Google-Links öffnen andere Seiten als ursprünglich verlinktThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
18.08.2006, 21:31
...neu hier
Beiträge: 8 |
||
|
||
18.08.2006, 22:44
Ehrenmitglied
Beiträge: 29434 |
#2
nabru
bevor du die Reinigung beginnst, poste das log vom HijackThis, damit ich die Internetverbindung sehe (die wird naemlich auf einen Server in der Ukraine umgeleitet) Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" 1. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten 2. abarbeiten - poste den report http://virus-protect.org/artikel/tools/fixwareout.html 3. F-Secure Online Scanner Next Generation Beta http://support.f-secure.com/enu/home/ols3.shtml 1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta". 2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport 4. poste den report von winpfind http://virus-protect.org/winpfind.html « __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.08.2006, 23:25
Ehrenmitglied
Beiträge: 6028 |
#3
@Sabina
Whois: 1.Domain Name: FINDPINES.COM Registrant: Estico Akki Petronen (ultratds@yahoo.com) Kuoke 12 Helsinki null,23424 FI Tel. +37.52254612 Creation Date: 22-Aug-2005 Expiration Date: 22-Aug-2006 Domain servers in listed order: ns1.findyeti.net ns2.findyeti.net Administrative Contact: Estico Akki Petronen (ultratds@yahoo.com) Kuoke 12 Helsinki null,23424 FI Tel. +37.52254612 Registration Service Provided By: ESTDOMAINS INC Contact: +1.3027224217 Website: http://www.estdomains.com 2.Domain Name: FINDPINES.NET Registrant: BruWek Bruce Weakley (webmaster@findllc.NET) 891 N Main St Poland ,13431-2215 US Tel. +1.31582783 Creation Date: 04-Oct-2005 Expiration Date: 04-Oct-2006 Domain servers in listed order: ns1.findllc.net ns2.findllc.net Administrative Contact: BruWek Bruce Weakley (webmaster@findllc.NET) 891 N Main St Poland ,13431-2215 US Tel. +1.31582783 Die Seiten wechseln schwischen .com und .net Anhang: findpines.JPG __________ MfG Argus Dieser Beitrag wurde am 19.08.2006 um 08:46 Uhr von Arnold editiert.
|
|
|
||
20.08.2006, 11:27
...neu hier
Themenstarter Beiträge: 8 |
#4
Sabine vielen Danke für Deine schnelle Hilfe. Anbei das Log von Hijachthis:
Logfile of HijackThis v1.99.1 Scan saved at 11:23:18, on 20.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Sony\VAIO Event Service\VESMgr.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Apoint\Apoint.exe C:\WINDOWS\system32\ICO.EXE C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe C:\Programme\Sony\VAIO Power Management\SPMgr.exe C:\Programme\Sony\ISB Utility\ISBMgr.exe C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Programme\Apoint\Apntex.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Benutzer\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dmdgm.exe] C:\WINDOWS\system32\dmdgm.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\Avlib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\Avlib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\Avlib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\Avlib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe |
|
|
||
20.08.2006, 12:04
Ehrenmitglied
Beiträge: 29434 |
#5
nabru
abarbeiten - poste den report http://virus-protect.org/artikel/tools/fixwareout.html F-Secure Online Scanner Next Generation Beta http://support.f-secure.com/enu/home/ols3.shtml 1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta". 2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport poste den report von winpfind http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.08.2006, 13:45
...neu hier
Themenstarter Beiträge: 8 |
#6
Hi,
1. Fixwareout Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1DBD555ABF3B-A868-4954-C4EC-EF9B4B08{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgdmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif ... Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... * csr.exe C:\WINDOWS\System32\CSIJO.EXE »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSIJO.EXE 51.221 2006-08-13 C:\WINDOWS\SYSTEM32\DMDGM.EXE 61.974 2004-08-04 Other suspects. Directory of C:\WINDOWS\system32 {27E4B360-B163-4F3A-A814-40809EAAB57B}.exe {211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe {871C7214-3285-4FDF-82B0-BD07772C6F04}.exe {580BD494-6946-4CAE-81D4-1DEDB71FD002}.exe »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. 2. F-Secure Online Scanning Report Sunday, August 20, 2006 12:34:23 - 13:27:38 Computer name: NAME-67D88F1779 Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ -------------------------------------------------------------------------------- Result: 40 malware found CoolWebSearch (spyware) System (Disinfected) Tracking Cookie (spyware) System (Disinfected) Trojan-Downloader.Win32.Agent.uj (virus) C:\WINDOWS\SYSTEM32\CSIJO.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP25\A0005557.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP25\A0005604.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP21\A0005299.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005198.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005208.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005218.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005222.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005243.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0004700.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0004711.