(about blank seite)und weist auf Spyware hin

#0
22.08.2006, 13:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#1

Zitat

Hallo!es geht um folgendes!!!Beim Start des Internetexplorers erscheint eine seite die gar kein link hat(about blank seite)und weist auf Spyware draufhin!!!Zuvor kam eine interessante Meldung die folgend Spyware/Trojaner entdeckt hat=
txfdb32.Spyware(txfdb32.dll)---a.WinFavorites.Spyware(a.exe)
btgrab.Transponder.Trojan(BTGrab.dll)---pynix.Transponder.trojan(Pynix.dll)
jao.WinFavorites.Spyware(jao.dll)---Zserv.Transponder.Trojan(Zserv.dll)
Wstart.TrojanDownloader(wstart.dll)---Alxie328.Trojan(alxie32.dll)
AlexaIE.Toolbar(alexaie.dll)---Adness.trojan(topservice2.exe)
Auf Spyware/adware Pop-Ups die ich mit X schliesse erscheinen trotzdem bzw bei X öffnen sich die Links trotzdem!!!
Hier das resultat von HiJackThis!
Ich hoffe auf Antwort/Hilfe


Logfile of HijackThis v1.99.1
Scan saved at 12:07:36, on 22.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver2\LVCOMS.EXE
C:\Programme\Logitech\ImageStudio\LogiTray.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\o6h19kve.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Skype\Phone\Skype.exe
D:\Programme\Free Download Manager\fdm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Logitech\ImageStudio\LowLight.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\palstart.exe
C:\Programme\Paltalk\pnetaware.exe
C:\WINDOWS\system32\smartdrv.exe
C:\WINDOWS\system32\officescan.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOKUME~1\XP\LOKALE~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Programme\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] E:\Eigene Dateien\WINDOWS\Updreg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [o6h19kve] C:\WINDOWS\system32\o6h19kve.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] D:\Programme\Free Download Manager\fdm.exe -autorun
O4 - Startup: PalNetaware.lnk = C:\Programme\Paltalk\pnetaware.exe
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Mit FDM herunterladen - file://D:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Webseiten mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.gamyun.net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://www.speakychat.info/speakyldr.cab
O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/cert/GamyunIeToolbar.cab
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05c32a5524bbc6c6e221/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116950685811
O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.08.2006, 13:52
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#2 1.
poste folgendes Log
http://virus-protect.org/artikel/tools/combofix.html

2.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

3.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.08.2006, 12:57
...neu hier

Beiträge: 1
#3 Datentr„ger in Laufwerk C: ist WINXP
Volumeseriennummer: E457-6D2A

Verzeichnis von C:\WINDOWS\system32

06-08-23 12:46 4,389 o6h19kve.ini
06-08-23 12:46 0 f5hdd6uu.html

06-08-23 12:45 2,206 wpa.dbl
06-08-23 01:30 25,296 BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000002-80651102}.rfx
06-08-23 01:30 25,296 BMXCtrlState-{00000002-00000000-00000004-00001102-00000002-80651102}.rfx
06-08-23 01:30 16,516 BMXState-{00000002-00000000-00000004-00001102-00000002-80651102}.rfx
06-08-23 01:30 16,516 BMXStateBkp-{00000002-00000000-00000004-00001102-00000002-80651102}.rfx
06-08-23 01:30 1,072 settingsbkup.sfm
06-08-23 01:30 1,072 settings.sfm
06-08-23 01:30 24 DVCStateBkp-{00000002-00000000-00000004-00001102-00000002-80651102}.dat
06-08-23 01:30 24 DVCState-{00000002-00000000-00000004-00001102-00000002-80651102}.dat
06-08-23 00:23 2,696 mju7s3gh.dat
06-08-22 18:41 6,656 0,518295049667358.exe
06-08-22 17:47 15,872 udpmod.dll
06-08-22 17:47 27,136 questmod.dll
06-08-22 17:47 12,288 jao.dll
06-08-22 17:47 26,368 bridge.dll
06-08-22 17:47 19,712 a.exe
06-08-22 17:47 31,488 runsrv32.exe
06-08-22 17:47 22,528 txfdb32.dll
06-08-22 17:47 20,736 runsrv32.dll
06-08-22 17:47 11,264 wstart.dll
06-08-22 17:47 15,104 tcpservice2.exe
06-08-22 17:47 28,160 dailytoolbar.dll
06-08-22 17:47 17,152 alxres.dll
06-08-22 09:38 6,444 mshtml32.tdb
06-08-22 09:38 0 lrf.dat
06-08-22 09:37 8 winlogon.ini
06-08-22 09:37 8 smaexp32.dll
06-08-18 18:19 1,024 winblsrv.dll

