\Programme\\Samsung\\SmarThru\\PORTCTRL.EXE" "IntelliType"="\"C:\\Programme\\Microsoft Hardware\\Keyboard\\type32.exe\"" "POINTER"="point32.exe" "Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "TaskMon"="C:\\WINDOWS\\System32\\taskmon.exe" "Profiler"="C:\\Programme\\Saitek\\Software\\Profiler.exe" "SaiSmart"="C:\\Programme\\Saitek\\Software\\SaiSmart.exe" "SaiMfd"="C:\\Programme\\Saitek\\Software\\SaiMfd.exe" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe" "Lexmark X1100 Series"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "WLAN Quick-Starter"="\"C:\\Programme\\WLAN Quick-Starter\\WLAN Quick-Starter.exe\" -update" "wlconfig"="\"C:\\Programme\\WLAN Monitor\\wlconfig.exe\" -autostart" "LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://cdn.valueclick.com/g/usa/vclk/1x1_default.gif" "SubscribedURL"="http://cdn.valueclick.com/g/usa/vclk/1x1_default.gif" "FriendlyName"="" "Flags"=dword:00002001 "Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=dword:40000001 "OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,01,00,00,00 "RestoredStateInfo"=hex:14,6d,2f,01,41,c0,ac,74,90,94,3e,01,68,de,2f,01,20,6d,\ 2f,01,61,dd,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,00,00,ea,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=dword:40000004 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" Nun die 6 logs von datfindbat der letzten 3 Monate: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\Downloaded Program Files 24.08.2006 08:28 141.424 asinst.dll 22.08.2006 09:06 537 asinst.inf 10.11.2005 14:05 876 jinstall-1_5_0_06.inf 07.06.2005 15:35 1.124.872 EPUWALcontrol.dll 09.05.2005 08:54 539 EPUWALcontrol.inf 15.10.2004 07:53 110.592 PURde-xx.dll 08.10.2004 16:13 587 MSNPupld.inf 08.10.2004 16:01 372.736 MsnPUpld.dll 22.09.2004 15:59 110.592 PURen-us.dll Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\ 11.10.2006 07:47 0 sys.txt 11.10.2006 07:47 1.522 down.txt 11.10.2006 07:47 108 tmp.txt 11.10.2006 07:47 14.733 system.txt 11.10.2006 07:46 284 systemtemp.txt 11.10.2006 07:46 114.113 system32.txt 11.10.2006 07:45 8.095 ComboFix.txt 11.10.2006 07:42 10.970 avenger.txt 11.10.2006 07:42 536.399.872 hiberfil.sys 11.10.2006 07:42 805.306.368 pagefile.sys 11.10.2006 07:29 1.057 VundoFix.txt 09.10.2006 02:13 8.960 ComboFix2.txt 03.10.2006 23:46 1.737 wlan.ini 30.09.2006 21:50 395 IPH.PH 30.09.2006 00:59 3.372 LGSInst.Log 22.09.2006 04:48 0 EPG_Chan.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\system32 11.10.2006 07:42 2.206 wpa.dbl 11.10.2006 07:42 1.816 ModemLog_AVM ISDN Custom Config.txt 11.10.2006 07:42 1.796 ModemLog_AVM ISDN BTX.txt 11.10.2006 07:42 1.834 ModemLog_AVM ISDN Analog Modem (V.32bis).txt 11.10.2006 07:42 1.806 ModemLog_AVM ISDN FAX (G3).txt 11.10.2006 07:42 1.816 ModemLog_AVM ISDN - ISDN (X.75).txt 11.10.2006 07:42 1.818 ModemLog_AVM ISDN Mailbox (X.75).txt 11.10.2006 07:42 1.846 ModemLog_AVM ISDN SoftCompression X.75-V.42bis.txt 11.10.2006 07:42 1.828 ModemLog_AVM ISDN RAS (PPP over ISDN).txt 11.10.2006 07:42 1.838 ModemLog_AVM ISDN Internet (PPP over ISDN).txt 11.10.2006 07:34 3.978 wlnkspbb.txt 06.10.2006 15:18 375.406 perfh009.dat 06.10.2006 15:18 51.204 perfc009.dat 06.10.2006 15:18 385.728 perfh007.dat 06.10.2006 15:18 61.968 perfc007.dat 06.10.2006 15:18 858.334 PerfStringBackup.INI 11.09.2006 19:37 8.960.936 MRT.exe 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe 02.08.2006 12:39 73.728 asuninst.exe 28.07.2006 13:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 