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0004949.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0004961.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0005028.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0005082.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0005153.EXE (Renamed) Trojan.Win32.Puper.bx (virus) C:\WINDOWS\SYSTEM32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.EXE (Renamed) Trojan.Win32.Qhost.hf (virus) C:\WINDOWS\SYSTEM32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.EXE (Renamed) Trojan.Win32.Small.fb (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP25\A0005564.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP25\A0006608.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP25\A0006620.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP25\A0006630.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP25\A0006843.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP25\A0006854.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP21\A0005304.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005203.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005213.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005227.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP20\A0005248.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0004705.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0004716.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0004954.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0004966.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0005033.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0005101.EXE (Renamed) C:\SYSTEM VOLUME INFORMATION\_RESTORE{92D48DD8-B284-4C6F-ABD0-B7E4AF18D1A3}\RP19\A0005158.EXE (Renamed) W32/Agent.GWI (virus) C:\WINDOWS\SYSTEM32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.EXE W32/Agent.GWJ (virus) C:\RECYCLER\S-1-5-21-3720165316-3128724423-980912114-1006\DC1.EXE -------------------------------------------------------------------------------- Statistics Scanned: Files: 23449 System: 16609 Not scanned: 7 Actions: Disinfected: 2 Renamed: 36 Deleted: 0 None: 2 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\DMSZV.EXE C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL D:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE -------------------------------------------------------------------------------- Options Scanning engines: F-Secure AVP: 6.0.171, 2006-08-18 F-Secure Libra: 2.4.1, 2006-08-18 F-Secure Orion: 1.2.37, 2006-08-18 F-Secure Blacklight: 1.0.31, 0000-00-00 F-Secure Pegasus: 1.19.0, 2006-07-18 F-Secure Draco: 1.0.35, 0259-24-212 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX Use Advanced heuristics -------------------------------------------------------------------------------- 3. WinPfind: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 7.0.5450.4 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 04.08.2004 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 17.05.2006 11:23:38 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll PECompact2 09.08.2006 12:03:06 8325544 C:\WINDOWS\SYSTEM32\MRT.exe aspack 09.08.2006 12:03:06 8325544 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04.08.2004 14:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 04.08.2004 14:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 04.08.2004 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 20.08.2006 12:22:18 S 2048 C:\WINDOWS\bootstat.dat 17.08.2006 09:45:50 H 54156 C:\WINDOWS\QTFont.qfn 18.08.2006 20:22:44 S 64 C:\WINDOWS\CSC\00000001 18.08.2006 20:22:44 S 64 C:\WINDOWS\CSC\00000002 14.08.2006 09:32:20 H 0 C:\WINDOWS\inf\oem19.inf 15.08.2006 18:57:14 RHS 80 C:\WINDOWS\system32\38BA2D9625.dll 30.06.2006 15:32:48 S 42278 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7beta3.cat 07.07.2006 09:03:08 S 10690 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914440.cat 20.08.2006 12:27:30 H 1024 C:\WINDOWS\system32\config\default.LOG 20.08.2006 12:22:20 H 1024 C:\WINDOWS\system32\config\SAM.LOG 20.08.2006 12:22:44 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 20.08.2006 13:31:52 H 1024 C:\WINDOWS\system32\config\software.LOG 20.08.2006 12:57:10 H 1024 C:\WINDOWS\system32\config\system.LOG 17.08.2006 19:10:54 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 29.07.2006 17:46:16 RH 0 C:\WINDOWS\system32\drivers\Sony_VGN-SZ2HPB.mrk 29.07.2006 17:42:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a06e62ce-210e-47a7-97e6-1a35a3671e67 29.07.2006 17:42:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\af23b312-6c48-4313-a1ae-3d9e3753606b 29.07.2006 17:42:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c889a435-77f9-4a9a-9c0f-7b6269d7f74f 29.07.2006 17:42:08 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 20.08.2006 12:22:26 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04.08.2004 14:00:00 70656 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 04.08.2004 14:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 04.08.2004 14:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 04.08.2004 14:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04.08.2004 14:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04.08.2004 14:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Intel Corporation 17.12.2005 04:08:02 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 23.06.2006 05:41:10 1402368 