06-08-18 14:02 57,384 avsda.dll
06-08-17 14:50 2,953 CONFIG.NT
06-08-17 14:07 16 ns0avjco.dat
06-08-17 14:06 335,712 6mdvl0at.dat
06-08-17 14:06 1,856 q8smifnk.dat
06-08-09 21:03 8,325,544 MRT.exe
06-08-06 09:19 94,208 officescan.exe
06-08-06 09:19 11,268 smartdrv.exe

06-07-28 13:28 3,075,072 mshtml.dll
06-07-27 15:25 679,424 inetcomm.dll
06-07-25 22:33 615,936 urlmon.dll
06-07-21 10:29 72,704 hlink.dll
06-07-14 17:38 332,288 netapi32.dll
06-07-14 17:25 546,304 hhctrl.ocx
06-07-13 15:34 8,494,592 shell32.dll
06-07-12 18:16 380,486 perfh009.dat
06-07-12 18:16 52,900 perfc009.dat
06-07-12 18:16 391,330 perfh007.dat
06-07-12 18:16 63,778 perfc007.dat
06-07-12 18:16 897,954 PerfStringBackup.INI
06-07-05 12:55 1,057,792 kernel32.dll
06-06-28 13:24 420,421 o6h19kve.exe
06-06-28 11:49 159,805 g3i0pglt.dll
06-06-26 19:40 8,192 rasadhlp.dll
06-06-26 19:40 148,480 dnsapi.dll
06-06-26 08:18 41,984 8pm1cn6m.exe
06-06-23 13:10 664,576 wininet.dll
06-06-23 13:10 39,424 pngfilt.dll
06-06-23 13:10 146,432 msrating.dll
06-06-23 13:10 532,480 mstime.dll
06-06-23 13:10 448,512 mshtmled.dll
06-06-23 13:10 1,494,016 shdocvw.dll
06-06-23 13:10 474,624 shlwapi.dll
06-06-23 13:10 1,022,976 browseui.dll
06-06-23 13:10 251,392 iepeers.dll
06-06-23 13:10 205,312 dxtrans.dll
06-06-23 13:10 16,384 jsproxy.dll
06-06-23 13:10 1,056,256 danim.dll
06-06-23 13:10 357,888 dxtmsft.dll
06-06-23 13:10 96,768 inseng.dll
06-06-23 13:10 55,808 extmgr.dll
06-06-23 13:10 152,064 cdfview.dll
06-06-23 10:53 27,136 xpsp3res.dll
06-06-19 16:20 702,768 WgaLogon.dll
06-06-19 16:19 571,184 LegitCheckControl.dll
06-06-19 16:19 304,944 WgaTray.exe
06-06-01 20:47 27,648 jgpl400.dll
06-06-01 20:47 163,840 jgdw400.dll
06-05-27 16:18 200,936 FNTCACHE.DAT
06-05-27 14:04 25,941 NULL