25.07.2006 22:33 615.936 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS 11.10.2006 07:42 4.210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 11.10.2006 07:42 0 0.log 11.10.2006 07:42 1.258.070 WindowsUpdate.log 11.10.2006 07:42 159 wiadebug.log 11.10.2006 07:42 50 wiaservc.log 11.10.2006 07:42 2.048 bootstat.dat 11.10.2006 07:41 32.634 SchedLgU.Txt 10.10.2006 07:13 1.104.621 setupapi.log 06.10.2006 15:20 5.788 COM+.log 06.10.2006 00:43 396 system.ini 29.09.2006 16:52 3.582 DirectX.log 27.09.2006 12:24 117.263 iis6.log 27.09.2006 12:24 36.637 ocmsn.log 27.09.2006 12:24 293.728 tsoc.log 27.09.2006 12:24 1.374 imsins.log 27.09.2006 12:24 251.754 comsetup.log 27.09.2006 12:24 152.814 ntdtcsetup.log 27.09.2006 12:24 10.547 KB925486.log 27.09.2006 12:24 373.691 ocgen.log 27.09.2006 12:24 36.858 msgsocm.log 27.09.2006 12:24 738.623 FaxSetup.log 23.09.2006 23:01 319.723 wmsetup.log 19.09.2006 23:30 289 lexstat.ini 12.09.2006 20:09 1.374 imsins.BAK 12.09.2006 20:09 12.136 KB920685.log 12.09.2006 20:09 36.126 updspapi.log 12.09.2006 20:09 13.684 KB920872.log 12.09.2006 20:09 11.482 KB919007.log 12.09.2006 20:09 7.805 KB922582.log 09.08.2006 02:52 17.178 KB920214.log 09.08.2006 02:52 16.911 KB921883.log 09.08.2006 02:52 16.752 KB922616.log 09.08.2006 02:52 17.212 KB921398.log 09.08.2006 02:51 20.291 KB918899.log 09.08.2006 02:51 12.098 KB920670.log 09.08.2006 02:51 12.255 KB917422.log 09.08.2006 02:51 12.507 KB920683.log 04.08.2006 14:23 2.579 avmcoins.log 03.08.2006 13:01 10.808 WgaNotify.log 12.07.2006 04:14 11.832 KB917159.log 12.07.2006 04:14 12.337 KB914388.log 12.07.2006 04:14 10.325 KB916595.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\DOKUME~1\kunde\LOKALE~1\Temp 13.11.2005 02:04 24.613 IadHide5.dll 1 Datei(en) 24.613 Bytes 0 Verzeichnis(se), 30.499.528.704 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: C0F6-F3B6 Verzeichnis von C:\WINDOWS\Temp Beim HiJackThis waren lediglich diese 2 Dateien in der Liste: O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll ..gefixed! So...alle Anweisungen nach bestem Wissen und Gewissen ausgeführt. Danke, danke, danke. Und nun? Alles OK? Mit ( wieder ) optimistischen Grüssen

11.10.2006, 10:04 Sabina Ehrenmitglied Beiträge: 29434	#6 scanne mit option 1 und 2 und post beide scanreporte http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit

11.10.2006, 23:03 Kenan ...neu hier Themenstarter Beiträge: 9	#7 Hier die beiden scanreporte: 1) SmitFraudFix v2.109 Scan done at 22:40:24,59, 11.10.2006 Run from C:\Dokumente und Einstellungen\kunde\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\kunde »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\kunde\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\kunde\FAVORI~1 C:\DOKUME~1\kunde\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://cdn.valueclick.com/g/usa/vclk/1x1_default.gif" "SubscribedURL"="http://cdn.valueclick.com/g/usa/vclk/1x1_default.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End 2) SmitFraudFix v2.109 Scan done at 22:44:55,60, 11.10.2006 Run from C:\Dokumente und Einstellungen\kunde\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOKUME~1\kunde\FAVORI~1\Antivirus Test Online.url Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End So, ´Dr. Sabina´, wie schaut´s aus? Das waren aber einige OP´s am Stück. Darf der Patient/ Rechner wieder ´unbekümmert´ in die gefährliche, weite www-Welt hinaus? OP gut gelaufen?! Und, dass auch keine ´Narben´ bleiben, Dr. Sabina!!! ;-) Thx, thx, thx ...

