Home » Spyware & Browser Hijacker Support Forum » WinAntiVirus Pro 2006 / Spyware Quake » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

WinAntiVirus Pro 2006 / Spyware Quake

17.07.2006, 13:04

huerlimann

Member

Beiträge: 15

#1 Hallo zusammen

Ich kriege unseren PC trotz mehreren Versuchen mit verschiedenen Tools nicht mehr sauber von diesen Programmen. Kommt täglich x Pop-ups etc..

Hab mal ein Logfile erstellt.

Bin sehr dankbar für jede hilfe.

Grüsse

Logfile of HijackThis v1.99.1
Scan saved at 12:59:15, on 17.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\WinAntiVirus Pro 2006\winav.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\COMMON~1\RACLE~1\regedit.exe
C:\Programme\Cablecom Assistant\bin\cablecom_assistant.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goggel/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glueckspost.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {8A7A457B-F692-DD62-9C4F-89BAAB644EB6} - C:\WINDOWS\system32\atntwshi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {B69C4C4D-A3AB-DB0A-F03E-8EEA1EEF29B5} - C:\WINDOWS\system32\lvqq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mfmzgj] C:\WINDOWS\mfmzgj.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Programme\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\RunOnce: [AAW] "C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ClockSync] C:\Programme\ClockSync\Sync.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Saoe] "C:\PROGRA~1\COMMON~1\RACLE~1\regedit.exe" -vt yazr
O4 - HKCU\..\Run: [Nfr] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\a?sembly\l?gonui.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Office alt\FILES\PFILES\MSOFFICE\OFFICE10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://irc1.bluewin.ch/java/cr.cab
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/2ea36d353a54d282f27d329c5b0859e6_35.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/3049de866c38ac6a7606/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102251875265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\notepad.dll C:\WINDOWS\system32\wowexec.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

17.07.2006, 16:52

Sabina

Ehrenmitglied

Beiträge: 29434

#2 huerlimann

Beginn (Datensammlung...es kommt dann noch mehr....)

1.
stelle den CleanUp genauso ein, wie hier angegeben: + PC neustarten
http://virus-protect.org/cleanup.html

2.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

17.07.2006, 18:02

huerlimann

Member

Themenstarter

Beiträge: 15

#3 system32.txt

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\WINDOWS\system32

17.07.2006 17:54 588'857 rtstv.ini2
17.07.2006 17:52 2 wapisu.exe
17.07.2006 17:52 2 stera.job
17.07.2006 17:51 24'064 ixt0.dll
17.07.2006 17:51 12'800 ismon.exe
17.07.2006 17:51 1'158 wpa.dbl
17.07.2006 17:43 668'259 BUTTER~1.log
17.07.2006 12:15 143 mcrh.tmp
16.07.2006 12:47 2 stera.log
16.07.2006 10:26 670'582 rtstv.bak2
16.07.2006 09:27 8'424 isnotify.exe
16.07.2006 09:27 35'328 issearch.exe
15.07.2006 16:33 4'286 ot.ico
15.07.2006 16:33 4'286 ts.ico
15.07.2006 16:31 105'488 ishost.exe
15.07.2006 12:20 40'836 perfc009.dat
15.07.2006 12:20 314'508 perfh009.dat
15.07.2006 12:20 49'174 perfc007.dat
15.07.2006 12:20 320'094 perfh007.dat
15.07.2006 12:20 732'166 PerfStringBackup.INI
12.07.2006 21:08 98'324 ptvesnqv.dll
07.07.2006 03:21 6'757'792 MRT.exe
28.06.2006 17:12 139'264 xfgdtfsb.dll
25.06.2006 13:38 588'244 rtstv.bak1
24.06.2006 11:44 593'570 rtstv.tmp
23.06.2006 22:33 590'001 rtstv.ini
23.06.2006 10:32 569'396 vtstr.dll
22.06.2006 21:40 81'920 wowexec.dll
22.06.2006 20:30 81'920 notepad.dll
22.06.2006 20:28 12'167 winhoo32.dll
22.06.2006 12:47 181'248 rasmans.dll
01.06.2006 20:47 163'840 jgdw400.dll
01.06.2006 20:47 27'648 jgpl400.dll
29.05.2006 17:30 1'494'016 shdocvw.dll
23.05.2006 17:26 579'888 LegitCheckControl.dll
23.05.2006 17:25 285'488 WgaTray.exe
23.05.2006 17:25 402'736 WgaLogon.dll
19.05.2006 17:09 3'073'536 mshtml.dll
19.05.2006 15:09 95'744 iphlpapi.dll
19.05.2006 15:09 112'128 dhcpcsvc.dll
19.05.2006 15:09 148'480 dnsapi.dll
18.05.2006 07:36 450'560 jscript.dll
11.05.2006 10:57 27'136 xpsp3res.dll
10.05.2006 07:23 664'064 wininet.dll
10.05.2006 07:22 615'936 urlmon.dll
10.05.2006 07:22 474'624 shlwapi.dll
10.05.2006 07:22 448'512 mshtmled.dll
10.05.2006 07:22 146'432 msrating.dll
10.05.2006 07:22 532'480 mstime.dll
10.05.2006 07:22 39'424 pngfilt.dll
10.05.2006 07:22 16'384 jsproxy.dll
10.05.2006 07:22 96'768 inseng.dll
10.05.2006 07:22 1'056'256 danim.dll
10.05.2006 07:22 205'312 dxtrans.dll
10.05.2006 07:22 357'888 dxtmsft.dll
10.05.2006 07:22 251'392 iepeers.dll
10.05.2006 07:22 55'808 extmgr.dll
10.05.2006 07:22 152'064 cdfview.dll
10.05.2006 07:22 1'022'976 browseui.dll
24.04.2006 15:40 4'730'880 wmp.dll

systemtemp.txt

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

17.07.2006 17:52 245'760 ~DF67C3.tmp
17.07.2006 17:52 0 wa6Support.log
17.07.2006 17:51 16'384 Perflib_Perfdata_e70.dat
04.01.2006 10:20 59'936 temp.frB270
4 Datei(en) 322'080 Bytes
0 Verzeichnis(se), 60'646'952'960 Bytes frei