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04.08.2004 14:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04.08.2004 14:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04.08.2004 14:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl TOSHIBA CORPORATION 08.06.2005 16:34:28 98304 C:\WINDOWS\SYSTEM32\LocalCOM.cpl Microsoft Corporation 04.08.2004 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04.08.2004 14:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 04.08.2004 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04.08.2004 14:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04.08.2004 14:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 07.03.2006 14:26:00 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl Microsoft Corporation 04.08.2004 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 04.08.2004 14:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 04.08.2004 14:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl SigmaTel, Inc. 17.11.2005 06:40:00 8548352 C:\WINDOWS\SYSTEM32\stac97.cpl Microsoft Corporation 04.08.2004 14:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 04.08.2004 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04.08.2004 14:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Sony Corporation 07.09.2005 18:00:28 86016 C:\WINDOWS\SYSTEM32\VCCenter.cpl Microsoft Corporation 04.08.2004 14:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 23.06.2006 05:41:10 1402368 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 29.07.2006 17:47:18 687 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk 31.03.2006 10:33:44 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 31.03.2006 11:26:50 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini 29.07.2006 19:43:52 1759 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 31.03.2006 10:33:44 HS 84 C:\Dokumente und Einstellungen\Benutzer\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 31.03.2006 11:26:48 HS 62 C:\Dokumente und Einstellungen\Benutzer\Anwendungsdaten\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ImageConverter2 {C6643EC0-49AC-4c15-A455-04104DB900A9} = C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SGPDMenu {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Programme\Utimaco\SafeGuard PrivateDisk\pdshell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SnagItMainShellExt {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SGPDMenu {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Programme\Utimaco\SafeGuard PrivateDisk\pdshell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ImageConverter2 {C6643EC0-49AC-4c15-A455-04104DB900A9} = C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SnagItMainShellExt {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208} HelperObject Class = C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} CNisExtBho Class = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} CNavExtBho Class = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security 2006 : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll {C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = SnagIt : C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Recherchieren : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} MenuText = @xpsp3res.dll,-20001 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll {C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security 2006 : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Apoint C:\Programme\Apoint\Apoint.exe igfxtray C:\WINDOWS\system32\igfxtray.exe igfxhkcmd C:\WINDOWS\system32\hkcmd.exe igfxpers C:\WINDOWS\system32\igfxpers.exe NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Mouse Suite 98 Daemon ICO.EXE IntelZeroConfig "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" IntelWireless "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless EOUApp "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" VAIOCameraUtility "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe" SonyPowerCfg C:\Programme\Sony\VAIO Power Management\SPMgr.exe ISBMgr.exe C:\Programme\Sony\ISB Utility\ISBMgr.exe Switcher.exe C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe ccApp "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" URLLSTCK.exe C:\Programme\Norton Internet Security\UrlLstCk.exe Acrobat Assistant 7.0 "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot iTunesHelper "C:\Programme\iTunes\iTunesHelper.exe" QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime dmszv.exe C:\WINDOWS\system32\dmszv.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxdev.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon = VESWinlogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 20.08.2006 13:35:10 Danke |
|
|
||
20.08.2006, 13:58
Ehrenmitglied
Beiträge: 29434 |
#7
0.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. 1. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken Zitat REGEDIT42. Avenger kopiere rein: Zitat Files to delete:poste das log vom avenger, was nach neustart erscheint 3. scanne noch mal mit F-Secure Online Scanner bis nichts mehr angezeigt wird 4. Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. 5. poste den scanreport http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.08.2006, 14:05
...neu hier
Themenstarter Beiträge: 8 |
#8
Hi das mit dem Avanger habe ich nicht ganz kapiert? Wie verwende ich diesen?
