Ist mein PC infiziert? |
||
|---|---|---|
| #0
| ||
|
10.06.2006, 10:54
Member
Beiträge: 36 |
||
 
|
|
|
|
10.06.2006, 11:28
Ehrenmitglied
 Beiträge: 29434 |
#2
n3r0
1. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) SpyBro in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. --------- 2. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 3. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 11:42
Member
Themenstarter Beiträge: 36 |
#3
Hallo,
REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 10.06.2006 11:37:05 for strings: ; 'spybro' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A2D2E71-1882-44fb-923A-2FE0958B53F5}\InProcServer32] @="\"C:\\Programme\\SpyBro\\LawEnforcer.dll\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpionFrei_is1] "Inno Setup: App Path"="C:\\Programme\\SpyBro" "InstallLocation"="C:\\Programme\\SpyBro\\" "UninstallString"="\"C:\\Programme\\SpyBro\\unins000.exe\"" "QuietUninstallString"="\"C:\\Programme\\SpyBro\\unins000.exe\" /SILENT" [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser] [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser\RemoteConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser\Signatures] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Antispy] "ImagePath"="\\??\\C:\\Programme\\SpyBro\\Antispy.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Antispy] "ImagePath"="\\??\\C:\\Programme\\SpyBro\\Antispy.sys" [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run] "SpyBrowser"="C:\\Programme\\SpyBro\\SpyBro.exe /autostart" [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Programme\\SpyBro\\SpyBro.exe"="www.spyware-browser.com" [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Antivirus] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\General] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\GuardOptions] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\GuardOptions\EnabledMonitors] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Monitors] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\RemoteConfig] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\ScanOptions] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\ScanOptions\CustomScan] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\ScanOptions\SelectedFolders] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\ScanOptions\StartupCustomScan] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Scheduler] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Scheduler\CustomScan] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Scheduler\Event 0] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Startup] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Statistics] ; End Of The Log... ------- datfindbat: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 44C6-C187 Verzeichnis von C:\WINDOWS\system32 10.06.2006 08:43 43.592 vsconfig.xml 07.06.2006 21:23 222.432 FNTCACHE.DAT 05.06.2006 17:34 2.206 wpa.dbl 28.05.2006 10:53 16.832 amcompat.tlb 28.05.2006 10:53 23.392 nscompat.tlb 15.05.2006 18:34 34.308 BASSMOD.dll 14.05.2006 14:29 16 RgsData.dat 14.05.2006 14:21 16 DataRnvx.dat 10.05.2006 02:49 269.824 Audiodev.dll 10.05.2006 02:49 7.757.312 wmploc.dll 10.05.2006 02:14 3.749.888 WpdShext.dll 10.05.2006 02:14 97.792 SET88.tmp 10.05.2006 02:14 97.792 wmpshell.dll 10.05.2006 02:13 262.656 wmerror.dll 10.05.2006 02:12 8.192 asferror.dll 09.05.2006 22:36 6.656 WdfMgr.exe 09.05.2006 22:36 6.656 uWDF.exe 09.05.2006 22:26 219.648 CEWMDM.dll 09.05.2006 22:26 26.112 MsPMSNSv.dll 09.05.2006 22:26 4.096 wdfApi.dll 09.05.2006 22:26 212.480 msnetobj.dll 09.05.2006 22:26 306.688 MSWMDM.dll 