12.10.2006, 00:00 Sabina Ehrenmitglied Beiträge: 29434	#8 Kenan mache noch einen scan mit Counterspy, lasse alles loeschen (remove) einstellen und poste den report hier http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit

12.10.2006, 22:11 Kenan ...neu hier Themenstarter Beiträge: 9	#9 Hier der Report von counterspy...sieht ja nett aus : Spyware Scan Details Start Date: 12.10.2006 21:34:59 End Date: 12.10.2006 22:05:18 Total Time: 30 mins 19 secs Detected spyware InstaFinder Hijacker more information... Details: InstaFinder is an Internet Explorer Browser Helper search hijacker. Status: Deleted Hacker.AG Porn Dialer more information... Status: Deleted Infected files detected c:\windows\coder.ini Twain Tech Adware (General) more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user's browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Deleted Infected files detected c:\windows\smdat32a.sys c:\windows\smdat32m.sys MultiClicker Adware (General) more information... Details: MultiClicker is a Beowser Helper Object adware application that displays popups. Status: Deleted Infected files detected c:\cab.exe Key log (Damage) Key Logger more information... Details: Key log is keylogger which sleathly records all key strokes and log them in a file. Status: Deleted Infected files detected C:\WINDOWS\iun6002.exe WinFixer Rogue Security Program more information... Details: WinFixer is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan. Status: Deleted Infected files detected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe Claria.GAIN.CommonElements Adware (General) more information... Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMG 9A83B600-3A0F-443A-97B8-42492D2D635B HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} uets HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GEF 1744 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI 308728231 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} LastInstall 1120251401 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SSeq 4285 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SEvt 32112 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} PAK HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI64 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SiSeq 1 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SiH 318873 Phone Dialer Porn Dialer more information... Details: Dialer changes your modem's dial-up settings and attempts to connect to a premium or international phone number. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\ieloaderctl.ieloaderctl HKEY_CLASSES_ROOT\ieloaderctl.ieloaderctl\CurVer IELoaderCtl.IELoaderCtl.1 HKEY_CLASSES_ROOT\ieloaderctl.ieloaderctl IELoaderCtl Class Central24 Porn Dialer more information... Details: Central24 is a dialer program that can be used to access various Web sites by dialing a high-cost phone number using the modem. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920} HKEY_CLASSES_ROOT\interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920}\TypeLib {000000AA-ABBA-0704-0B53-2C8830E9FAEC} HKEY_CLASSES_ROOT\interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0f4a7b40-a295-11cf-a3a9-00a0c9034920} _IELoaderEvents HKEY_CLASSES_ROOT\interface\{c60bc918-abba-0704-0b53-2c8830e9faec} HKEY_CLASSES_ROOT\interface\{c60bc918-abba-0704-0b53-2c8830e9faec}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c60bc918-abba-0704-0b53-2c8830e9faec}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c60bc918-abba-0704-0b53-2c8830e9faec}\TypeLib {000000AA-ABBA-0704-0B53-2C8830E9FAEC} HKEY_CLASSES_ROOT\interface\{c60bc918-abba-0704-0b53-2c8830e9faec}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c60bc918-abba-0704-0b53-2c8830e9faec} IIELoaderCtl HKEY_CLASSES_ROOT\typelib\{000000aa-abba-0704-0b53-2c8830e9faec} HKEY_CLASSES_ROOT\typelib\{000000aa-abba-0704-0b53-2c8830e9faec}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IELoader.dll HKEY_CLASSES_ROOT\typelib\{000000aa-abba-0704-0b53-2c8830e9faec}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{000000aa-abba-0704-0b53-2c8830e9faec}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ HKEY_CLASSES_ROOT\typelib\{000000aa-abba-0704-0b53-2c8830e9faec}\1.0 IELoader 1.0 Type Library EGroup Sex Dialer Porn Dialer more information... Details: EGroup Sex Dialer is a program that changes your modem's dial-up settings and attempts to connect to a premium or international phone number to access adult material. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\egdhtml HKEY_CURRENT_USER\software\egdhtml CERT_DISPLAYED YES Altnet/Topsearch Browser Plug-in more information... Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75} HKEY_CLASSES_ROOT\TopSearch.TSLink.1 HKEY_CLASSES_ROOT\TopSearch.TSLink.1\CLSID {B7156514-A76C-4545-9D5B-A4E1D02C7AEC} HKEY_CLASSES_ROOT\TopSearch.TSLink.1 TSLink Class HKEY_CLASSES_ROOT\ADM25.ADM25.1 HKEY_CLASSES_ROOT\ADM25.ADM25.1\CLSID {1D3BCE37-7834-4579-8169-E67681420A98} HKEY_CLASSES_ROOT\ADM25.ADM25.1 ADM25 Class HKEY_CLASSES_ROOT\ADM4.ADM4.1 HKEY_CLASSES_ROOT\ADM4.ADM4.1\CLSID {DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2} HKEY_CLASSES_ROOT\ADM4.ADM4.1 ADM4 Class HKEY_CLASSES_ROOT\ADM25.ADM25 HKEY_CLASSES_ROOT\ADM25.ADM25\CurVer ADM25.ADM25.1 HKEY_CLASSES_ROOT\ADM25.ADM25 ADM25 Class HKEY_CLASSES_ROOT\ADM4.ADM4 HKEY_CLASSES_ROOT\ADM4.ADM4\CurVer ADM4.ADM4.1 HKEY_CLASSES_ROOT\ADM4.ADM4 ADM4 Class HKEY_CLASSES_ROOT\TopSearch.TSLink HKEY_CLASSES_ROOT\TopSearch.TSLink\CLSID {B7156514-A76C-4545-9D5B-A4E1D02C7AEC} HKEY_CLASSES_ROOT\TopSearch.TSLink\CurVer TopSearch.TSLink.1 HKEY_CLASSES_ROOT\TopSearch.TSLink TSLink Class Cydoor Adware (General) more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\cydoor HKEY_LOCAL_MACHINE\software\cydoor AdwrCnt 0 HKEY_CURRENT_USER\software\cydoor HKEY_CURRENT_USER\software\cydoor Desc2 ????????sL@?? HKEY_CURRENT_USER\software\cydoor ConnType 2 Mainpean Stardialer Porn Dialer more information... Details: Mainpean Stardialer is a dialer distributed by slsk.org, a faked SoulSeek domain. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\mainpean highspeed HKEY_LOCAL_MACHINE\software\mainpean highspeed Pre 0 HKEY_LOCAL_MACHINE\software\mainpean highspeed PreNumber 0 HKEY_LOCAL_MACHINE\software\mainpean highspeed DeviceName AVM NDIS WAN CAPI-Treiber (1) HKEY_LOCAL_MACHINE\software\mainpean highspeed Country de HKEY_LOCAL_MACHINE\software\mainpean highspeed Language Deutsch HKEY_LOCAL_MACHINE\software\mainpean highspeed Machine 0 HKEY_LOCAL_MACHINE\software\mainpean highspeed InstallFlags 3 HKEY_LOCAL_MACHINE\software\mainpean highspeed PassFlags 2 HKEY_LOCAL_MACHINE\software\mainpean highspeed Password Altnet Download Manager Low Risk Adware more information... Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\AppID\adm.EXE HKEY_CLASSES_ROOT\AppID\adm.EXE AppID {99A8E2B2-3405-4C0D-9110-131C14CAAF62} Bridge/WinFavorites Adware (General) more information... Details: Bridge monitors your Internet surfing activities. It can log keystrokes and sending them to a webserver online. Also is known to popup advertising. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\Bridge.brdg.1 HKEY_CLASSES_ROOT\Bridge.brdg.1\CLSID {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} HKEY_CLASSES_ROOT\Bridge.brdg.1 brdg Class DailyToolbar Toolbar more information... Details: DailyToolbar is a pornographic-related toolbar that periodically generates pop-up advertisements. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\NIX Solutions HKEY_CURRENT_USER\Software\NIX Solutions\DailyToolbar Need2FindBar Potentially Unwanted Program more information... Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.4598) Hotbar Toolbar more information... Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} Hotbar Information Window RXToolbar Toolbar more information... Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\InprocServer32 C:\PROGRA~1\RXTOOL~1\sfcont.dll HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\ProgID RXResult.RXResultTracker.1 HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\VersionIndependentProgID RXResult.RXResultTracker HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} RXResultTracker Class HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 C:\PROGRA~1\RXTOOL~1\sfcont.dll HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 ThreadingModel both HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName sfcont.bin HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID RXResult.RXResultFilter.1 HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID RXResult.RXResultFilter HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} RXResultFilter Class HKEY_CLASSES_ROOT\RXResult.RXResultTracker HKEY_CLASSES_ROOT\RXResult.RXResultTracker\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\RXResult.RXResultTracker RXResultTracker Class HKEY_CLASSES_ROOT\RXResult.RXResultFilter HKEY_CLASSES_ROOT\RXResult.RXResultFilter\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_CLASSES_ROOT\RXResult.RXResultFilter RXResultFilter Class HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 RXResultFilter Class HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 RXResultTracker Class Trojan.WinlogonHook.Delf.A Trojan more information... Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 78305941 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 3019 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 200 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 48 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PID 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR OCCUR 1 VSToolbar Toolbar more information... Details: VSToolbar is an adware application that installs a browser helper object (BHO) in Internet Explorer. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Search Toolbar Corp\Toolbar Vision Trojan.Smitfraud Trojan more information... Details: Trojan.Smitfraud is a group of programs that are used to download rogue security products and change the user's desktop to display false warnings that the computer is infected with spyware. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA} HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32 C:\WINDOWS\system32\ixt0.dll HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{A43385F0-7113-496D-96D7-B9B550E3FCCA} Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\kunde\cookies\kunde@doubleclick[1].txt Cookie: Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\kunde\cookies\kunde@mediaplex[1].txt Unglaublich, was da alles in der registry war...

13.10.2006, 00:34 Sabina Ehrenmitglied Beiträge: 29434	#10 Kenan «« öffne das HijackThis -- Button "scan" -- vor -Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Programme\Safety Bar\SafetyBar.dll (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll PC neustarten ** nun muesste wieder alles sauber sein scane noch mal mit counterspy, bis nichts mehr angezeigt wird __________ MfG Sabina rund um die PC-Sicherheit

16.10.2006, 11:21 Kenan ...neu hier Themenstarter Beiträge: 9	#11 O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Programme\Safety Bar\SafetyBar.dll (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll ...diese Files sind nicht in der Liste! In den vergangenen Tagen habe ich 4 scans mit counterspy durchlaufen lassen; mal findet das Programm etwas, mal nicht... Alles sauber?!

