Virus TR/Dldr.Multi.B.4.J auf meinem system, Antivir machtlos |
||
---|---|---|
#0
| ||
26.04.2006, 12:11
Member
Beiträge: 12 |
||
|
||
26.04.2006, 12:22
Ehrenmitglied
Beiträge: 29434 |
#2
Blans
1. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.04.2006, 12:41
Member
Themenstarter Beiträge: 12 |
#3
kommt der datfind.bat log:
Nr1: Verzeichnis von C:\WINDOWS\system32 26.04.2006 11:58 14.848 BASSMOD.dll 26.04.2006 11:55 29.204 nvapps.xml 23.04.2006 19:34 2.828 KGyGaAvL.sys 23.04.2006 13:59 231.184 FNTCACHE.DAT 22.04.2006 00:02 81.920 ElbyCDIO.dll 21.04.2006 11:19 3.045 sdbackup.reg 16.04.2006 04:09 664 d3d9caps.dat 03.04.2006 18:27 1.158 wpa.dbl 28.03.2006 14:29 53.572 perfc009.dat 28.03.2006 14:29 381.828 perfh009.dat 28.03.2006 14:29 392.842 perfh007.dat 28.03.2006 14:29 64.650 perfc007.dat 28.03.2006 14:29 902.476 PerfStringBackup.INI 17.02.2006 13:20 3.521.856 mi2.exe 17.02.2006 13:18 368.739 mi1.exe 11.02.2006 17:56 7.006 jupdate-1.5.0_06-b05.log 26.01.2006 20:36 716.800 divxdec.ax 26.01.2006 20:36 574.976 DivX.dll 26.01.2006 20:35 679.936 divx_xx07.dll 26.01.2006 20:35 679.936 divx_xx0c.dll 26.01.2006 20:35 663.552 divx_xx11.dll 24.01.2006 20:08 12.288 DivXWMPExtType.dll 18.01.2006 14:05 57.344 avsda.dll Nr2: Verzeichnis von C:\DOKUME~1\EVASTB~1\LOKALE~1\Temp 26.04.2006 11:55 32.768 ~DF6AA8.tmp Nr3: Verzeichnis von C:\WINDOWS 26.04.2006 12:25 759.682 setupapi.log 26.04.2006 11:55 0 0.log 26.04.2006 11:55 2.048 bootstat.dat 26.04.2006 11:54 50.646 WindowsUpdate.log 25.04.2006 21:44 822 wiadebug.log 25.04.2006 19:56 3.932.214 wallpaper.bmp 25.04.2006 19:54 50 wiaservc.log 23.04.2006 18:49 69 NeroDigital.ini 23.04.2006 14:08 32.386 FontData.fdb 23.04.2006 12:38 63.073 iis6.log 23.04.2006 12:38 158.624 tsoc.log 23.04.2006 12:38 1.917 imsins.log 23.04.2006 12:38 138.047 comsetup.log 23.04.2006 12:38 82.252 ntdtcsetup.log 23.04.2006 12:38 21.532 ocmsn.log 23.04.2006 12:38 20.193 msgsocm.log 23.04.2006 12:38 198.290 ocgen.log 23.04.2006 12:38 416.044 FaxSetup.log 23.04.2006 12:06 54.156 QTFont.qfn 21.04.2006 20:21 50.673 wmsetup.log 21.04.2006 18:50 1.409 QTFont.for 21.04.2006 13:10 482 win.ini 21.04.2006 11:07 28.503 DirectX.log 23.03.2006 23:17 250 KLETT.INI 22.03.2006 17:35 516 WININIT.INI 22.03.2006 17:35 123 TMPCPYIS.BAT 22.03.2006 17:35 122 TMPDELIS.BAT 22.03.2006 17:35 26 WINSTART.BAT 22.03.2006 17:35 1.040 ODBC.INI 22.03.2006 17:34 4.429 ODBCINST.INI 21.02.2006 13:57 12.862 EPISMG00.SWB 14.01.2006 15:39 0 iPlayer.INI Nr4: Verzeichnis von C:\ 26.04.2006 12:40 0 sys.txt 26.04.2006 12:40 8.619 system.txt 26.04.2006 12:39 287 systemtemp.txt 26.04.2006 12:36 105.129 system32.txt 26.04.2006 12:12 0 ms1.exe 26.04.2006 12:05 3.063 secure32.html 26.04.2006 12:05 32.768 winstall.exe 26.04.2006 12:05 73.728 kl1.exe 26.04.2006 12:05 0 uniq 26.04.2006 11:55 1.073.270.784 hiberfil.sys 26.04.2006 11:55 1.610.612.736 pagefile.sys 07.01.2006 19:47 0 ________ Und hier der hijackthislog: Logfile of HijackThis v1.99.1 Scan saved at 12:44:13, on 26.04.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\ANYCOM\Blue USB-200-250\BTTray.exe C:\Programme\NetCommy\NetCommy.exe C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe c:\Program Files\paytime.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe D:\Download\BSINSTALL.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Eva Stübel\Desktop\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Programme\Google Toolbar\toolbar-w-google-r.dll F2 - REG:system.ini: Shell=explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe" O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - C:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Programme\Google Toolbar\toolbar-w-google-r.dll O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [EumexInst] "F:\Setup.