09.05.2006 22:26 4.096 wmvdmoe2.dll 09.05.2006 22:26 4.096 wmvdmod.dll 09.05.2006 22:26 4.096 MP43DMOD.dll 09.05.2006 22:26 705.024 WMADMOD.dll 09.05.2006 22:26 4.096 MPG4DMOD.dll 09.05.2006 22:26 4.096 WMVADVE.DLL 09.05.2006 22:26 4.096 MP4SDMOD.dll 09.05.2006 22:26 4.096 WMVADVD.dll 09.05.2006 22:26 1.280.000 WMSPDMOE.dll 09.05.2006 22:26 564.736 WMSPDMOD.dll 09.05.2006 22:26 4.096 wmsdmoe2.dll 09.05.2006 22:26 4.096 wmsdmod.dll 09.05.2006 22:26 203.776 wmpsrcwp.dll 09.05.2006 22:26 165.376 MsPMSP.dll 09.05.2006 22:26 221.696 WMASF.dll 09.05.2006 22:26 1.063.424 WMADMOE.dll 09.05.2006 22:26 135.680 wmpps.dll 09.05.2006 22:26 31.744 WMDMLOG.dll 09.05.2006 22:26 201.728 qasf.dll 09.05.2006 22:26 1.641.472 wmpencen.dll 09.05.2006 22:26 433.152 wmpeffects.dll 09.05.2006 22:26 301.056 wmpdxm.dll 09.05.2006 22:26 237.056 wmpasf.dll 09.05.2006 22:26 10.394.624 wmp.dll 09.05.2006 22:26 992.256 WMNetMgr.dll 09.05.2006 22:26 155.136 wmidx.dll 09.05.2006 22:26 36.864 WMDMPS.dll 09.05.2006 22:26 417.280 wmdrmdev.dll 09.05.2006 22:26 337.408 wmdrmnet.dll 09.05.2006 22:26 9.728 LAPRXY.dll 09.05.2006 22:22 2.463.744 wmvcore.dll 09.05.2006 21:02 230.400 l3codecp.acm 09.05.2006 21:02 84.480 logagent.exe 09.05.2006 21:01 1.463.808 WMVDECOD.dll 09.05.2006 21:01 1.359.360 WMVSDECD.dll 09.05.2006 21:00 770.560 WMVSENCD.dll 09.05.2006 21:00 299.520 MP4SDECD.dll 09.05.2006 21:00 241.152 MPG4DECD.dll 09.05.2006 21:00 1.455.616 WMVENCOD.dll 09.05.2006 21:00 636.928 WMVXENCD.dll 09.05.2006 21:00 241.152 MP43DECD.dll 09.05.2006 21:00 546.816 wmpmde.dll 09.05.2006 21:00 382.976 MFPLAT.dll 09.05.2006 21:00 1.350.656 drmv2clt.dll 09.05.2006 20:59 513.536 wmdrmsdk.dll 09.05.2006 20:59 417.280 MSSCP.dll 09.05.2006 20:59 229.376 drmupgds.exe 09.05.2006 20:59 585.216 blackbox.dll 09.05.2006 20:58 13.824 wpdshextautoplay.exe 09.05.2006 20:58 52.224 WPDShServiceObj.dll 09.05.2006 20:58 670.208 wpd_ci.dll 09.05.2006 20:58 103.424 PortableDeviceWiaCompat.dll 09.05.2006 20:58 345.600 PortableDeviceApi.dll 09.05.2006 20:58 188.928 PortableDeviceWMDRM.dll 09.05.2006 20:58 101.376 PortableDeviceClassExtension.dll 09.05.2006 20:58 343.552 WPDSp.dll 09.05.2006 20:58 35.840 wpdconns.dll 09.05.2006 20:58 55.808 wpdmtpus.dll 09.05.2006 20:58 144.896 wpdmtp.dll 09.05.2006 20:58 168.960 PortableDeviceTypes.dll 09.05.2006 20:58 13.312 wpdtrace.dll 09.05.2006 20:57 11.264 ehETW.dll 09.05.2006 20:45 304.640 MSDelta.dll 04.05.2006 06:26 5.818.784 MRT.exe 03.05.2006 14:20 1.669.344 NpFp415.dll 30.04.2006 21:10 102.400 tsccvid.dll 28.04.2006 21:17 311.604 perfh009.dat 28.04.2006 21:17 39.992 perfc009.dat 28.04.2006 21:17 316.594 perfh007.dat 28.04.2006 21:17 48.156 perfc007.dat 28.04.2006 21:17 723.744 PerfStringBackup.INI 28.04.2006 11:22 719.064 NpFv415.dll 22.04.2006 17:22 60.200 sirenacm.dll 17.04.2006 09:45 4.212 zllictbl.dat 13.04.2006 23:29 26.624 jsproxy.dll 13.04.2006 23:29 166.912 extmgr.dll 13.04.2006 23:29 220.672 webcheck.dll 13.04.2006 23:29 723.456 wininet.dll 13.04.2006 23:29 156.160 msls31.dll 13.04.2006 23:29 5.104.128 ieframe.dll 13.04.2006 23:29 466.944 mshtmled.dll 13.04.2006 23:29 266.240 iepeers.dll 13.04.2006 23:29 3.347.968 mshtml.dll 13.04.2006 23:29 193.536 ieui.dll 13.04.2006 23:29 409.088 msfeeds.dll 13.04.2006 23:29 35.328 msfeedsbs.dll 13.04.2006 23:29 772.608 urlmon.dll 13.04.2006 23:21 424.448 html.iec 13.04.2006 23:21 157.696 WinFXDocObj.exe 13.04.2006 23:21 1.405.952 inetcpl.cpl 13.04.2006 23:21 78.336 ieencode.dll 13.04.2006 23:20 176.640 msrating.dll 13.04.2006 23:20 40.960 url.dll 13.04.2006 23:20 32.256 licmgr10.dll 13.04.2006 23:20 92.672 occache.dll 13.04.2006 23:19 16.384 