Datentr„ger in Laufwerk C: ist WINXP
Volumeseriennummer: E457-6D2A

Verzeichnis von C:\DOKUME~1\XP\LOKALE~1\Temp

06-01-23 15:36 429 datFind.bat
1 Datei(en) 429 Bytes
0 Verzeichnis(se), 998,055,936 Bytes frei

Datentr„ger in Laufwerk C: ist WINXP
Volumeseriennummer: E457-6D2A

Verzeichnis von C:\WINDOWS

06-08-23 12:46 3,376,352 {00000002-00000000-00000004-00001102-00000002-80651102}.BAK
06-08-23 12:46 3,376,352 {00000002-00000000-00000004-00001102-00000002-80651102}.CDF
06-08-23 10:41 0 0.log
06-08-23 10:39 1,136,203 WindowsUpdate.log
06-08-23 10:39 159 wiadebug.log
06-08-23 10:39 50 wiaservc.log
06-08-23 10:38 2,048 bootstat.dat
06-08-23 01:30 32,618 SchedLgU.Txt
06-08-23 00:59 882 tsc.ini
06-08-23 00:25 1,937,629 tsc.ptn
06-08-23 00:25 176,709 tsc.exe
06-08-23 00:25 71,749 hcextoutput.dll
06-08-23 00:25 1,077,328 vsapi32.dll
06-08-23 00:25 86,094 BPMNT.dll
06-08-23 00:25 21,786,153 LPT$VPN.675
06-08-23 00:25 21,786,153 VPTNFILE.675
06-08-23 00:23 170 GetServer.ini
06-08-23 00:22 45,799 setupapi.log
06-08-23 00:22 507,904 TMUPDATE.DLL
06-08-23 00:22 69,689 UNZIP.DLL
06-08-23 00:22 286,720 PATCH.EXE
06-08-22 19:28 2,610 wmsetup.log
06-08-22 17:47 29,184 dlmax.dll
06-08-22 17:47 16,384 Pynix.dll
06-08-22 17:47 10,496 BTGrab.dll
06-08-22 17:47 24,832 ZServ.dll
06-08-22 17:47 28,160 susp.exe
06-08-22 17:47 28,416 alxtb1.dll
06-08-22 17:47 17,664 alxie328.dll
06-08-22 17:47 15,872 alexaie.dll
06-08-22 17:47 1,791 win_logo.gif
06-08-22 17:47 6,147 infected.gif
06-08-20 13:16 3,031 spyware_detected.gif
06-08-20 13:16 1,743 safe_and_trusted.gif
06-08-20 13:16 1,743 remove_spyware_header.gif
06-08-20 13:14 1,014 yellow_warning_ico.gif
06-08-20 13:14 1,472 red_warning_ico.gif
06-08-20 13:14 3,390 logo.gif
06-08-20 13:14 3,877 icon_warning_big.gif
06-08-20 13:14 15,618 free_scan_red_btn.gif
06-08-20 13:14 3,968 download_product.gif
06-08-20 13:14 1,230 download.gif
06-08-20 13:14 64 close_ico.gif
06-08-20 13:14 2,359 click_for_free_scan.gif
06-08-20 13:14 867 buy_now.gif
06-08-20 13:14 4,970 big_red_x.gif
06-08-20 13:08 12,192 product_box.gif
06-08-18 18:19 1,024 system32fab.exe
06-08-18 16:20 72 bg_bg.gif