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [SysTray] c:\Program Files\paytime.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [E06DXLRD_7032968] "C:\Programme\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NetCommy-Autostart.lnk = C:\Programme\NetCommy\NetCommy.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programme\Free Download Manager\dlpage.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll O20 - Winlogon Notify: nkunpack - C:\WINDOWS\SYSTEM32\nkunpack.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe vielen herzlich dank im vorraus... __________ Die Antwort: 42 Dieser Beitrag wurde am 26.04.2006 um 12:45 Uhr von Blans editiert.
|
|
|
||
26.04.2006, 14:20
Ehrenmitglied
Beiträge: 29434 |
#4
Blans
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlPC neustarten ----------- 0. deinstalliere: C:\Programme\BearShare C:\Programme\Free Download Manager 1. poste das Log vom avenger 2. ewido (scanne und poste den report) http://virus-protect.org/ewido.html 3. RootkitRevealer-> poste das Log http://www.sysinternals.com/Utilities/RootkitRevealer.html 4. poste das Log vom Silentrunner Die Option "Supplementary Searches" waehlen http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.04.2006, 15:10
Member
Themenstarter Beiträge: 12 |
#5
Hier kommt das Avengerlog:
ich hab zusätzlich & im Nachhinein noch die C:\WINDOWS\SYSTEM32\nkunpack.dll hinzugefügt, da antivir ständig gemeldet hat, dass in dieser datei der trojaner TR/Dldr.Multi.B.4.J sitzen würde 1.Log Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\bgqldxni ******************* Script file located at: \??\C:\WINDOWS\wouxavlh.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File D:\Download\BSINSTALL.exe deleted successfully. File C:\WINDOWS\system32\mi2.exe deleted successfully. File C:\WINDOWS\system32\mi1.exe deleted successfully. File c:\Program Files\paytime.exe deleted successfully. File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe deleted successfully. File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.dll not found! Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.dll failed! Could not process line: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.dll Status: 0xc0000034 File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00002.dll deleted successfully. Could not open file C:\WINDOWS\system32\service\dll.dll for deletion Deletion of file C:\WINDOWS\system32\service\dll.dll failed! Could not process line: C:\WINDOWS\system32\service\dll.dll Status: 0xc000003a Could not open file C:\WINDOWS\system32\service\dllp.txt for deletion Deletion of file C:\WINDOWS\system32\service\dllp.txt failed! Could not process line: C:\WINDOWS\system32\service\dllp.txt Status: 0xc000003a Could not open file C:\WINDOWS\system32\service\explorer.exe for deletion Deletion of file C:\WINDOWS\system32\service\explorer.exe failed! Could not process line: C:\WINDOWS\system32\service\explorer.exe Status: 0xc000003a File C:\ms1.exe deleted successfully. File C:\secure32.html deleted successfully. File C:\winstall.exe deleted successfully. File C:\kl1.exe deleted successfully. File C:\uniq deleted successfully. Completed script processing. ******************* Finished! Terminate.////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\bgqldxni ******************* Script file located at: \??\C:\WINDOWS\wouxavlh.txt Script file not found! Error Could not open script file! Status: 0xc0000034 Abort! 2.Log Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ocbcqcdm ******************* Script file located at: \??\C:\WINDOWS\pwqkwfob.