corpol.dll 13.04.2006 23:17 214.528 ieaksie.dll 13.04.2006 23:17 155.648 ieakeng.dll 13.04.2006 23:17 364.544 iedkcs32.dll 13.04.2006 23:17 73.728 admparse.dll 13.04.2006 23:16 40.448 ie4uinit.exe 13.04.2006 23:16 46.080 iesetup.dll 13.04.2006 23:16 34.304 iernonce.dll 13.04.2006 23:16 112.640 advpack.dll 13.04.2006 23:16 84.992 inseng.dll 13.04.2006 23:16 479.232 jscript.dll 13.04.2006 23:16 406.016 vbscript.dll 13.04.2006 23:14 9.216 msfeedssync.exe 13.04.2006 23:14 48.640 icardie.dll 13.04.2006 23:14 333.312 dxtmsft.dll 13.04.2006 23:14 214.528 dxtrans.dll 13.04.2006 23:14 44.032 pngfilt.dll 13.04.2006 23:14 34.816 imgutil.dll 13.04.2006 23:13 536.576 mstime.dll 13.04.2006 23:11 220.160 iertutil.dll 13.04.2006 23:10 41.472 mshta.exe 13.04.2006 23:10 64.512 tdc.ocx 13.04.2006 22:48 55.757 ieuinit.inf 13.04.2006 22:45 48.640 mshtmler.dll 13.04.2006 22:44 365.568 ieapfltr.dll 13.04.2006 22:39 172.032 ieakui.dll 13.04.2006 22:34 1.383.936 mshtml.tlb 11.04.2006 14:30 93.752 WUDFCoinstaller.dll 11.04.2006 14:27 130.048 WudfHost.exe 11.04.2006 14:27 304.640 WUDFx.dll 11.04.2006 14:26 54.272 WudfSvc.dll 11.04.2006 14:26 158.208 WudfPlatform.dll 07.04.2006 21:09 252 lvcoinst.log 31.03.2006 18:22 34.064 lhacm.acm 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 29.03.2006 13:24 7.006 jupdate-1.5.0_06-b05.log 28.03.2006 21:12 251 spupdwxp.log 28.03.2006 19:34 0 h323log.txt 28.03.2006 18:49 25.065 wmpscheme.xml 28.03.2006 18:45 237 $winnt$.inf 28.03.2006 18:39 2.951 CONFIG.NT 28.03.2006 18:38 488 WindowsLogon.manifest 28.03.2006 18:38 488 logonui.exe.manifest 28.03.2006 18:38 749 wuaucpl.cpl.manifest 28.03.2006 18:38 749 nwc.cpl.manifest 28.03.2006 18:38 749 ncpa.cpl.manifest 28.03.2006 18:38 749 sapi.cpl.manifest 28.03.2006 18:38 749 cdplayer.exe.manifest 28.03.2006 18:37 21.740 emptyregdb.dat 24.03.2006 06:37 49.152 wdigest.dll 23.03.2006 15:51 2.435.368 ieapfltr.dat 23.03.2006 15:51 22.752 spupdsvc.exe 23.03.2006 15:51 15.584 spmsg.dll 20.03.2006 01:06 42.918 normnfc.nls 20.03.2006 01:06 36.644 normnfd.nls 20.03.2006 01:06 63.176 normnfkc.nls 20.03.2006 01:06 59.342 normidna.nls 20.03.2006 01:06 20.480 normaliz.dll 20.03.2006 01:06 57.150 normnfkd.nls 20.03.2006 01:06 23.552 idndl.dll 20.03.2006 01:03 44.544 Jgaw400.dll 20.03.2006 01:03 167.936 Jgdw400.dll 20.03.2006 01:03 35.840 Jgmd400.dll 20.03.2006 01:03 42.496 Jgpl400.dll 20.03.2006 01:03 45.568 Jgsd400.dll 20.03.2006 01:03 65.536 Jgsh400.dll 20.03.2006 00:57 8.798 icrav03.rat 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 16.03.2006 11:34 71.448 zlcommdb.dll 16.03.2006 11:34 79.640 zlcomm.dll 16.03.2006 11:33 100.120 vsxml.dll 16.03.2006 11:33 382.744 vsutil.dll 16.03.2006 11:33 71.448 vsregexp.dll 16.03.2006 11:33 227.096 vspubapi.dll 16.03.2006 11:33 104.216 vsmonapi.dll 16.03.2006 11:33 141.080 vsinit.dll 16.03.2006 11:33 372.824 vsdatant.sys 16.03.2006 11:32 83.736 vsdata.dll 16.03.2006 11:16 54.960 vsutil_loc0407.dll 16.03.2006 11:15 42.672 imslsp_loc0407.dll 16.03.2006 11:15 30.384 imslsp_install_loc0407.dll 16.03.2006 11:15 30.384 imsinstall_loc0407.dll 16.03.2006 11:13 2.811.672 imslsp.dll 16.03.2006 11:13 657.184 imsinstall.dll 08.03.2006 14:24 117.760 xmllite.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 1.022.976 browseui.dll 04.03.2006 05:34 152.064 cdfview.dll 01.03.2006 21:43 11.776 xolehlp.dll 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 426.496 msdtcprx.dll 01.03.2006 21:43 91.136 mtxoci.dll 01.03.2006 21:43 956.416 msdtctm.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 19.02.2006 18:07 796.336 libeay32_0.9.6l.dll |
|
|
|
|
|
|
10.06.2006, 11:51