11.11.2006, 05:34 Siam ...neu hier Beiträge: 7	#12 oh mein Gott... ich sitze seit 1 Uhr an dem Schei... ding dran...ich benötige Schlaf und Hilfe: Hier die dafind.bat Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2C87-C487 Verzeichnis von C:\WINDOWS\system32 11.11.2006 04:52 74.304 Status.MPF 11.11.2006 04:18 2.206 wpa.dbl 11.11.2006 04:17 85.554 OODBS.lor 11.11.2006 04:00 382.026 perfh009.dat 11.11.2006 04:00 393.086 perfh007.dat 11.11.2006 04:00 53.770 perfc009.dat 11.11.2006 04:00 64.848 perfc007.dat 11.11.2006 04:00 902.476 PerfStringBackup.INI 11.11.2006 02:01 702.864 dgjlm.ini 11.11.2006 01:37 698.174 dgjlm.bak1 11.11.2006 01:36 2 wapisvcc.exe 11.11.2006 01:31 101.888 drvdon.dll 11.11.2006 01:31 40.973 awtuurr.dll 02.11.2006 13:02 402.328 FNTCACHE.DAT 18.10.2006 12:12 565.170 large.bnk 18.10.2006 12:12 278.528 livesnth.dll 18.10.2006 12:12 11.333 cf_lic.txt 18.10.2006 12:12 203.776 clrviddc.dll 18.10.2006 11:48 176.167 rmoc3260.dll 18.10.2006 11:48 5.632 pndx5032.dll 18.10.2006 11:48 6.656 pndx5016.dll 18.10.2006 11:48 278.528 pncrt.dll 04.10.2006 21:03 9.639.336 MRT.exe 13.09.2006 22:14 593.938 x264vfw.dll 13.09.2006 06:02 1.084.416 msxml3.dll 04.09.2006 07:13 1.497.088 shdocvw.dll 01.09.2006 19:24 2.828 KGyGaAvL.sys 01.09.2006 19:24 88 DDC06B0B11.sys 25.08.2006 16:46 617.472 comctl32.dll 21.08.2006 13:26 16.896 fltlib.dll 21.08.2006 10:14 23.040 fltmc.exe 17.08.2006 12:10 32.768 emPRP.ax 16.08.2006 12:58 100.352 6to4svc.dll 08.08.2006 10:53 1.712.128 gdiplus.dll 08.08.2006 10:53 44.544 msxml4a.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2C87-C487 Verzeichnis von C:\DOKUME~1\Andre\LOKALE~1\Temp 11.11.2006 05:08 16.384 Perflib_Perfdata_c00.dat 11.11.2006 05:06 16.384 Perflib_Perfdata_f74.dat 11.11.2006 05:06 74.608 jusched.log 11.11.2006 02:54 812 iurm831w.zip 11.11.2006 02:52 16.384 ~DF3A82.tmp 11.11.2006 02:52 16.384 ~DF2D75.tmp 11.11.2006 02:52 512 ~DF2D82.tmp 11.11.2006 02:47 830 uff9tq9r.zip 11.11.2006 02:34 0 z9498.tmp 11.11.2006 02:27 16.384 ~DFBA55.tmp 11.11.2006 02:09 16.384 Perflib_Perfdata_9a0.dat 11.11.2006 02:08 16.384 Perflib_Perfdata_77c.dat 11.11.2006 01:49 32.177 uninstaller.exe 11.11.2006 01:36 112.076 nsu92E.tmp 11.11.2006 01:34 16.384 Perflib_Perfdata_b08.dat 11.11.2006 01:34 224.934 nso8F5.tmp 11.11.2006 01:33 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}18186.html 11.11.2006 01:31 72.357 win8BA.tmp 11.11.2006 01:31 0 win8C1.tmp 11.11.2006 01:31 0 win8C2.tmp 11.11.2006 01:31 181 mst8A6.bat 11.11.2006 01:31 0 win8BF.tmp 11.11.2006 01:31 0 win8BE.tmp 11.11.2006 01:31 0 win8C0.tmp 11.11.2006 01:31 101.888 mst8B8.tmp 11.11.2006 01:31 0 win8B7.tmp 11.11.2006 01:31 0 win8B0.tmp 11.11.2006 01:31 43 removalfile.bat 11.11.2006 01:31 0 win8AB.tmp 11.11.2006 01:31 944 win8A7.tmp 11.11.2006 00:49 59.964 Adobelm_Cleanup.0001 11.11.2006 00:39 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}23524.html 11.11.2006 00:32 0 rcl437.tmp 11.11.2006 00:23 16.384 ~DF84C.tmp 11.11.2006 00:23 16.384 ~DFE9.tmp 10.11.2006 23:30 0 9oi3B3F.tmp 10.11.2006 23:14 0 ma23A63.tmp 10.11.2006 23:14 0 9ou3A61.tmp 10.11.2006 23:06 0 l3f3A5A.tmp 10.11.2006 22:53 0 ajs3A4E.tmp 10.11.2006 22:51 0 yks3A4B.tmp 10.11.2006 22:49 0 6wa3A35.tmp 10.11.2006 22:45 0 4om39E1.tmp 10.11.2006 21:53 16.384 ~DFD53F.tmp 10.11.2006 21:53 16.384 ~DFD55C.tmp 10.11.2006 21:53 16.384 ~DFD514.tmp 10.11.2006 21:53 16.384 ~DFD4EA.tmp 10.11.2006 20:11 20.409 ad1.jpg 10.11.2006 17:05 16.384 ~DFE570.tmp 10.11.2006 16:17 16.384 ~DFEA06.tmp 10.11.2006 16:17 16.384 ~DFE0C6.tmp 10.11.2006 14:03 221.184 CliC90.tmp 10.11.2006 12:41 16.384 Perflib_Perfdata_c8c.dat 10.11.2006 12:39 16.384 ~DFF632.tmp 10.11.2006 12:39 16.384 ~DFEDFD.tmp 10.11.2006 02:05 0 fdv1A0.tmp 10.11.2006 01:06 0 unu22.tmp 09.11.2006 23:06 697 TWAIN.LOG 09.11.2006 23:06 156 Twunk001.MTX 09.11.2006 23:06 4 Twain001.Mtx 09.11.2006 14:00 16.384 ~DFCD93.tmp 09.11.2006 14:00 16.384 ~DFC7F2.tmp 09.11.2006 01:34 0 nhj3D.tmp 09.11.2006 01:30 59.616 3762_appcompat.txt 09.11.2006 01:30 59.722 37ac_appcompat.txt 09.11.2006 01:30 0 c4h1B5.tmp 09.11.2006 01:29 0 o5x1A9.tmp 09.11.2006 01:28 0 f5z173.tmp 09.11.2006 01:15 0 z4a33.tmp 09.11.2006 01:11 0 xtd7A.tmp 09.11.2006 01:02 0 c7n2E.tmp 09.11.2006 00:00 43 transparent-pixel.gif 08.11.2006 19:12 1.355.912 ktpdgmj8.exe 08.11.2006 17:20 16.384 ~DF6503.tmp 08.11.2006 17:20 16.384 ~DF5F3E.tmp 08.11.2006 12:53 16.384 ~DFA92A.tmp 08.11.2006 12:53 16.384 ~DFA106.tmp 08.11.2006 09:13 244 1F1205F7.TMP 08.11.2006 01:23 0 8q916D7.tmp 08.11.2006 00:37 0 z8e15D4.tmp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2C87-C487 Verzeichnis von C:\WINDOWS 11.11.2006 05:13 498 win.ini 11.11.2006 05:13 227 system.ini 11.11.2006 05:06 0 0.log 11.11.2006 05:05 4.592 ModemLog_Sony Ericsson 750 USB WMC Modem.txt 11.11.2006 05:05 4.908 ModemLog_Conexant HDA D110 MDC V.92 Modem.txt 11.11.2006 05:05 4.602 ModemLog_Sony Ericsson 750 USB WMC Data Modem.txt 11.11.2006 05:05 1.704.172 WindowsUpdate.log 11.11.2006 05:05 2.048 bootstat.dat 11.11.2006 05:04 32.556 SchedLgU.Txt 11.11.2006 04:20 3.035 setupact.log 11.11.2006 02:00 262.870 setupapi.log 10.11.2006 23:36 1.833 wlan.ini 10.11.2006 17:14 3.912 CDPlayer.ini 10.11.2006 00:32 50 wiaservc.log 10.11.2006 00:32 696 wiadebug.log 09.11.2006 14:38 54.156 QTFont.qfn 08.11.2006 16:29 1.409 QTFont.for 05.11.2006 22:16 80.551 wmsetup.log 01.11.2006 20:25 498 winiini.fin 21.10.2006 14:43 16.696 fe93_appcompat.txt 19.10.2006 21:24 185 SHISETUP.SYS 18.10.2006 09:38 0 graphedit.INI 17.10.2006 12:27 499.762 iis6.log 17.10.2006 12:27 137.804 comsetup.log 17.10.2006 12:27 83.935 ntdtcsetup.log 17.10.2006 12:27 183.561 tsoc.log 17.10.2006 12:27 1.393 imsins.log 17.10.2006 12:27 21.465 ocmsn.log 17.10.2006 12:27 19.021 tabletoc.log 17.10.2006 12:27 14.013 KB924191.log 17.10.2006 12:27 66.677 netfxocm.log 17.10.2006 12:27 27.287 MedCtrOC.log 17.10.2006 12:27 203.788 ocgen.log 17.10.2006 12:27 19.620 msgsocm.log 17.10.2006 12:27 395.309 FaxSetup.log 17.10.2006 12:27 132.782 msmqinst.log 17.10.2006 12:27 26.582 updspapi.log 17.10.2006 12:27 1.393 imsins.BAK 17.10.2006 12:27 13.724 KB922819.log 17.10.2006 12:27 12.425 KB923414.log 17.10.2006 12:27 14.869 KB924496.log 17.10.2006 12:26 2.066 vminst.log 17.10.2006 11:51 9.003 KB923191.log 17.10.2006 01:05 19 install.log 17.10.2006 00:31 462 KB835221Uninst.log 11.10.2006 22:00 61 UIMInfo.bld 11.10.2006 22:00 316.640 WMSysPr9.prx 11.10.2006 22:00 53.304 DirectX.log 02.10.2006 13:36 11.162 KB925486.log 01.10.2006 13:46 941 orun32.ini 23.09.2006 22:30 400 ODBC.INI 14.09.2006 13:04 14.367 KB920685.log 14.09.2006 13:04 16.148 KB920872.log 14.09.2006 13:04 14.541 KB919007.log 14.09.2006 13:04 9.945 KB922582.log 07.09.2006 19:26 923 spupdsvc.log 07.09.2006 19:24 38.069 KB899587.log 07.09.2006 19:24 36.358 KB885836.log 07.09.2006 19:24 37.888 KB920214.log 07.09.2006 19:24 28.516 KB917734.log 07.09.2006 19:23 37.318 KB911927.log 07.09.2006 19:23 37.450 KB922616.log 07.09.2006 19:23 36.990 KB901017.log 07.09.2006 19:23 37.425 KB893756.log 07.09.2006 19:23 36.453 KB911280.log 07.09.2006 19:23 35.914 KB911562.log 07.09.2006 19:22 36.481 KB900485.log 07.09.2006 19:22 35.248 KB917159.log 07.09.2006 19:22 26.103 WgaNotify.log 07.09.2006 19:22 36.715 KB921398.log 07.09.2006 19:21 23.744 KB910437.log 07.09.2006 19:21 19.480 KB898458.log 07.09.2006 19:21 59.988 KB918899.log 