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\nkunpack.dll deleted successfully. Completed script processing. ******************* Finished! Terminate. ewido-report: --------------------------------------------------------- ewido anti-malware - Scan Report --------------------------------------------------------- + Erstellt am: 15:36:28, 26.04.2006 + Report-Checksumme: 154B2BB5 + Scanergebnis: HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Gesäubert mit Backup C:\avenger\backup-26.04.2006-14.48.58,14.zip/avenger/ibm00001.exe -> Trojan.Sinowal.l : Fehler beim Säubern C:\avenger\backup-26.04.2006-14.48.58,14.zip/avenger/ibm00002.dll -> Trojan.Sinowal.l : Fehler beim Säubern C:\avenger\backup-26.04.2006-14.48.58,14.zip/avenger/kl1.exe -> Trojan.Sinowal.l : Fehler beim Säubern C:\avenger\backup.zip/avenger/nkunpack.dll -> Backdoor.Haxdoor.hh : Fehler beim Säubern :mozilla.16:C:\Dokumente und Einstellungen\Eva Stübel\Anwendungsdaten\Mozilla\Firefox\Profiles\vk23fh95.default\cookies.txt -> TrackingCookie.Ivwbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\Eva Stübel\Eigene Dateien\ICQ Lite\217618095\Kadda_295678998\einfach genial.EXE -> Not-A-Virus.BadJoke.Win32.Badgame : Gesäubert mit Backup C:\zia00284/avenger/nkunpack.dll -> Backdoor.Haxdoor.hh : Fehler beim Säubern C:\zia00712/avenger/ibm00001.exe -> Trojan.Sinowal.l : Fehler beim Säubern C:\zia00712/avenger/ibm00002.dll -> Trojan.Sinowal.l : Fehler beim Säubern C:\zia00712/avenger/kl1.exe -> Trojan.Sinowal.l : Fehler beim Säubern D:\Download\Adobe_Serial_Generator_v2.04Raibiez.zip/crack.exe -> Downloader.Harnig.ax : Fehler beim Säubern D:\Download\readme_translator.exe -> Adware.Stud : Gesäubert mit Backup ::Report Ende rootkitreveal report: HKLM\S-1-5-21-3349688752-2729225167-2751615303-1007\Software\Zepter Software\RegLib*0885d7b1 23.04.2006 22:51 0 bytes Key name contains embedded nulls (*) HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 28.12.2005 13:53 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 28.12.2005 13:53 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 28.12.2005 13:53 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 28.12.2005 13:53 32 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 28.12.2005 13:53 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 28.12.2005 14:38 0 bytes Hidden from Windows API. C:\Dokumente und Einstellungen\Eva Stübel\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\vk23fh95.default\Cache\AD54DB3Fd01 26.04.2006 15:43 71.50 KB Hidden from Windows API. C:\Dokumente und Einstellungen\Eva Stübel\Lokale Einstellungen\Temp\Silent Runners.zip 26.04.2006 15:43 71.50 KB Hidden from Windows API. C:\System Volume Information\_restore{FF6E7E15-8DD2-4E51-A0A5-00FCCC22C32F}\RP35\A0011096.exe 26.04.2006 12:05 1.00 KB Visible in Windows API, but not in MFT or directory index. C:\System Volume Information\_restore{FF6E7E15-8DD2-4E51-A0A5-00FCCC22C32F}\RP35\A0011097.dll 26.04.2006 12:05 61.00 KB Visible in Windows API, but not in MFT or directory index. C:\System Volume Information\_restore{FF6E7E15-8DD2-4E51-A0A5-00FCCC22C32F}\RP35\A0011098.exe 26.04.2006 12:05 72.00 KB Visible in Windows API, but not in MFT or directory index. silentrunnerslog: "Silent Runners.vbs", revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Power2GoExpress" = "*Z" (unwritable string) [file not found] "NBJ" = ""C:\Programme\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"] "E06DXLRD_7032968" = ""C:\Programme\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE" -m" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Verknüpfung mit der High Definition Audio-Eigenschaftenseite" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "{1290A33C-85F5-4164-A1BE-7DD299D4986A}" = ""C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"" ["CyberLink Corp."] "PCMService" = ""C:\Program