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
10.06.2006, 11:53
Member
Themenstarter Beiträge: 36 |
#5
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 44C6-C187 Verzeichnis von C:\DOKUME~1\KeViN\LOKALE~1\Temp 10.06.2006 11:51 512 ~DF5507.tmp 10.06.2006 11:51 442.368 ~DF54D3.tmp 10.06.2006 10:56 16.384 ~DF430A.tmp 10.06.2006 10:30 671.062 _iu14D2N.tmp 10.06.2006 10:27 1.460 wmplog03.sqm 10.06.2006 10:27 620 wmplog02.sqm 10.06.2006 10:26 620 wmplog01.sqm 10.06.2006 10:22 620 wmplog00.sqm 10.06.2006 08:45 16.384 ~DF7CDB.tmp 9 Datei(en) 1.150.030 Bytes 0 Verzeichnis(se), 6.115.024.896 Bytes frei 10.06.2006 10:18 349 wiadebug.log 10.06.2006 09:34 1.409 QTFont.for 10.06.2006 09:34 54.156 QTFont.qfn 10.06.2006 08:55 2.017.807 WindowsUpdate.log 10.06.2006 08:43 50 wiaservc.log 10.06.2006 08:43 2.048 bootstat.dat 09.06.2006 23:05 29.844 SchedLgU.Txt 09.06.2006 23:05 12 bthservsdp.dat 06.06.2006 16:12 0 PROTOCOL.INI 28.05.2006 11:16 1.799 ST4UNST.000 26.05.2006 22:26 13.052 mozver.dat 25.05.2006 00:15 171 icecast2.ini 20.05.2006 12:41 704 win.ini 18.05.2006 13:21 116 PCGWIN32.LI3 18.05.2006 13:04 316.640 WMSysPr9.prx 18.05.2006 13:04 4.161 ODBCINST.INI 14.05.2006 14:29 16 odbctrap.ini 14.05.2006 14:21 16 backodbc.ini 06.05.2006 09:11 0 musicmaker.INI 05.05.2006 17:38 1.264 unins000.dat 05.05.2006 17:38 72.748 unins000.exe 29.04.2006 18:24 201 safe.bup 25.04.2006 14:32 400 ODBC.INI 24.04.2006 08:38 116 NeroDigital.ini 21.04.2006 11:42 335 nsreg.dat 14.04.2006 13:08 754 WORDPAD.INI 11.04.2006 18:26 919 TypeTool.INI 08.04.2006 09:15 241 QSync.INI 07.04.2006 21:02 265 setup.iss 05.04.2006 21:25 107.134 UninstallFirefox.exe 29.03.2006 13:36 1.123 ARCHPR.INI 28.03.2006 21:58 78 wb.ini 28.03.2006 21:23 1.046.173 setupapi.log.0.old 28.03.2006 20:57 299.552 WMSysPrx.prx 28.03.2006 19:30 0 Sti_Trace.log 28.03.2006 19:28 231 system.ini 28.03.2006 18:46 8.192 REGLOCS.OLD 28.03.2006 18:39 0 control.ini 28.03.2006 18:38 749 WindowsShell.Manifest 28.03.2006 18:36 36 vb.ini 28.03.2006 18:36 37 vbaddin.ini 16.03.2006 11:34 59.168 zllsputility.exe 16.03.2006 11:17 26.288 zllsputility_loc0407.dll 10.06.2006 11:52 0 sys.txt 10.06.2006 11:52 4.599 system.txt 10.06.2006 11:52 689 systemtemp.txt 10.06.2006 11:51 102.675 system32.txt 10.06.2006 08:43 803.704.832 pagefile.sys 06.06.2006 18:10 167 ICQLite.log 18.05.2006 18:01 0 data.txt 07.04.2006 20:57 91 LogiSetup.log 28.03.2006 18:39 0 CONFIG.SYS 28.03.2006 18:39 0 MSDOS.SYS 28.03.2006 18:39 0 IO.SYS 28.03.2006 18:39 0 AUTOEXEC.BAT Ups, sry hab das wohl überlesen! |
|
|
|
|
|
|
10.06.2006, 12:03
Ehrenmitglied
Beiträge: 29434 |
#6
Info: SpyBrowser
http://virus-protect.org/artikel/spyware/spybrowser.html ------------------------------------------------------------------------ 1. öffne das HijackThis -- Button "scan" -- vor Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKCU\..\Run: [SpyBrowser] C:\Programme\SpyBro\SpyBro.exe /autostart PC neustarten ------------------------------------------------------------------------ 2. Avenger: http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom Avenger, was erscheint -------------------------------------------------------------------------------- loesche: C:\Programme\SpyBro __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 12:10
Member
Themenstarter Beiträge: 36 |
#7