windows.txt

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\WINDOWS

17.07.2006 17:53 1'557'089 WindowsUpdate.log
17.07.2006 17:51 0 0.log
17.07.2006 17:50 159 wiadebug.log
17.07.2006 17:50 50 wiaservc.log
17.07.2006 17:50 2'048 bootstat.dat
17.07.2006 17:49 32'552 SchedLgU.Txt
16.07.2006 12:15 332'424 setupapi.log
15.07.2006 12:01 1'090'027 iis6.log
15.07.2006 12:01 295'222 comsetup.log
15.07.2006 12:01 41'072 ocmsn.log
15.07.2006 12:01 417'901 tsoc.log
15.07.2006 12:01 181'368 ntdtcsetup.log
15.07.2006 12:01 1'374 imsins.log
15.07.2006 12:01 44'120 tabletoc.log
15.07.2006 12:01 11'854 KB917159.log
15.07.2006 12:01 31'852 medctroc.Log
15.07.2006 12:01 154'077 netfxocm.log
15.07.2006 12:01 473'940 ocgen.log
15.07.2006 12:01 44'165 msgsocm.log
15.07.2006 12:01 871'819 FaxSetup.log
15.07.2006 12:01 295'330 msmqinst.log
15.07.2006 12:01 1'374 imsins.BAK
15.07.2006 12:01 12'361 KB914388.log
15.07.2006 12:01 31'927 updspapi.log
15.07.2006 12:01 10'337 KB916595.log
13.07.2006 22:36 2'054 cddabase.ini
29.06.2006 12:01 11'133 KB911280.log
28.06.2006 13:02 314'703 wmsetup.log
22.06.2006 21:26 748 WOC_CDDA.ini
19.06.2006 11:33 9'374 wmsetup10.log
17.06.2006 07:39 30'453 spupdsvc.log
17.06.2006 07:14 12'034 KB917734.log
17.06.2006 07:14 14'126 KB918439.log
17.06.2006 07:14 14'483 KB917344.log
17.06.2006 07:14 14'258 KB917953.log
17.06.2006 07:13 17'971 KB916281.log
17.06.2006 07:13 11'414 KB914389.log
09.06.2006 20:03 54'156 QTFont.qfn
31.05.2006 16:41 8'537 WgaNotify.log
19.05.2006 20:34 1'409 QTFont.for
11.05.2006 19:19 500 GEARInstall.log
10.05.2006 12:00 11'685 KB913580.log
01.05.2006 10:55 22'324 pvsw.log
30.04.2006 11:26 574 HAFASWIN.INI
26.04.2006 12:00 11'135 KB900485.log
16.04.2006 21:03 14'993 KB908531.log
16.04.2006 21:03 14'235 KB911562.log
16.04.2006 21:03 16'250 KB912812.log
16.04.2006 21:02 10'641 KB911567.log

c.txt

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\

17.07.2006 17:57 0 sys.txt
17.07.2006 17:57 13'503 system.txt
17.07.2006 17:56 458 systemtemp.txt
17.07.2006 17:54 104'511 system32.txt
17.07.2006 17:50 528'011'264 hiberfil.sys
17.07.2006 17:50 792'723'456 pagefile.sys
21.05.2005 19:51 3'072 Thumbs.db
24.01.2005 18:15 211 boot.ini
24.01.2005 18:06 47'564 ntdetect.com
24.01.2005 18:06 251'184 ntldr
11.10.2004 19:39 1'531 hpothb07.tif
11.10.2004 19:39 416 hpothb07.dat
25.02.2004 17:00 13'259 devicetable.log
22.10.2003 16:20 357 Verknpfung mit PC-BIB.lnk
15.10.2003 11:39 0 IO.SYS
15.10.2003 11:39 0 MSDOS.SYS
10.07.2003 14:20 378'853 BLUEFI20.10b
29.08.2002 03:00 4'952 bootfont.bin
18 Datei(en) 1'321'554'591 Bytes
0 Verzeichnis(se), 60'646'903'808 Bytes frei

Vielen Dank für die schnelle antwort

17.07.2006, 20:58

Sabina

Ehrenmitglied

Beiträge: 29434

#4 1.
wende Vundofix an
http://virus-protect.org/artikel/tools/vundofixx.html

1.1
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen

2.
wende Avenger an
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein:

Zitat

registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware

Files to delete:

C:\Programme\WinAntiVirus Pro 2006\winpgi.dll
C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll
C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe
C:\Programme\WinAntiVirus Pro 2006\Support.exe
C:\Programme\WinAntiVirus Pro 2006\Updater.exe
C:\Programme\WinAntiVirus Pro 2006\winav.exe
C:\Programme\WinAntiVirus Pro 2006\manual.exe
C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll
C:\Programme\WinAntiVirus Pro 2006\pv.exe
C:\WINDOWS\system32\fwsvc.sys
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll
C:\WINDOWS\system32\pmnqguh.dll
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\wapisu.exe
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\rtstv.bak2
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\ts.ico
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ptvesnqv.dll
C:\WINDOWS\system32\xfgdtfsb.dll
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.tmp
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wowexec.dll
C:\WINDOWS\system32\notepad.dll
C:\WINDOWS\system32\winhoo32.dll

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom Avenger, was erscheint

**
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://goggel/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - {8A7A457B-F692-DD62-9C4F-89BAAB644EB6} - C:\WINDOWS\system32\atntwshi.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {B69C4C4D-A3AB-DB0A-F03E-8EEA1EEF29B5} - C:\WINDOWS\system32\lvqq.dll (file missing)

O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Programme\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKCU\..\Run: [Saoe] "C:\PROGRA~1\COMMON~1\RACLE~1\regedit.exe" -vt yazr
O4 - HKCU\..\Run: [Nfr] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\a?sembly\l?gonui.exe

O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/2ea36d353a54d282f27d329c5b0859e6_35.exe

O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe

PC neustarten

**
smitfraudfix anwenden
http://virus-protect.org/artikel/tools/smitfrautfix.html

**
neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

**
scanne mit ewido und poste den scanreport
http://virus-protect.org/ewido.html

------------------------------------------------------------------------

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006" >>files.txt
dir "C:\WinAntiVirus Pro 2006" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt >>files.txt
dir "C:\Programme\Common Files\WinAntiVirus Pro 2006"
dir "C:\Programme\WinAntiVirus Pro 2006" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
notepad files.txt

WinAntiVirus Pro 2006
http://virus-protect.org/artikel/spyware/winantivirus_%20pro_%202006.html
__________
MfG Sabina

rund um die PC-Sicherheit

18.07.2006, 13:51

huerlimann

Member

Themenstarter

Beiträge: 15

#5 avenger log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tcalypjy

*******************

Script file located at: \??\C:\WINDOWS\naarykto.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\winpgi.dll deleted successfully.

File C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe deleted successfully.

File C:\Programme\WinAntiVirus Pro 2006\Support.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\Support.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\Support.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\Updater.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\winav.exe deleted successfully.

File C:\Programme\WinAntiVirus Pro 2006\manual.exe not found!
Deletion of file C:\Programme\WinAntiVirus Pro 2006\manual.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\manual.exe
Status: 0xc0000034

File C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\pv.exe deleted successfully.

File C:\WINDOWS\system32\fwsvc.sys not found!
Deletion of file C:\WINDOWS\system32\fwsvc.sys failed!

Could not process line:
C:\WINDOWS\system32\fwsvc.sys
Status: 0xc0000034

File C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe not found!
Deletion of file C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe
Status: 0xc0000034

File C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll deleted successfully.

File C:\WINDOWS\system32\pmnqguh.dll not found!
Deletion of file C:\WINDOWS\system32\pmnqguh.dll failed!

Could not process line:
C:\WINDOWS\system32\pmnqguh.dll
Status: 0xc0000034

File C:\WINDOWS\system32\rtstv.ini2 not found!
Deletion of file C:\WINDOWS\system32\rtstv.ini2 failed!