|
|
|
||
20.08.2006, 14:08
Ehrenmitglied
Beiträge: 29434 |
#9
du scherzt..du haettest das schon vorher fragen sollen, als ich den Avenger das erste Mal angwiesen hatte....
uebrigens ist es auf der seite ganz genau erklaert........... http://virus-protect.org/artikel/tools/avenger.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.08.2006, 14:13
...neu hier
Themenstarter Beiträge: 8 |
#10
passt schon ;-) Habe das Log vom Avanger:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\lqrgxnkj ******************* Script file located at: \??\C:\WINDOWS\system32\ciagheal.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\CSIJO.EXE not found! Deletion of file C:\WINDOWS\system32\CSIJO.EXE failed! Could not process line: C:\WINDOWS\system32\CSIJO.EXE Status: 0xc0000034 File C:\WINDOWS\system32\DMSZV.EXE not found! Deletion of file C:\WINDOWS\system32\DMSZV.EXE failed! Could not process line: C:\WINDOWS\system32\DMSZV.EXE Status: 0xc0000034 File C:\WINDOWS\system32\DMDGM.EXE not found! Deletion of file C:\WINDOWS\system32\DMDGM.EXE failed! Could not process line: C:\WINDOWS\system32\DMDGM.EXE Status: 0xc0000034 File C:\WINDOWS\system32\38BA2D9625.dll deleted successfully. File C:\WINDOWS\system32\{27E4B360-B163-4F3A-A814-40809EAAB57B}.exe deleted successfully. File C:\WINDOWS\system32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe not found! Deletion of file C:\WINDOWS\system32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe failed! Could not process line: C:\WINDOWS\system32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe Status: 0xc0000034 File C:\WINDOWS\system32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.exe not found! Deletion of file C:\WINDOWS\system32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.exe failed! Could not process line: C:\WINDOWS\system32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.exe Status: 0xc0000034 File C:\WINDOWS\system32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.exe not found! Deletion of file C:\WINDOWS\system32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.exe failed! Could not process line: C:\WINDOWS\system32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
20.08.2006, 14:15
Ehrenmitglied
Beiträge: 29434 |
#11
noch mal bitte, ich habe was veraendert
dann vergiss auch nicht, die reg-Datei zu erstellen und alles weitere Zitat Files to delete: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.08.2006, 14:24
...neu hier
Themenstarter Beiträge: 8 |
#12
habe die reg erstellt und auch ausgeführt, anbei die neue Auswertung vom Avanger:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ileguydn ******************* Script file located at: \??\C:\pgqcxhfv.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\dmdgb.exe not found! Deletion of file C:\WINDOWS\system32\dmdgb.exe failed! Could not process line: C:\WINDOWS\system32\dmdgb.exe Status: 0xc0000034 File C:\WINDOWS\system32\cssms.exe not found! Deletion of file C:\WINDOWS\system32\cssms.exe failed! Could not process line: C:\WINDOWS\system32\cssms.exe Status: 0xc0000034 File C:\WINDOWS\system32\csijo.exe not found! Deletion of file C:\WINDOWS\system32\csijo.exe failed! Could not process line: C:\WINDOWS\system32\csijo.exe Status: 0xc0000034 File C:\WINDOWS\system32\xmllite.dll deleted successfully. File C:\WINDOWS\system32\vbar332.dll deleted successfully. File C:\WINDOWS\system32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe not found! Deletion of file C:\WINDOWS\system32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe failed! Could not process line: C:\WINDOWS\system32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe Status: 0xc0000034 File