Files\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "EPSON Stylus D88 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"" ["SEIKO EPSON CORPORATION"] "DAEMON Tools" = ""C:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "EumexInst" = ""F:\Setup.exe"" [file not found] "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["H+BEDV Datentechnik GmbH"] "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."] "BearShare" = ""C:\Programme\BearShare\BearShare.exe" /pause" [file not found] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "AnyDVD" = "C:\Programme\SlySoft\AnyDVD\AnyDVD.exe" ["SlySoft, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Companion BHO" \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {BA463437-C3DE-47da-8280-87596824388A}\(Default) = "XBTB06823" -> {HKLM...CLSID} = "XBTB06823 Class" \InProcServer32\(Default) = "C:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Bluetooth-Umgebung" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! "AppInit_DLLs" = "C:\WINDOWS\system32\wmfhotfix.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Group Policies [Description]: ----------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001 [enables Active Desktop and prevents disabling it] "Wallpaper" = (value not set) [disables the Display Properties|Desktop (tab) (except the "Customize Desktop..." button); selects wallpaper if Active Desktop is enabled] Active Desktop and Wallpaper: ----------------------------- Active Desktop enabled via Group Policy. Wallpaper selected via Group Policy. Startup items in "Eva Stübel" & "All Users" startup folders: ------------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "BTTray" -> shortcut to: "C:\Programme\ANYCOM\Blue USB-200-250\BTTray.exe" ["Broadcom Corporation."] "NetCommy-Autostart" -> shortcut to: "C:\Programme\NetCommy\NetCommy.exe" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Companion" \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" ["Yahoo! Inc."] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}" -> {HKLM...CLSID} = "3 Search with Google" \InProcServer32\(Default) = "C:\Programme\Google Toolbar\toolbar-w-google-r.dll" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Companion" \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" ["Yahoo! Inc."] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}" = (no title provided) -> {HKLM...CLSID} = "3 Search with Google" \InProcServer32\(Default) = "C:\Programme\Google Toolbar\toolbar-w-google-r.dll" [file not found] Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {CCA281CA-C863-46EF-9331-5C8D4460577F}\ "ButtonText" = "@btrez.dll,-4015" "MenuText" = "@btrez.dll,-4017" "Script" = "C:\Programme\ANYCOM\Blue USB-200-250\btsendto_ie.htm" [null data] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ "ButtonText" = "Yahoo! Messenger" "MenuText" = "Yahoo! Messenger" "Exec" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" ["Yahoo! Inc."] {F4430FE8-2638-42E5-B849-800749B94EED}\ "ButtonText" = "PartyPoker.net" "MenuText" = "PartyPoker.net" "Exec" = "C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe" [file not found] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}" = (no title provided) -> {HKLM...CLSID} = "3 Search with Google" \InProcServer32\(Default) = "C:\Programme\Google Toolbar\toolbar-w-google-r.dll" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"] AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] Bluetooth Service, btwdins, "C:\Programme\ANYCOM\Blue USB-200-250\bin\btwdins.exe" ["Broadcom Corporation."] C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"] CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string] CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"" ["Cyberlink"] Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programme\CyberLink\Shared