Could not process line:
C:\WINDOWS\system32\rtstv.ini2
Status: 0xc0000034

File C:\WINDOWS\system32\wapisu.exe deleted successfully.
File C:\WINDOWS\system32\stera.job deleted successfully.
File C:\WINDOWS\system32\ixt0.dll deleted successfully.
File C:\WINDOWS\system32\ismon.exe deleted successfully.
File C:\WINDOWS\system32\mcrh.tmp deleted successfully.
File C:\WINDOWS\system32\stera.log deleted successfully.

File C:\WINDOWS\system32\rtstv.bak2 not found!
Deletion of file C:\WINDOWS\system32\rtstv.bak2 failed!

Could not process line:
C:\WINDOWS\system32\rtstv.bak2
Status: 0xc0000034

File C:\WINDOWS\system32\isnotify.exe deleted successfully.
File C:\WINDOWS\system32\issearch.exe deleted successfully.
File C:\WINDOWS\system32\ot.ico deleted successfully.
File C:\WINDOWS\system32\ts.ico deleted successfully.
File C:\WINDOWS\system32\ishost.exe deleted successfully.
File C:\WINDOWS\system32\ptvesnqv.dll deleted successfully.
File C:\WINDOWS\system32\xfgdtfsb.dll deleted successfully.

File C:\WINDOWS\system32\rtstv.bak1 not found!
Deletion of file C:\WINDOWS\system32\rtstv.bak1 failed!

Could not process line:
C:\WINDOWS\system32\rtstv.bak1
Status: 0xc0000034

File C:\WINDOWS\system32\rtstv.tmp not found!
Deletion of file C:\WINDOWS\system32\rtstv.tmp failed!

Could not process line:
C:\WINDOWS\system32\rtstv.tmp
Status: 0xc0000034

File C:\WINDOWS\system32\rtstv.ini not found!
Deletion of file C:\WINDOWS\system32\rtstv.ini failed!

Could not process line:
C:\WINDOWS\system32\rtstv.ini
Status: 0xc0000034

File C:\WINDOWS\system32\vtstr.dll not found!
Deletion of file C:\WINDOWS\system32\vtstr.dll failed!

Could not process line:
C:\WINDOWS\system32\vtstr.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wowexec.dll deleted successfully.
File C:\WINDOWS\system32\notepad.dll deleted successfully.
File C:\WINDOWS\system32\winhoo32.dll deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

smitfraudfix log

rapport1
SmitFraudFix v2.73

Scan done at 12:53:51.21, 18.07.2006
Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\ADMINI~1\FAVORI~1

C:\DOKUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

C:\Programme\SpyQuake2.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

rapport2
SmitFraudFix v2.73

Scan done at 13:01:52.09, 18.07.2006
Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOKUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\Programme\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

ewido log

ewido anti-spyware - Scan-Bericht
---------------------------------------------------------

+ Erstellt um: 13:46:20 18.07.2006

+ Scan-Ergebnis:

C:\Programme\Butterfly Oasis Screensaver\ButterflyOasis.exe -> Adware.GAINNetwork : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Programme\Butterfly Oasis Screensaver\BO1Uninstaller.exe -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Programme\Gemeinsame Dateien\nnfnhhrt\ntljpjnnlb\blrtfappa.exe -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Programme\Gemeinsame Dateien\nnfnhhrt\phtjnbbr\jerrfbfl.exe -> Adware.Gator : Mit Backup gesäubert (unter Quarantäne gestellt).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\avenger\backup.zip/avenger/notepad.dll -> Adware.PurityScan : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\avenger\backup.zip/avenger/wowexec.dll -> Adware.PurityScan : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\avenger\backup.zip/avenger/xfgdtfsb.dll -> Adware.PurityScan : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\Temp\win117.tmp.exe -> Adware.Virtumonde : Mit Backup gesäubert (unter Quarantäne gestellt).
HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Mit Backup gesäubert (unter Quarantäne gestellt).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Mit Backup gesäubert (unter Quarantäne gestellt).
HKU\S-1-5-21-2557097379-1158229929-1469869567-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\avenger\backup.zip/avenger/ismon.exe -> Downloader.Zlob.yt : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\avenger\backup.zip/avenger/ishost.exe -> Downloader.Zlob.yx : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\avenger\backup.zip/avenger/ptvesnqv.dll -> Logger.VBStat.d : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\system32\components\flx1.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignoriert.
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Gesäubert.
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Gesäubert.
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ivwbox[1].txt -> TrackingCookie.Ivwbox : Gesäubert.
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Gesäubert.
C:\avenger\backup.zip/avenger/winhoo32.dll -> Trojan.Agent.qt : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Programme\Common Files\Οracle\regedit.exe -> Trojan.PurityAd : Mit Backup gesäubert (unter Quarantäne gestellt).

::Berichtende

Listen.bat log

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\WINDOWS\system32\components

18.07.2006 12:41 <DIR> .
18.07.2006 12:41 <DIR> ..
15.07.2006 16:33 65'179 flx1.dll
1 Datei(en) 65'179 Bytes
2 Verzeichnis(se), 60'609'007'616 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006

16.07.2006 12:15 <DIR> .
16.07.2006 12:15 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 60'609'007'616 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\WINDOWS\Downloaded Program Files

15.06.2000 05:50 2'618 acelpacm.inf
16.01.2004 18:51 197'760 avsniff.dll
16.01.2004 18:49 626 avsniff.inf
16.01.2004 18:49 241 CabSA.inf
29.01.2004 02:00 2'390 catalog.dat
06.08.2003 19:57 520 ConferenceRoom Java Client.osd
14.10.1997 13:52 697 DirectAnimation Java Classes.osd
14.07.2003 23:57 87'096 IEAWSDC.DLL
12.07.2003 03:02 438 ieawsdc.inf
31.03.2004 16:40 393'216 imloader.exe
29.01.2004 16:02 409 ITDetector.inf
03.02.2004 11:26 49'152 ITDetector.ocx
25.08.2003 18:12 1'096 iuctl.inf
30.11.2005 11:12 899 jinstall-1_3_1_17.inf
20.01.2000 15:25 1'162 Microsoft XML Parser for Java.osd
05.04.2006 16:12 63'056 MusicManagerUnInstaller.exe
16.01.2004 18:47 6'854 navapi.vxd
16.01.2004 18:47 208'896 navapi32.dll
29.01.2004 02:00 119'792 naveng32.dll
29.01.2004 02:00 652'272 navex32a.dll
22.08.2003 21:10 226 opuc.inf
03.03.2003 15:06 524'404 RdxIE.dll
16.01.2004 18:52 160'928 rufsi.dll
29.01.2004 02:00 81'952 scrauth.dat
27.08.2005 14:30 5'065 swflash.inf
29.01.2004 02:00 8'137 symaveng.cat
29.01.2004 02:00 900 symaveng.inf
29.01.2004 02:00 2'397 tcdefs.dat
29.01.2004 02:00 17'867 tcscan7.dat
29.01.2004 02:00 46'171 tcscan8.dat
29.01.2004 02:00 119'488 tcscan9.dat
29.01.2004 02:00 453 tinf.dat
29.01.2004 02:00 148 tinfidx.dat
29.01.2004 02:00 1'957 tinfl.dat
29.01.2004 02:00 32'594 tscan1.dat
29.01.2004 02:00 1'179 tscan1hd.dat
29.01.2004 02:00 5'382 v.grd
29.01.2004 02:00 2'225 v.sig
29.01.2004 02:00 106'244 virscan.inf
29.01.2004 02:00 850'786 virscan1.dat
29.01.2004 02:00 526'481 virscan2.dat
29.01.2004 02:00 143'156 virscan3.dat
29.01.2004 02:00 316'361 virscan4.dat
29.01.2004 02:00 70'684 virscan5.dat
29.01.2004 02:00 373'774 virscan6.dat
29.01.2004 02:00 936'787 virscan7.dat
29.01.2004 02:00 996'141 virscan8.dat
29.01.2004 02:00 1'014'876 virscan9.dat
29.01.2004 02:00 32 virscant.dat
17.04.2000 13:04 3'072 voxacm.inf
30.01.2004 14:03 2'072 vscanmsx.dat
03.08.2004 15:51 293 wuweb.inf
29.01.2004 02:00 224 zdone.dat
53 Datei(en) 8'141'646 Bytes
0 Verzeichnis(se), 60'609'003'520 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\Programme\Common Files