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\syyodrxv ******************* Script file located at: \??\C:\bkysjbiy.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Antispy deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Antispy not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Antispy failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Antispy Status: 0xc0000034 File C:\Programme\SpyBro\LawEnforcer.dll deleted successfully. File C:\Programme\SpyBro\unins000.exe not found! Deletion of file C:\Programme\SpyBro\unins000.exe failed! Could not process line: C:\Programme\SpyBro\unins000.exe Status: 0xc0000034 File C:\Programme\SpyBro\Antispy.sys not found! Deletion of file C:\Programme\SpyBro\Antispy.sys failed! Could not process line: C:\Programme\SpyBro\Antispy.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A2D2E71-1882-44fb-923A-2FE0958B53F5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpionFrei_is1 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpionFrei_is1 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser deleted successfully. Registry key HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser not found! Deletion of registry key HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Ich hoffe mein PC is virenfrei jetzt? |
|
|
|
|
|
|
10.06.2006, 12:14
Ehrenmitglied
Beiträge: 29434 |
#8
öffne das HijackThis -- Button "scan" -- vor Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten
O4 - HKCU\..\Run: [SpyBrowser] C:\Programme\SpyBro\SpyBro.exe /autostart PC neustarten ------------------------------ noch mal, ich hab noch was veraendert Zitat registry keys to delete: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 12:20
Member
Themenstarter Beiträge: 36 |
#9
Hier:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xxygfcoj ******************* Script file located at: \??\C:\cgdanljl.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Antispy not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Antispy failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Antispy Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Antispy not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Antispy failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Antispy Status: 0xc0000034 File C:\WINDOWS\system32\unins000.dat not found! Deletion of file C:\WINDOWS\system32\unins000.dat failed! Could not process line: C:\WINDOWS\system32\unins000.dat Status: 0xc0000034 File C:\WINDOWS\system32\unins000.exe not found! Deletion of file C:\WINDOWS\system32\unins000.exe failed! Could not process line: C:\WINDOWS\system32\unins000.exe Status: 0xc0000034 File C:\Programme\SpyBro\LawEnforcer.dll not found! Deletion of file C:\Programme\SpyBro\LawEnforcer.dll failed! Could not process line: C:\Programme\SpyBro\LawEnforcer.dll Status: 0xc0000034 File C:\Programme\SpyBro\SpyBro.exe not found! Deletion of file C:\Programme\SpyBro\SpyBro.exe failed! Could not process line: C:\Programme\SpyBro\SpyBro.exe Status: 0xc0000034 File C:\Programme\SpyBro\unins000.exe not found! Deletion of file C:\Programme\SpyBro\unins000.exe failed! Could not process line: C:\Programme\SpyBro\unins000.exe Status: 0xc0000034 File C:\Programme\SpyBro\Antispy.sys not found! Deletion of file C:\Programme\SpyBro\Antispy.sys failed! Could not process line: C:\Programme\SpyBro\Antispy.sys Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A2D2E71-1882-44fb-923A-2FE0958B53F5} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A2D2E71-1882-44fb-923A-2FE0958B53F5} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpionFrei_is1 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpionFrei_is1 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser failed! Status: 0xc0000034 Registry key HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser not found! Deletion of registry key HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
10.06.2006, 12:25
Ehrenmitglied
Beiträge: 29434 |
#10