Files\RichVideo.exe"" [empty string] CyberLink Task Scheduler (CTS), CLSched, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"" [empty string] ewido security suite control, ewido security suite control, "C:\Programme\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] ewido security suite guard, ewido security suite guard, "C:\Programme\ewido anti-malware\ewidoguard.exe" ["ewido networks"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Bluetooth-Druckeranschluss\Driver = "bthcrp.dll" ["Broadcom Corporation."] EPSON Stylus D88 Series 2KMonitor5E\Driver = "E_FLMABE.DLL" ["SEIKO EPSON CORPORATION"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 13 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 10 seconds. ---------- (total run time: 40 seconds) und es ist noch ein neues problem aufgetreten: der desktophintergrund ist jetzt nur noch einfarbig, und bei den anzeigeeigenschaften unter dem registerreiter "Desktop" ist das feld, in dem man normalerweise das hintergrundbild einstellt, inaktiv, ebenso wie der button "Durchsuchen" daneben. die einzigen aktiven felder sind "Farbe" und "Desktop anpassen"... wenn du da noch ne idee hättest... das wäre echt genial... vielen dank schonmal, meine schwester ist ganz happy, das war nämlich ihr rechner... __________ Die Antwort: 42 Dieser Beitrag wurde am 26.04.2006 um 16:09 Uhr von Blans editiert.
|
|
|
||
26.04.2006, 16:58
Ehrenmitglied
Beiträge: 29434 |
#6
1.
loesche: C:\avenger\backup.zip C:\zia00284 C:\zia00712 D:\Download\Adobe_Serial _ Generator _v2.04Raibiez.zip ------------------------------------------------------------------- 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat REGEDIT43. Die Datei "fix.reg" auf dem Desktop doppelklicken. und der Registry mit "ja" beifuegen PC neustarten --------------- 4. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (nach der Reinigung wieder aktivieren) 5. scanne mit Kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.04.2006, 18:49
Member
Themenstarter Beiträge: 12 |
#7
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, April 26, 2006 6:45:46 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 26/04/2006 Kaspersky Anti-Virus database records: 178567 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ H:\ I:\ J:\ K:\ L:\ M:\ N:\ Scan Statistics Total number of scanned objects 88914 Number of viruses found 3 Number of infected objects 5 Number of suspicious objects 0 Duration of the scan process 00:58:54 Infected Object Name Virus Name Last Action C:\Program Files\secure32.html Infected: Trojan.Win32.Harnig.a skipped D:\Download\adobephotoshopalbumstarter20_MhOxAiVqPsBcAuDf.zip/Freecheats.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ki skipped D:\Download\adobephotoshopalbumstarter20_MhOxAiVqPsBcAuDf.zip/Freecheats.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.ny skipped D:\Download\adobephotoshopalbumstarter20_MhOxAiVqPsBcAuDf.zip/Freecheats.exe Infected: Trojan-Downloader.Win32.IstBar.ny skipped D:\Download\adobephotoshopalbumstarter20_MhOxAiVqPsBcAuDf.zip ZIP: infected - 3 skipped Scan process completed Vielen Dank nochmal... __________ Die Antwort: 42 |
|
|
||
26.04.2006, 22:38
Ehrenmitglied
Beiträge: 29434 |
#8
Blans
loesche: C:\Program Files\secure32.html D:\Download\adobephotoshopalbumstarter20_MhOxAiVqPsBcAuDf.zip D:\Download\Adobe_Serial _ Generator _v2.04Raibiez.zip dann sage deiner Schwester, sie soll in Zukunft keine C r a c s mehr laden ............................. arbeite das noch ab...dann sollte wieder alles sauber sein . http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
habt ihr vielleicht irgendwelche tipps dazu?
wäre echt hilfreich...
__________
Die Antwort: 42