16.07.2006 12:18 <DIR> .
16.07.2006 12:18 <DIR> ..
16.07.2006 12:18 <DIR> Companion Wizard
21.07.2005 12:52 <DIR> Motive
22.06.2006 23:02 <DIR> M?crosoft
07.07.2004 11:27 <DIR> System
09.07.2006 18:43 <DIR> s?mbols
28.06.2006 20:34 <DIR> ?racle
06.07.2006 10:56 <DIR> ??stem32
12.07.2006 18:17 <DIR> ??pPatch
0 Datei(en) 0 Bytes
10 Verzeichnis(se), 60'608'999'424 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\Programme\WinAntiVirus Pro 2006

18.07.2006 12:44 <DIR> .
18.07.2006 12:44 <DIR> ..
14.10.2005 12:16 2'048 Activate.exe
27.12.2005 19:00 65'536 asmngr.dll
25.04.2006 22:29 323'584 avkernel.dll
16.07.2006 12:14 <DIR> AWBase
10.02.2006 11:53 126'834 BkSites.dat
16.07.2006 12:14 139 bnlink.dat
16.07.2006 12:14 260 bpupdater.dat
05.01.2006 18:23 606'208 CompWiz.exe
18.07.2006 12:40 <DIR> Download
14.10.2005 12:38 53'248 fat.exe
06.10.2005 11:45 32'768 fopn.exe
28.10.2005 17:49 35'328 fopn.sys
31.10.2005 16:53 49'152 fopnl.dll
16.07.2006 12:44 13'312 history.db
29.03.2006 17:13 119'296 IEFWBHO.dll
16.07.2006 12:14 <DIR> img
23.09.2005 16:59 57'344 install.exe
05.01.2006 18:20 111'104 InstHelp.exe
21.09.2005 12:25 5 lapv.dat
20.12.2005 19:11 67'872 License.rtf
24.12.2005 18:55 80 online.url
16.07.2006 12:14 <DIR> PGBase
16.07.2006 12:14 412 PGupdater.dat
29.10.2005 11:28 6'868 phigh.bin
29.10.2005 11:28 6'844 pmedium.bin
18.10.2005 11:31 69 prc.dat
25.10.2005 14:32 9'812 prerules.xml
10.01.2006 16:33 2'010 ps.dat
26.04.2006 17:11 9 pv.dat
16.07.2006 12:14 <DIR> res
27.12.2005 19:00 163'840 rpt.dll
24.12.2005 17:16 126'976 RulSrv.dll
16.07.2006 13:05 18 settings.bin
29.10.2005 10:57 246'784 sqlite3.dll
16.07.2006 12:14 129 sr.log
04.03.2005 13:51 31 st.dat
10.12.2005 17:32 72 support.url
16.07.2006 12:14 8'516 unins000.dat
16.07.2006 12:14 675'748 unins000.exe
06.10.2005 13:09 1'406 uninstall.ico
23.12.2005 15:38 5'059 UninstallPage.html
26.01.2005 14:20 37 up.dat
16.07.2006 12:14 276 updater.dat
24.10.2005 11:52 86'016 VAExt.exe
16.07.2006 12:15 10 vbpv.dat
16.07.2006 12:15 <DIR> WABase
16.07.2006 12:14 440 WAupdater.dat
23.09.2005 17:03 177'133 worldmap.swf
42 Datei(en) 3'182'633 Bytes
8 Verzeichnis(se), 60'608'999'424 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006

18.07.2006 12:44 <DIR> .
18.07.2006 12:44 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 60'608'999'424 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp

18.07.2006 13:09 <DIR> .
18.07.2006 13:09 <DIR> ..
18.07.2006 13:09 16'384 Perflib_Perfdata_278.dat
1 Datei(en) 16'384 Bytes
2 Verzeichnis(se), 60'608'999'424 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\WINDOWS\Temp

18.07.2006 13:46 <DIR> .
18.07.2006 13:46 <DIR> ..
17.07.2006 19:53 1'192 DrvLsnr1153151482.log
18.07.2006 12:34 949 DrvLsnr1153208964.log
18.07.2006 12:43 949 DrvLsnr1153219170.log
18.07.2006 12:46 787 DrvLsnr1153219463.log
18.07.2006 12:52 787 DrvLsnr1153219836.log
18.07.2006 12:57 544 DrvLsnr1153220203.log
18.07.2006 13:46 1'678 DrvLsnr1153220646.log
18.07.2006 13:40 219 WGAErrLog.txt
18.07.2006 13:04 373 WGANotify.settings
18.07.2006 09:48 0 win1.tmp
18.07.2006 09:50 0 win10.tmp
18.07.2006 12:20 0 win100.tmp
18.07.2006 12:20 0 win101.tmp
18.07.2006 12:20 0 win102.tmp
18.07.2006 12:22 0 win103.tmp
18.07.2006 12:22 0 win104.tmp
18.07.2006 12:22 0 win105.tmp
18.07.2006 12:24 0 win106.tmp
18.07.2006 12:24 0 win107.tmp
18.07.2006 12:24 0 win108.tmp
18.07.2006 12:26 0 win109.tmp
18.07.2006 12:26 0 win10A.tmp
18.07.2006 12:26 0 win10B.tmp
18.07.2006 12:28 0 win10C.tmp
18.07.2006 12:28 0 win10D.tmp
18.07.2006 12:28 0 win10E.tmp
18.07.2006 12:30 0 win10F.tmp
17.07.2006 19:34 0 win11.tmp
18.07.2006 12:30 0 win110.tmp
18.07.2006 12:30 0 win111.tmp
18.07.2006 12:32 0 win112.tmp
18.07.2006 12:32 0 win113.tmp
18.07.2006 12:32 0 win114.tmp
18.07.2006 12:34 903 win115.tmp
18.07.2006 12:36 0 win116.tmp
18.07.2006 12:43 0 win118.tmp
18.07.2006 12:43 0 win119.tmp
18.07.2006 12:43 0 win11A.tmp
18.07.2006 12:43 0 win11B.tmp
18.07.2006 12:43 0 win11C.tmp
18.07.2006 12:43 0 win11D.tmp

edit

299 Datei(en) 10'187 Bytes
2 Verzeichnis(se), 60'608'983'040 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\Programme