du bist zu schnell
 kopiere rein: Zitat Files to delete: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 12:29
Member
Themenstarter Beiträge: 36 |
#11
Ich muss dazu sagen bevor ich das gemacht habe deinstallierte ich ein Programm..
Darum diese Not Found! Dies kommt wenn ich es machen will: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Fatal error: could not create new script file. Error code: 2 Error logged to errorlog.txt. Aborting now! Ist es bösartig? 
|
|
|
|
|
|
|
10.06.2006, 12:29
Ehrenmitglied
Beiträge: 29434 |
#12
noch mal:
Registry Search by Bobbi Flekman in: "Enter search strings" (reinschreiben oder reinkopieren) SpyBro in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. ------------------------------------------------------ loesche manuell: C:\WINDOWS\unins000.dat C:\WINDOWS\unins000.exe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 12:35
Member
Themenstarter Beiträge: 36 |
#13
So, hier:
REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 10.06.2006 12:34:03 for strings: ; 'spybro' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run] "SpyBrowser"="C:\\Programme\\SpyBro\\SpyBro.exe /autostart" [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Programme\\SpyBro\\SpyBro.exe"="www.spyware-browser.com" "C:\\Programme\\SpyBro\\unins000.exe"="Setup/Uninstall" [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Antivirus] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\General] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\GuardOptions] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\GuardOptions\EnabledMonitors] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Monitors] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\RemoteConfig] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\ScanOptions] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\ScanOptions\CustomScan] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\ScanOptions\SelectedFolders] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\ScanOptions\StartupCustomScan] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Scheduler] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Scheduler\CustomScan] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Scheduler\Event 0] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Startup] [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\SpyBrowser\Statistics] ; End Of The Log... Ist es schlimm? |
|
|
|
|
|
|
10.06.2006, 13:51
Ehrenmitglied
Beiträge: 29434 |
#14
gehe in die Registry
Start - Ausfuehren - regedit bearbeiten - suchen - SpyBrowser loesche alles, was du findest, dann starte den Rechner neu und ueberpruefe mit Registry Search, ob alles raus ist. Zitat [HKEY_USERS\S-1-5-21-1123561945-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run] __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 14:23
Member
Themenstarter Beiträge: 36 |
||
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
In letzter Zeit ist mein PC bisschen langsam und mein Internet geht manchmal nicht.
Hab ich Viren auf meinem PC?
Bei ZoneLabs hab ich immer 0 Viren, stimmt das auch?
Hier mal Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 10:49:41, on 10.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Logitech\ImageStudio\LogiTray.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\SpyBro\SpyBro.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\KeViN\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpyBrowser] C:\Programme\SpyBro\SpyBro.exe /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143566418375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Danke euch für Antworten