07.09.2006 19:20 21.254 KB911564.log 07.09.2006 19:20 31.534 KB920670.log 07.09.2006 19:20 30.643 KB918439.log 07.09.2006 19:19 34.944 KB902400.log 07.09.2006 19:19 27.441 KB890046.log 07.09.2006 19:19 26.426 KB899589.log 07.09.2006 19:19 26.650 KB914388.log 07.09.2006 19:18 26.307 KB917344.log 07.09.2006 19:18 25.304 KB905414.log 07.09.2006 19:18 24.567 KB917953.log 07.09.2006 19:18 26.269 KB917422.log 07.09.2006 19:18 23.374 KB888302.log 07.09.2006 19:17 25.051 KB900725.log 07.09.2006 19:17 12.571 KB886185.log 07.09.2006 19:17 23.518 KB916595.log 07.09.2006 19:17 10.090 KB885884.log 07.09.2006 19:15 33.358 KB911567.log 07.09.2006 19:14 32.000 KB894391.log 07.09.2006 19:14 31.066 KB914389.log 07.09.2006 19:14 32.598 KB890859.log 07.09.2006 19:10 3.582 mozver.dat 07.09.2006 17:34 16.689 KB908531.log 07.09.2006 17:34 16.258 KB905749.log 07.09.2006 17:34 19.761 KB913580.log 07.09.2006 17:33 14.652 KB896428.log 07.09.2006 17:33 17.844 KB920683.log 07.09.2006 14:04 1.025.075 setupapi.log.0.old 01.09.2006 19:24 2.563.254 ACD Hintergrund.bmp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2C87-C487 Verzeichnis von C:\WINDOWS\Temp 11.11.2006 05:06 409 WGANotify.settings 11.11.2006 05:06 255 WGAErrLog.txt 04.06.2006 23:19 798.234 IMT4E.xml 04.06.2006 23:19 426 IMT4D.xml 04.06.2006 23:19 2.036 IMT4C.xml 18.10.2005 10:08 349.760 mcinsctl.dll 13.08.2004 13:00 0 T30DebugLogFile.txt 7 Datei(en) 1.151.120 Bytes 0 Verzeichnis(se), 15.772.348.416 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2C87-C487 Verzeichnis von C:\WINDOWS\Downloaded Program Files 10.06.2005 10:44 417.792 isusweb.dll 13.08.2004 12:53 65 desktop.ini 25.07.2002 18:13 24.576 dwusplay.dll 25.07.2002 18:13 196.608 dwusplay.exe 20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd 5 Datei(en) 640.203 Bytes 0 Verzeichnis(se), 15.772.344.320 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2C87-C487 Verzeichnis von C:\ 11.11.2006 05:33 0 sys.txt 11.11.2006 05:32 516 down.txt 11.11.2006 05:32 582 tmp.txt 11.11.2006 05:32 10.376 system.txt 11.11.2006 05:32 10.061 systemtemp.txt 11.11.2006 05:31 103.153 system32.txt 11.11.2006 05:13 211 boot.ini 11.11.2006 05:05 2.145.845.248 hiberfil.sys 11.11.2006 05:05 2.145.386.496 pagefile.sys 11.11.2006 05:03 444 vundofix.txt 11.11.2006 04:56 398 avenger.txt 11.11.2006 01:41 98 vm404.log 11.11.2006 01:29 1.465 mxkrh.exe 11.11.2006 01:29 0 uniq 10.11.2006 23:34 5.885 fw.htm 01.11.2006 20:19 0 CreateMarkers.log 17.10.2006 12:32 97 RTSPNetSrc.log und das HT file Logfile of HijackThis v1.99.1 Scan saved at 05:34:04, on 11.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Programme\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe c:\programme\mcafee.com\vso\mcmnhdlr.exe c:\programme\mcafee.com\shared\mghtml.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Andre\LOKALE~1\Temp\Rar$EX00.297\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/links.asp?prod=9&SNML=CAL2AQR7D5P443F8J\|CSMTHRM2VKQ2F KT4S\|CY695VKQ7EY77F8MB\|C2AJZ7PZ8G5676GVU\|CTG3Q8P5R4PWG3C3F\|SC-BRANCH_0_ FROM_200B94A&SRNM=CSMTHRM2VKQ2FKT4S&LANG= DEU&type=PurchaseCP&ext1=Sonic%20DigitalMedia%20LE%20v7 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\programme\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\programme\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Programme\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [WLAN Quick-Starter] "C:\Programme\WLAN Quick-Starter\WLAN Quick-Starter.exe" -update O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdon.dll,startup O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe ich bete dafür, dass Du auch für mich eine so schnelle Lösung hast!!!! Hilf mir bitte!