18.07.2006 13:07 <DIR> .
18.07.2006 13:07 <DIR> ..
14.10.2005 20:38 <DIR> 1stbenison
20.02.2006 21:24 <DIR> Adobe
22.06.2006 18:25 <DIR> Ahead
22.06.2006 18:25 <DIR> Ahead2
11.05.2005 15:05 <DIR> AIM95
21.09.2003 17:03 <DIR> Analog Devices
18.02.2004 22:46 <DIR> audiograbber
28.06.2006 20:34 <DIR> A?pPatch
18.07.2006 13:08 <DIR> Butterfly Oasis Screensaver
21.07.2005 12:52 <DIR> Cablecom Assistant
17.07.2006 17:46 <DIR> CleanUp!
16.07.2006 12:18 <DIR> Common Files
21.09.2003 17:03 <DIR> Compaq
21.09.2003 17:03 <DIR> ComPlus Applications
22.06.2006 23:02 <DIR> Cowabanga
27.12.2003 12:47 <DIR> DirectNet3
26.06.2006 19:56 <DIR> EasyTax
18.07.2006 13:09 <DIR> ewido anti-spyware 4.0
18.07.2006 13:04 <DIR> Gemeinsame Dateien
06.10.2005 18:37 <DIR> Google
17.10.2003 12:11 <DIR> Grafikprogramm
02.11.2003 16:19 <DIR> Hewlett-Packard
11.02.2004 13:39 <DIR> HighMAT CD Writing Wizard
17.06.2006 07:13 <DIR> Internet Explorer
21.09.2003 17:03 <DIR> InterVideo
11.05.2006 19:19 <DIR> iPod
11.05.2006 19:19 <DIR> iTunes
03.02.2006 17:22 <DIR> JavaSoft
22.06.2006 21:57 <DIR> Lavasoft
22.09.2003 00:07 <DIR> Logitech
09.02.2005 21:18 <DIR> Messenger
21.09.2003 17:03 <DIR> microsoft frontpage
23.04.2004 10:55 <DIR> Microsoft Office
14.10.2003 23:26 <DIR> Microsoft Visual Studio
23.04.2004 10:55 <DIR> Microsoft Works
23.04.2004 10:56 <DIR> Microsoft.NET
21.07.2005 12:52 <DIR> Motive
24.01.2005 18:14 <DIR> Movie Maker
21.09.2003 17:03 <DIR> MSN Gaming Zone
25.06.2005 14:08 <DIR> MSN Messenger
24.01.2005 18:09 <DIR> NetMeeting
17.07.2006 12:09 <DIR> Norton AntiVirus
09.02.2005 20:58 <DIR> OfficeUpdate11
21.09.2003 17:03 <DIR> Online-Dienste
16.07.2004 11:09 <DIR> Opera7
16.04.2006 21:02 <DIR> Outlook Express
21.09.2003 20:16 <DIR> Programmverknpfungen
11.05.2006 19:20 <DIR> QuickTime
30.12.2003 13:50 <DIR> Real
26.02.2004 21:00 <DIR> Roxio
14.10.2005 12:29 <DIR> Steinberg
15.07.2006 17:54 <DIR> Symantec
10.02.2005 17:19 <DIR> SymNetDrv
01.07.2006 10:38 <DIR> s?mbols
11.07.2006 12:53 <DIR> s?stem
22.06.2006 20:49 <DIR> tunebite
25.12.2003 17:17 <DIR> TweakPower
11.05.2005 15:05 <DIR> Viewpoint
14.10.2005 12:30 <DIR> VOB
18.07.2006 12:44 <DIR> WinAntiVirus Pro 2006
17.02.2006 13:01 <DIR> Windows Media Player
24.01.2005 18:09 <DIR> Windows NT
22.09.2003 00:11 <DIR> WinRAR
18.05.2004 18:54 <DIR> WinZip
05.07.2006 11:17 <DIR> W?nSxS
21.09.2003 17:03 <DIR> xerox
16.07.2006 12:48 <DIR> ?ecurity
0 Datei(en) 0 Bytes
69 Verzeichnis(se), 60'608'978'944 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten

31.05.2006 17:06 <DIR> Adobe
12.06.2006 12:54 <DIR> AdobeUM
16.03.2005 20:27 <DIR> Ahead
11.05.2005 15:06 <DIR> Aim
11.05.2006 19:20 <DIR> Apple Computer
25.01.2004 18:43 0 dm.ini
13.10.2005 11:34 <DIR> Fraunhofer
15.01.2004 15:34 24'968 GDIPFONTCACHEV1.DAT
06.10.2005 18:38 <DIR> Google
16.10.2003 16:54 <DIR> Help
02.11.2003 16:37 <DIR> Hewlett-Packard
21.09.2003 17:03 <DIR> Identities
23.01.2005 19:30 <DIR> InterVideo
22.06.2006 21:58 <DIR> Lavasoft
02.05.2004 15:03 <DIR> Leadertech
22.10.2003 09:08 <DIR> Macromedia
30.09.2003 09:55 <DIR> Microsoft Web Folders
21.07.2005 13:22 <DIR> Motive
15.12.2003 12:00 <DIR> MSN6
08.11.2003 21:08 <DIR> NeroVision
16.07.2004 11:09 <DIR> Opera
02.11.2003 16:19 <DIR> Ordner HP Share-to-Web
30.12.2003 13:51 <DIR> Real
08.11.2003 19:53 <DIR> Roxio
28.09.2003 14:25 <DIR> Symantec
22.06.2006 21:22 <DIR> tunebite
16.07.2006 12:15 <DIR> WinAntiVirus Pro 2006
17.07.2006 17:52 <DIR> ?racle
15.07.2006 11:54 <DIR> ?icrosoft
2 Datei(en) 24'968 Bytes
27 Verzeichnis(se), 60'608'978'944 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6C2A-05E7