C:\WINDOWS\system32\{27E4B360-B163-4F3A-A814-40809EAAB57B}.exe not found! Deletion of file C:\WINDOWS\system32\{27E4B360-B163-4F3A-A814-40809EAAB57B}.exe failed! Could not process line: C:\WINDOWS\system32\{27E4B360-B163-4F3A-A814-40809EAAB57B}.exe Status: 0xc0000034 File C:\WINDOWS\system32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.exe not found! Deletion of file C:\WINDOWS\system32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.exe failed! Could not process line: C:\WINDOWS\system32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.exe Status: 0xc0000034 File C:\WINDOWS\system32\{354ECDB9-14D0-4A44-BB49-A437A10DECFC}.exe not found! Deletion of file C:\WINDOWS\system32\{354ECDB9-14D0-4A44-BB49-A437A10DECFC}.exe failed! Could not process line: C:\WINDOWS\system32\{354ECDB9-14D0-4A44-BB49-A437A10DECFC}.exe Status: 0xc0000034 File C:\WINDOWS\system32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.exe not found! Deletion of file C:\WINDOWS\system32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.exe failed! Could not process line: C:\WINDOWS\system32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.exe Status: 0xc0000034 File C:\WINDOWS\system32\dmrtt.exe not found! Deletion of file C:\WINDOWS\system32\dmrtt.exe failed! Could not process line: C:\WINDOWS\system32\dmrtt.exe Status: 0xc0000034 File C:\WINDOWS\system32\dmszv.exe not found! Deletion of file C:\WINDOWS\system32\dmszv.exe failed! Could not process line: C:\WINDOWS\system32\dmszv.exe Status: 0xc0000034 File C:\WINDOWS\system32\dmdgm.exe not found! Deletion of file C:\WINDOWS\system32\dmdgm.exe failed! Could not process line: C:\WINDOWS\system32\dmdgm.exe Status: 0xc0000034 File C:\WINDOWS\system32\38BA2D9625.dll not found! Deletion of file C:\WINDOWS\system32\38BA2D9625.dll failed! Could not process line: C:\WINDOWS\system32\38BA2D9625.dll Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Die folge Schritte habe ich noch nicht vollzogen, da hier doch einige Files nicht gefixt werden konnten. Soll ich trotzdem f-secure drüberlaufen lassen... etc.? |
|
|
||
20.08.2006, 14:43
Ehrenmitglied
Beiträge: 29434 |
#13
0.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. ** Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken Zitat REGEDIT4** scanne noch mal mit F-Secure Online Scanner bis nichts mehr angezeigt wird ** Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. ** poste den scanreport http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.08.2006, 17:35
...neu hier
Themenstarter Beiträge: 8 |
#14
Hi habe jetzt f-Secure 5 mal laufen lassen und er findet immer wieder die selben viren. hier das log:
Scanning Report Sunday, August 20, 2006 16:53:34 - 17:29:28 Computer name: NAME-67D88F1779 Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ -------------------------------------------------------------------------------- Result: 4 malware found Trojan-Downloader.Win32.Agent.uj (virus) C:\WINDOWS\SYSTEM32\CSIJO.0XE Trojan.Win32.Puper.bx (virus) C:\WINDOWS\SYSTEM32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.0XE Trojan.Win32.Qhost.hf (virus) C:\WINDOWS\SYSTEM32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.0XE W32/Agent.GWJ (virus) C:\RECYCLER\S-1-5-21-3720165316-3128724423-980912114-1006\DC1.EXE -------------------------------------------------------------------------------- Statistics Scanned: Files: 56580 System: 4645 Not scanned: 23 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 4 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\TEMP\JET7EC5.TMP C:\WINDOWS\SYSTEM32\DMKJZ.EXE C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL C:\DOKUMENTE UND EINSTELLUNGEN\Benutzer\NTUSER.DAT C:\DOKUMENTE UND EINSTELLUNGEN\Benutzer\OUTLOOK