11.11.2006, 09:21 Sabina Ehrenmitglied Beiträge: 29434	#13 Siam 1. scanne mit vundofix (poste den report) http://virus-protect.org/artikel/tools/vundofixx.html 2. avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljgd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drvdon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuurr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Files to delete: C:\WINDOWS\system32\dgjlm.ini C:\WINDOWS\system32\dgjlm.bak1 C:\WINDOWS\system32\wapisvcc.exe C:\WINDOWS\system32\drvdon.dll C:\WINDOWS\system32\awtuurr.dll C:\vm404.log C:\mxkrh.exe C:\uniq C:\fw.htm C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\iurm831w.zip C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\~DF3A82.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\~DF2D75.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\~DF2D82.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\uff9tq9r.zip C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\z9498.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\~DFBA55.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\uninstaller.exe C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\nsu92E.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\nso8F5.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8BA.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8C1.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8C2.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\mst8A6.bat C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8BF.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8BE.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8C0.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\mst8B8.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8B7.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8B0.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\removalfile.bat C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8AB.tmp C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8A7.tmp Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten nach dem neustart erscheint das log vom Avenger - poste es hier dann poste das log von combofix http://virus-protect.org/artikel/tools/combofix.html + die 6 logs von datfindbat noch mal __________ MfG Sabina rund um die PC-Sicherheit

11.11.2006, 15:37 Siam ...neu hier Beiträge: 7	#14 DANKE für die Hilfe!!! ich bin sowas von fertig...hoofentlich klappts! (hatte Vundofiy schon ma gemacht, dürfte er nix mehr finden! Avenger mach ich nach erneutem Vundofix! ->Vundofix und Avenger ergebnisse: (Jetzt gibt er mir ne Fehlermeldung von run.dll aus, dass ihm dvrdon.dll fehlt...aber so eine Datei gibts doch gar nicht...->HjThis gescannt, gefixt und (noch ohne Neustart) beim 2. Scann nicht mehr zu sehn) UND DAS ICON is schonma wech! Vundofix: Done Searching for files. No infected files were found->Avenger first step completed->Neustart Avenger: File C:\WINDOWS\system32\awtuurr.dll deleted successfully. File C:\vm404.log deleted successfully. File C:\mxkrh.exe not found! Deletion of file C:\mxkrh.exe failed! ----> hatte ich vorher schon mit ewido gelöscht! Could not process line: C:\mxkrh.exe Status: 0xc0000034 File C:\uniq deleted successfully. File C:\fw.htm deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\iurm831w.zip deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\~DF3A82.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\~DF2D75.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\~DF2D82.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\uff9tq9r.zip deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\z9498.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\~DFBA55.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\uninstaller.exe deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\nsu92E.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\nso8F5.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8BA.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8C1.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8C2.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\mst8A6.bat deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8BF.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8BE.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8C0.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\mst8B8.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8B7.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8B0.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\removalfile.bat deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8AB.tmp deleted successfully. File C:\Dokumente und Einstellungen\Andre\Lokale Einstellungen\Temp\win8A7.tmp deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljgd not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljgd failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drvdon not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drvdon failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuurr not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuurr failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Dieser Beitrag wurde am 11.11.2006 um 17:53 Uhr von Siam editiert.

11.11.2006, 18:29 Sabina Ehrenmitglied Beiträge: 29434	#15 Siam 1. leere das backup vom avenger unter c:\Avenger\backup.zip 2. dann poste das log von combofix http://virus-protect.org/artikel/tools/combofix.html 3. die 6 logs von datfindbat noch mal __________ MfG Sabina rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2