Verzeichnis von C:\Programme\Gemeinsame Dateien

18.07.2006 13:04 <DIR> .
18.07.2006 13:04 <DIR> ..
25.01.2004 18:38 <DIR> Adobe
08.11.2003 21:06 <DIR> Ahead
15.10.2003 11:58 <DIR> Borland Shared
14.10.2003 23:26 <DIR> Designer
21.09.2003 17:03 <DIR> Dienste
26.02.2004 20:58 <DIR> InstallShield
22.09.2003 00:07 <DIR> Logitech
27.07.2004 13:41 <DIR> Microsoft Shared
21.09.2003 17:03 <DIR> MSSoap
05.01.2005 13:39 <DIR> nnfnhhrt
21.09.2003 17:03 <DIR> ODBC
30.12.2003 13:51 <DIR> Real
26.02.2004 21:00 <DIR> ROXIO
26.02.2004 21:01 <DIR> Roxio Shared
21.09.2003 17:03 <DIR> SpeechEngines
15.07.2006 17:55 <DIR> Symantec Shared
16.04.2006 21:02 <DIR> System
18.07.2006 12:44 <DIR> WinAntiVirus Pro 2006
30.12.2003 13:51 <DIR> xing shared
0 Datei(en) 0 Bytes
21 Verzeichnis(se), 60'608'974'848 Bytes frei

18.07.2006, 14:27

Sabina

Ehrenmitglied

Beiträge: 29434

#6 Avenger

Zitat

registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
HKEY_CLASSES_ROOT\WAP6.PCheck

Files to delete:

C:\Windows\Temp\win115.tmp
C:\Windows\Temp\win12.tmp
C:\Windows\Temp\win16.tmp
C:\WINDOWS\Downloaded Program Files\imloader.exe
C:\WINDOWS\system32\components\flx1.dll
C:\Programme\WinAntiVirus Pro 2006\Activate.exe
C:\Programme\WinAntiVirus Pro 2006\asmngr.dll
C:\Programme\WinAntiVirus Pro 2006\avkernel.dll
C:\Programme\WinAntiVirus Pro 2006\BkSites.dat
C:\Programme\WinAntiVirus Pro 2006\bnlink.dat
C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat
C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe
C:\Programme\WinAntiVirus Pro 2006\fat.exe
C:\Programme\WinAntiVirus Pro 2006\fopn.exe
C:\Programme\WinAntiVirus Pro 2006\fopn.sys
C:\Programme\WinAntiVirus Pro 2006\fopnl.dll
C:\Programme\WinAntiVirus Pro 2006\history.db
C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll
C:\Programme\WinAntiVirus Pro 2006\install.exe
C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe
C:\Programme\WinAntiVirus Pro 2006\lapv.dat
C:\Programme\WinAntiVirus Pro 2006\License.rtf
C:\Programme\WinAntiVirus Pro 2006\online.url
C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat
C:\Programme\WinAntiVirus Pro 2006\phigh.bin
C:\Programme\WinAntiVirus Pro 2006\pmedium.bin
C:\Programme\WinAntiVirus Pro 2006\prc.dat
C:\Programme\WinAntiVirus Pro 2006\prerules.xml
C:\Programme\WinAntiVirus Pro 2006\ps.dat
C:\Programme\WinAntiVirus Pro 2006\pv.dat
C:\Programme\WinAntiVirus Pro 2006\rpt.dll
C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll
C:\Programme\WinAntiVirus Pro 2006\settings.bin
C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll
C:\Programme\WinAntiVirus Pro 2006\sr.log
C:\Programme\WinAntiVirus Pro 2006\st.dat
C:\Programme\WinAntiVirus Pro 2006\support.url
C:\Programme\WinAntiVirus Pro 2006\unins000.dat
C:\Programme\WinAntiVirus Pro 2006\unins000.exe
C:\Programme\WinAntiVirus Pro 2006\uninstall.ico
C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html
C:\Programme\WinAntiVirus Pro 2006\up.dat
C:\Programme\WinAntiVirus Pro 2006\updater.dat
C:\Programme\WinAntiVirus Pro 2006\VAExt.exe
C:\Programme\WinAntiVirus Pro 2006\vbpv.dat
C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat
C:\Programme\WinAntiVirus Pro 2006\worldmap.swf

im abgesicherten Modus loeschen:

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006

--------------------------------------------------------------------

C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
C:\Programme\Gemeinsame Dateien\nnfnhhrt

05.01.2005 13:39 <DIR> nnfnhhrt
18.07.2006 12:44 <DIR> WinAntiVirus Pro 2006

-------------------------------------------------------------------

-> die "Fragezeichen stellen sich so dar:

du musst also immer nach den letzten Buchstaben suchen/oder nach dem Datum.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinAntiVirus Pro 2006
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\?racle
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\?icrosoft

16.07.2006 12:15 <DIR> WinAntiVirus Pro 2006
17.07.2006 17:52 <DIR> ?racle -> nach "racle" suchen und dem 17.07.
15.07.2006 11:54 <DIR> ?icrosoft

--------------------------------------------------------------------------

C:\Programme\
18.07.2006 12:44 <DIR> WinAntiVirus Pro 2006
28.06.2006 20:34 <DIR> A?pPatch
18.07.2006 13:08 <DIR> Butterfly Oasis Screensaver
22.06.2006 23:02 <DIR> Cowabanga
01.07.2006 10:38 <DIR> s?mbols
11.07.2006 12:53 <DIR> s?stem
05.07.2006 11:17 <DIR> W?nSxS
16.07.2006 12:48 <DIR> ?ecurity

----------------------------------------------------------------------

Verzeichnis von C:\WINDOWS\Temp

17.07.2006 19:53 1'192 DrvLsnr1153151482.log
18.07.2006 12:34 949 DrvLsnr1153208964.log
18.07.2006 12:43 949 DrvLsnr1153219170.log
18.07.2006 12:46 787 DrvLsnr1153219463.log
18.07.2006 12:52 787 DrvLsnr1153219836.log
18.07.2006 12:57 544 DrvLsnr1153220203.log
18.07.2006 13:46 1'678 DrvLsnr1153220646.log
18.07.2006 13:40 219 WGAErrLog.txt
18.07.2006 13:04 373 WGANotify.settings
18.07.2006 09:48 0 win1.tmp
18.07.2006 09:50 0 win10.tmp
18.07.2006 12:20 0 win100.tmp
18.07.2006 12:20 0 win101.tmp
18.07.2006 12:20 0 win102.tmp

alle win...loeschen

---------------------------------------------------------------------------------

Verzeichnis von C:\Programme\Common Files

22.06.2006 23:02 <DIR> M?crosoft
09.07.2006 18:43 <DIR> s?mbols
28.06.2006 20:34 <DIR> ?racle ->

06.07.2006 10:56 <DIR> ??stem32
12.07.2006 18:17 <DIR> ??pPatch

C:\WINDOWS\system32\components
C:\avenger\backup.zip
C:\Programme\Common Files\Companion Wizard

-------------------------------------------------------------------

scanne mit Counterspy und poste den scanreport (stelle vorher alles auf "remove"
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

18.07.2006, 18:52

huerlimann

Member

Themenstarter

Beiträge: 15

#7 vielen dank

Script file located at: \??\C:\WINDOWS\ykdkhbyj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN deleted successfully.