DATENBANK\Benutzer.PST C:\DOKUMENTE UND EINSTELLUNGEN\Benutzer\LOKALE EINSTELLUNGEN\TEMP\~DF5C3A.TMP C:\DOKUMENTE UND EINSTELLUNGEN\Benutzer\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\WINDOWS\USRCLASS.DAT C:\DOKUMENTE UND EINSTELLUNGEN\Benutzer\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\OUTLOOK\OUTLOOK.OST C:\DOKUMENTE UND EINSTELLUNGEN\Benutzer\ANWENDUNGSDATEN\ADOBE\ACROBAT\7.0\UPDATER\UDLOG.TXT C:\DOKUMENTE UND EINSTELLUNGEN\NETWORKSERVICE\NTUSER.DAT C:\DOKUMENTE UND EINSTELLUNGEN\NETWORKSERVICE\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\WINDOWS\USRCLASS.DAT C:\DOKUMENTE UND EINSTELLUNGEN\LOCALSERVICE\NTUSER.DAT C:\DOKUMENTE UND EINSTELLUNGEN\LOCALSERVICE\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\WINDOWS\USRCLASS.DAT D:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE -------------------------------------------------------------------------------- Options Scanning engines: F-Secure AVP: 6.0.171, 2006-08-18 F-Secure Libra: 2.4.1, 2006-08-18 F-Secure Orion: 1.2.37, 2006-08-18 F-Secure Blacklight: 1.0.31, 0000-00-00 F-Secure Pegasus: 1.19.0, 2006-07-18 F-Secure Draco: 1.0.35, 2006-08-15 Scanning options: Scan all files Use Advanced heuristics -------------------------------------------------------------------------------- |
|
|
||
20.08.2006, 18:48
Ehrenmitglied
Beiträge: 29434 |
#15
1.
leere den Papierkorb 2. avenger Zitat Files to delete:3. Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. 4. poste den scanreport http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
entschuldigt erstmal das ich dieses Thema nochmal aufgreife, allerdings konnte ich leider nicht auf den bereits vorhandenen Thread antworten. Ich habe nämlich exakt das gleiche Problem, immer wenn ich über google einen Suchbegriff eingebe und ich dann auf einen Link in der Ergebnisliste klicke verlinkt er mich erstmal auf Seiten mit einem ähnlichen Fokus mit Shopcharakter.
z.B. Suchbegriff Gardasee --> Ergebnis www.gardasee.de/
danach wird mir ein http404 angezeigt. --> http://85.255.114.122/click.php?PHPSESSID=80B4B9FECE4C4594868AB3FBA555DBD1&qq=gardasee&id=1&qnaes=
{80B4B9FE-CE4C-4594-868A-B3FBA555DBD1}&b=0&ZZ=2
Ich verwende den Explorer 7.0
Anbei habe ich die Prozedur bereits duchlaufen:
Blachlight: Hat mir beim ersten Scan folgende Dateien ausgeliefert:
08/18/06 20:05:58 [Info]: BlackLight Engine 1.0.46 initialized
08/18/06 20:05:58 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/18/06 20:05:59 [Note]: 7019 4
08/18/06 20:05:59 [Note]: 7005 0
08/18/06 20:06:16 [Note]: 7006 0
08/18/06 20:06:16 [Note]: 7011 1524
08/18/06 20:06:16 [Note]: 7026 0
08/18/06 20:06:16 [Note]: 7026 0
08/18/06 20:06:24 [Note]: FSRAW library version 1.7.1019
08/18/06 20:07:58 [Info]: Hidden file: c:\WINDOWS\system32\cssms.exe
08/18/06 20:07:58 [Note]: 7002 32
08/18/06 20:07:58 [Note]: 7003 1
08/18/06 20:07:58 [Note]: 10002 1
08/18/06 20:07:58 [Info]: Hidden file: c:\WINDOWS\system32\dmdgb.exe
08/18/06 20:07:58 [Note]: 7002 32
08/18/06 20:07:58 [Note]: 7003 1
08/18/06 20:07:58 [Note]: 10002 1
08/18/06 20:08:03 [Info]: Hidden file: c:\WINDOWS\system32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe
08/18/06 20:08:03 [Note]: 10002 1
08/18/06 20:08:03 [Info]: Hidden file: c:\WINDOWS\system32\{27E4B360-B163-4F3A-A814-40809EAAB57B}.exe
08/18/06 20:08:03 [Note]: 10002 1
08/18/06 20:08:04 [Info]: Hidden file: c:\WINDOWS\system32\{354ECDB9-14D0-4A44-BB49-A437A10DECFC}.exe
08/18/06 20:08:04 [Note]: 10002 1
08/18/06 20:08:04 [Info]: Hidden file: c:\WINDOWS\system32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.exe
08/18/06 20:08:04 [Note]: 10002 1
08/18/06 20:10:22 [Note]: 7007 0
Nach weiteren Scans findet er aktuell nichts mehr.