File C:\Windows\Temp\win115.tmp deleted successfully.
File C:\Windows\Temp\win12.tmp deleted successfully.
File C:\Windows\Temp\win16.tmp deleted successfully.
File C:\WINDOWS\Downloaded Program Files\imloader.exe deleted successfully.
File C:\WINDOWS\system32\components\flx1.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\Activate.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\asmngr.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\avkernel.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\BkSites.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\bnlink.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\fat.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\fopn.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\fopn.sys deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\fopnl.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\history.db deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\install.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\lapv.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\License.rtf deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\online.url deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\phigh.bin deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\pmedium.bin deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\prc.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\prerules.xml deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\ps.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\pv.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\rpt.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\settings.bin deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\sr.log deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\st.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\support.url deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\unins000.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\unins000.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\uninstall.ico deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\up.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\updater.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\VAExt.exe deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\vbpv.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat deleted successfully.
File C:\Programme\WinAntiVirus Pro 2006\worldmap.swf deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////

Detected spyware

Claria.DashBar Adware Installer more information...
Details: DashBar is an ad supported search toolbar from the GAIN Network.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\dashbar\dashbar website.lnk

Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\about gain publishing.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\gain publishing web site.url

Claria.ScreenScenes Adware Installer more information...
Details: ScreenScenes are ad supported downloadable screensavers from Claria/GAIN Publishing.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\butterfly oasis screensaver\butterfly oasis preview.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\butterfly oasis screensaver\butterfly oasis settings.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\butterfly oasis screensaver\get more screensavers.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\butterfly oasis screensaver\more info at screenscenes.com.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\butterfly oasis screensaver\upgrade to premium version.lnk
c:\windows\system32\butterfly oasis screensaver.scr
c:\windows\system32\uninstallbo.exe

Infected registry entries detected
HKEY_CURRENT_USER\Software\ScreenScenes
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis flag_clock 0
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis flag_PlaySound 0
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis flag_fps 0
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis TermMouse 1
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis Gamma 256
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis flag_defres 1
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis ResHor 1280
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis ResVert 1024
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis ColorDepth 32
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis NumButterfly 10
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis clockX 1190
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis clockY 90
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis clockRad 70
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis ColorClock 16772562
HKEY_CURRENT_USER\Software\ScreenScenes\ButterflyOasis SetSpeed 1
HKEY_LOCAL_MACHINE\Software\ButterflyOasis
HKEY_LOCAL_MACHINE\Software\ButterflyOasis Ad 1
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\ButterflyOasis
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\ButterflyOasis DisplayName Butterfly Oasis Screensaver
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\ButterflyOasis UninstallString C:\PROGRA~1\Butterfly Oasis Screensaver\BO1Uninstaller.exe
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\ButterflyOasis DisplayIcon C:\PROGRA~1\Butterfly Oasis Screensaver\BO1Uninstaller.exe,-0

DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\security troubleshooting.url
c:\dokumente und einstellungen\all users\startmenü\online security guide.url

Claria.GotSmiley Adware (General) more information...
Details: GotSmiley is an ad supported program that provides the user with smileys for use in emails.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\about gain publishing.lnk

WinAntiVirus Pro Rogue Security Program more information...
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\winantivirus pro 2006\winantivirus pro 2006.lnk

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\WinPGI.DLL AppID {367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_CLASSES_ROOT\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} AppID
HKEY_CLASSES_ROOT\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}\Programmable
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32 C:\Programme\Common Files\Companion Wizard\WapCHK.dll
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR C:\Programme\Common Files\Companion Wizard\
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0 CheckProduct2Lib
HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\0\win32 C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll
HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0\HELPDIR C:\Programme\WinAntiVirus Pro 2006\
HKEY_CLASSES_ROOT\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}\1.0 IEFWBHO 2.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0\win32 C:\Programme\WinAntiVirus Pro 2006\winpgi.dll
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\HELPDIR C:\Programme\WinAntiVirus Pro 2006\
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0 PGIntegrator 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0\win32 C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll
HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\HELPDIR C:\Programme\WinAntiVirus Pro 2006\
HKEY_CLASSES_ROOT\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0 WAV6COM 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 IEPage http://www.google.com/
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StoreHistory 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 AllowPopupClickType 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeOpenedPopups 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddBorders 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeFitToDesktop 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddMenuAndToolbar 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 TimedPopupLimit 2
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StartBlockOnTimedPopups 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainPopupLimit 2
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainOnPopups 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 Active 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 DefaultAction 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings EnableIEBlockSite 2
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VSScan 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VirusShield 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings MailProtect 1
HKEY_CLASSES_ROOT\clsid\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
HKEY_CLASSES_ROOT\clsid\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\InprocServer32 C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll
HKEY_CLASSES_ROOT\clsid\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\clsid\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\ProgID IEFWBHO.IEFW.2
HKEY_CLASSES_ROOT\clsid\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\TypeLib {2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
HKEY_CLASSES_ROOT\clsid\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\VersionIndependentProgID IEFWBHO.IEFW
HKEY_CLASSES_ROOT\clsid\{B5141620-C2B2-4D95-9F0F-134D99C87AB0} IEFW Object
HKEY_CLASSES_ROOT\clsid\{B5141620-C2B2-4D95-9F0F-134D99C87AB0} AppID

CoolWebSearch.StartPage Hijacker more information...
Details: CoolWebSearch StartPage hijacks Internet Explorers start page not allowing the user to change this URL.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Bar_bak
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak

WhenU.ClockSync Low Risk Adware more information...
Details: ClockSync: a program that sits in the desktop tray and periodically synchronizes the local PC system clock with standard atomic clock time available online.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ClockSync

AvenueMedia.InternetOptimizer Browser Plug-in more information...
Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Active Alert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Active Alert SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Active Alert Changed 0

IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0

180solutions.SearchAssistant Adware (General) more information...
Details: 180search Assistant is an adware application that monitors users' search queries and web surfing in order to display targeted advertising.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\msbb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\msbb SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\msbb Changed 0

Trojan.WinlogonHook.Delf.A Trojan more information...
Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 3019
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 141
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 34
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV

Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\administrator\cookies\administrator@mediaplex[1].txt

18.07.2006, 19:17

Sabina

Ehrenmitglied

Beiträge: 29434

#8 1.
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet.

2.
smitrfaudfix anwenden (option1 und 2 )- lasse auch die registry mitreinigen
http://virus-protect.org/artikel/tools/smitfrautfix.html

3.
dann poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

18.07.2006, 23:03

huerlimann

Member

Themenstarter

Beiträge: 15

#9 counterspy hat nichts mehr gefunden. auch im quarantäne-manger ist nichts.

smitrfaudfix
option 1 log

SmitFraudFix v2.73

Scan done at 20:27:26.29, 18.07.2006
Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\ADMINI~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

smitrfaudfix
option 2 log

SmitFraudFix v2.73

Scan done at 20:31:00.00, 18.07.2006
Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

und das hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 23:00:50, on 18.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programme\Cablecom Assistant\bin\cablecom_assistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glueckspost.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {7808B71C-0AF2-7409-F0EB-73D58D76B1BD} - C:\WINDOWS\system32\xfgdtfsb.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2} - (no file)
O2 - BHO: (no name) - {33B349B3-FC00-DFFF-0695-844A3485A3BE} - C:\WINDOWS\system32\svqy.dll (file missing)
O2 - BHO: (no name) - {5B4AD6B9-50C3-4767-AFC6-21C20D7476BE} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: (no name) - {7808B71C-0AF2-7409-F0EB-73D58D76B1BD} - C:\WINDOWS\system32\xfgdtfsb.dll (file missing)
O2 - BHO: (no name) - {8A7A457B-F692-DD62-9C4F-89BAAB644EB6} - C:\WINDOWS\system32\atntwshi.dll (file missing)
O2 - BHO: (no name) - {9E097D13-9CA2-B652-F5BE-E62C826E0BBF} - C:\WINDOWS\system32\epnsjs.dll (file missing)
O2 - BHO: (no name) - {B69C4C4D-A3AB-DB0A-F03E-8EEA1EEF29B5} - C:\WINDOWS\system32\lvqq.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mfmzgj] C:\WINDOWS\mfmzgj.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Office alt\FILES\PFILES\MSOFFICE\OFFICE10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://irc1.bluewin.ch/java/cr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/3049de866c38ac6a7606/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102251875265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\notepad.dll C:\WINDOWS\system32\wowexec.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

vielen dank

18.07.2006, 23:10

Sabina

Ehrenmitglied

Beiträge: 29434

#10 1.
Avenger

Zitat

Files to delete:

C:\WINDOWS\system32\wowexec.dll
C:\WINDOWS\system32\notepad.dll
C:\WINDOWS\mfmzgj.exe

2.
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R3 - URLSearchHook: (no name) - {7808B71C-0AF2-7409-F0EB-73D58D76B1BD} - C:\WINDOWS\system32\xfgdtfsb.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2} - (no file)
O2 - BHO: (no name) - {33B349B3-FC00-DFFF-0695-844A3485A3BE} - C:\WINDOWS\system32\svqy.dll (file missing)
O2 - BHO: (no name) - {5B4AD6B9-50C3-4767-AFC6-21C20D7476BE} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: (no name) - {7808B71C-0AF2-7409-F0EB-73D58D76B1BD} - C:\WINDOWS\system32\xfgdtfsb.dll (file missing)
O2 - BHO: (no name) - {8A7A457B-F692-DD62-9C4F-89BAAB644EB6} - C:\WINDOWS\system32\atntwshi.dll (file missing)
O2 - BHO: (no name) - {9E097D13-9CA2-B652-F5BE-E62C826E0BBF} - C:\WINDOWS\system32\epnsjs.dll (file missing)
O2 - BHO: (no name) - {B69C4C4D-A3AB-DB0A-F03E-8EEA1EEF29B5} - C:\WINDOWS\system32\lvqq.dll (file missing)

O4 - HKLM\..\Run: [mfmzgj] C:\WINDOWS\mfmzgj.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\notepad.dll C:\WINDOWS\system32\wowexec.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)

PC neustarten

poste das log vom avenger + das neue log vom HijackTHis
__________
MfG Sabina

rund um die PC-Sicherheit

18.07.2006, 23:30

huerlimann

Member

Themenstarter

Beiträge: 15

#11 Avenger. Beim ersten Mal kam keine Fehlermeldung, es kam jedoch kein logfile als der pc neu gestartet ist. ich hab dann den befehl nochmals eingegeben und dann kam nach dem aufstarten dieses logfile

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hctkelce

*******************

Script file located at: \??\C:\WINDOWS\system32\ikv^eehx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wowexec.dll not found!
Deletion of file C:\WINDOWS\system32\wowexec.dll failed!

Could not process line:
C:\WINDOWS\system32\wowexec.dll
Status: 0xc0000034

File C:\WINDOWS\system32\notepad.dll not found!
Deletion of file C:\WINDOWS\system32\notepad.dll failed!

Could not process line:
C:\WINDOWS\system32\notepad.dll
Status: 0xc0000034

File C:\WINDOWS\mfmzgj.exe not found!
Deletion of file C:\WINDOWS\mfmzgj.exe failed!

Could not process line:
C:\WINDOWS\mfmzgj.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

und hier noch das neue hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:27:47, on 18.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Cablecom Assistant\bin\cablecom_assistant.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glueckspost.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [qxselbgj] C:\yuolyqdo.bat
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Office alt\FILES\PFILES\MSOFFICE\OFFICE10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://irc1.bluewin.ch/java/cr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/3049de866c38ac6a7606/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102251875265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

18.07.2006, 23:31

Sabina

Ehrenmitglied

Beiträge: 29434

#12 Avenger:

Zitat

Files to delete:

C:\yuolyqdo.bat
C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe

HijackThis:

O4 - HKLM\..\Run: [qxselbgj] C:\yuolyqdo.bat
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe

--------------------------------------------------------------------------

dann noch mal das log vom avenger + vom hijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

18.07.2006, 23:39

huerlimann

Member

Themenstarter

Beiträge: 15

#13 avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\opbvxrjq

*******************

Script file located at: \??\C:\WINDOWS\system32\bbqdsthn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\yuolyqdo.bat not found!
Deletion of file C:\yuolyqdo.bat failed!

Could not process line:
C:\yuolyqdo.bat
Status: 0xc0000034

Could not open file C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll for deletion
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
Status: 0xc000003a

Could not open file C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll for deletion
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
Status: 0xc000003a

Could not open file C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll for deletion
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
Status: 0xc000003a

Could not open file C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll for deletion
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll
Status: 0xc000003a

Could not open file C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe for deletion
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
Status: 0xc000003a

Could not open file C:\Programme\Gemeinsame Dateien\GMT\GMT.exe for deletion
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\GMT.exe failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
Status: 0xc000003a

Could not open file C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe for deletion
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe
Status: 0xc000003a

Completed script processing.

*******************

Finished! Terminate.

hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:39:13, on 18.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\Cablecom Assistant\bin\cablecom_assistant.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glueckspost.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Office alt\FILES\PFILES\MSOFFICE\OFFICE10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://irc1.bluewin.ch/java/cr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/3049de866c38ac6a7606/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102251875265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

vielen dank

18.07.2006, 23:59

Sabina

Ehrenmitglied

Beiträge: 29434

#14 mache einen Onlinescan mit panda (wahrscheinlich morgen

)- und poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

19.07.2006, 13:40

huerlimann

Member

Themenstarter

Beiträge: 15

#15 Hier den report von panda
Incident Status Location

Adware:adware/ncase Not disinfected c:\windows\didduid.ini
Adware:adware/dyfuca Not disinfected C:\Dokumente und Einstellungen\Administrator\Internet Optimizer
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_current_user\software\WinAntiVirus Pro 2006
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/delta Not disinfected Windows Registry
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\BlueScript\Script\moo.dll
Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@as-eu.falkag[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\WINDOWS\system32\stera.exe Besten Dank
Mfg Hürlimann

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2