2. Hoster habe ich auch durchgeführt
3. CleanUp durchgefürht
4. Combofix liefert folgendes:
((((((((((((((((((((((((((((((( Files Created from 2006-07-18 to 2006-08-18 ))))))))))))))))))))))))))))))))))
2006-08-18 20:22 51,221 C:\WINDOWS\system32\csijo.exe
2006-08-17 19:10 117,760 C:\WINDOWS\system32\xmllite.dll
2006-08-15 18:56 80 C:\WINDOWS\system32\38BA2D9625.dll
2006-08-15 18:56 368,912 C:\WINDOWS\system32\vbar332.dll
2006-08-13 03:22 5,214 C:\WINDOWS\system32\{211A588B-F6EA-4DEE-A29D-A396D5F78132}.exe
2006-08-13 03:22 424,718 C:\WINDOWS\system32\{27E4B360-B163-4F3A-A814-40809EAAB57B}.exe
2006-08-13 03:21 45,568 C:\WINDOWS\system32\{871C7214-3285-4FDF-82B0-BD07772C6F04}.exe
2006-08-13 03:21 4,608 C:\WINDOWS\system32\{354ECDB9-14D0-4A44-BB49-A437A10DECFC}.exe
2006-08-13 03:21 3,117 C:\WINDOWS\system32\{580BD494-6946-4CAE-81D4-1DEDB71FD002}.exe
2006-08-07 16:02 534,208 C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161,472 C:\WINDOWS\system32\SymRedir.dll
2006-07-30 13:15 57,344 C:\WINDOWS\system32\SUGW2CI.dll
2006-07-30 13:15 20,622 C:\WINDOWS\system32\SUGW2LMK.DLL
2006-07-30 13:15 151,552 C:\WINDOWS\system32\SUGW2CI.exe
2006-06-29 09:10 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-06-23 09:28 5512704 --------- C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47616 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454144 --------- C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28 179200 --------- C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41 172544 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37 14336 --a------ C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30 11776 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55296 --------- C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27 251392 --------- C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46 377856 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18 23552 --------- C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 20480 --------- C:\WINDOWS\system32\normaliz.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\\Programme\\Apoint\\Apoint.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Mouse Suite 98 Daemon"="ICO.EXE"
"IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Programme\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"VAIOCameraUtility"="\"C:\\Programme\\Sony\\VAIO Camera Utility\\VCUServe.exe\""
"SonyPowerCfg"="C:\\Programme\\Sony\\VAIO Power Management\\SPMgr.exe"
"ISBMgr.exe"="C:\\Programme\\Sony\\ISB Utility\\ISBMgr.exe"
"Switcher.exe"="C:\\Programme\\Sony\\Wireless Switch Setting Utility\\Switcher.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Programme\\Norton Internet Security\\UrlLstCk.exe"
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"dmrtt.exe"="C:\\WINDOWS\\system32\\dmrtt.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - .job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 18.08.2006 21:10:04.50
ComboFix.txt
5. Silentrunner:
Hat mir keine Ergenbise ausgeliefert.
Wäre Klasse wenn mir nun einer weiterhelfen könnte, da ich leider noch nicht mit solchen Problemen zu tun hatte.
Danke und Gruss