06-08-17 17:11 196,865 comsetup.log
06-08-17 17:11 120,339 ntdtcsetup.log
06-08-17 17:11 87,406 iis6.log
06-08-17 17:11 222,987 tsoc.log
06-08-17 17:11 1,374 imsins.log
06-08-17 17:11 30,886 ocmsn.log
06-08-17 17:11 25,418 KB920214.log
06-08-17 17:11 286,054 ocgen.log
06-08-17 17:11 28,721 msgsocm.log
06-08-17 17:11 564,130 FaxSetup.log
06-08-17 17:11 1,374 imsins.BAK
06-08-17 17:11 25,176 KB921883.log
06-08-17 17:11 29,333 updspapi.log
06-08-17 17:11 24,990 KB922616.log
06-08-17 17:11 25,598 KB921398.log
06-08-17 17:10 28,841 KB918899.log
06-08-17 17:09 21,377 KB920670.log
06-08-17 17:09 21,534 KB917422.log
06-08-17 17:09 21,957 KB920683.log
06-08-07 17:16 7,608 WgaNotify.log
06-08-06 09:19 151 navibar_corner_right.gif
06-08-06 09:19 150 navibar_corner_left.gif
06-08-06 09:19 53 navibar_bg.gif
06-08-06 09:19 46 infected_top_bg.gif

06-07-25 19:46 101 CTRec.INI
06-07-20 17:09 2,106 vminst.log
06-07-12 14:34 11,840 KB917159.log
06-07-12 14:34 12,391 KB914388.log
06-07-12 14:33 10,506 KB916595.log
06-07-09 08:47 1,048,848 setupapi.log.0.old
06-06-26 08:19 76,800 gjkac70c.exe
06-06-17 11:37 35,489 spupdsvc.log
06-06-17 06:06 10,331 KB917734.log
06-06-17 06:05 14,223 KB918439.log
06-06-17 06:05 14,580 KB917344.log
06-06-17 06:05 14,257 KB917953.log
06-06-17 06:04 14,434 KB911280.log
06-06-17 06:04 17,685 KB916281.log
06-06-17 06:04 11,696 KB914389.log
06-06-08 15:50 963 spacer.gif'
06-05-27 16:17 1,454 COM+.log

Datentr„ger in Laufwerk C: ist WINXP
Volumeseriennummer: E457-6D2A

Verzeichnis von C:\

06-08-23 12:52 0 sys.txt
06-08-23 12:51 4,569 systemwindows.txt
06-08-23 12:51 11,093 system.txt
06-08-23 12:50 279 systemtemp.txt
06-08-23 12:49 4,263 system32.txt
06-08-23 12:46 0 palsound.txt
06-08-23 10:38 267,964,416 hiberfil.sys
06-08-23 10:38 402,653,184 pagefile.sys
06-08-20 17:36 12,365 WinZipErrorReportLog.Txt
06-05-27 16:16 191 TO_InstallLog.txt
06-05-23 20:40 2,021 TDSLCheck.txt
05-09-02 19:29 211 boot.ini
05-09-02 19:11 47,564 NTDETECT.COM
05-09-02 19:11 251,184 ntldr
05-05-24 16:20 90 LogiSetup.log
05-05-24 16:00 0 MSDOS.SYS
05-05-24 16:00 0 IO.SYS
05-05-24 16:00 0 CONFIG.SYS
05-05-24 16:00 0 AUTOEXEC.BAT
01-08-18 14:00 4,952 bootfont.bin
20 Datei(en) 670,956,382 Bytes
0 Verzeichnis(se), 998,031,360 Bytes frei
Seitenanfang Seitenende
23.08.2006, 13:02
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
Seitenanfang Seitenende
23.08.2006, 13:16
Ehrenmitglied
Themenstarter
Avatar Sabina

Beiträge: 29434
#5 Cehennem

1.
arbeite ab :
Qoofix 1.03 und Download Brute Force Uninstaller - und poste beide scanreporte
http://virus-protect.org/artikel/tools/quofixhttp.html

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:

HKEY_CURRENT_USER\Software\ErrorGuard
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\errorguard.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\error guard
HKEY_CURRENT_USER\Software\PalTalk

Files to delete:

C:\WINDOWS\system32\o6h19kve.ini
C:\WINDOWS\system32\f5hdd6uu.html
C:\WINDOWS\system32\mju7s3gh.dat
C:\WINDOWS\system32\0,518295049667358.exe
C:\WINDOWS\system32\udpmod.dll
C:\WINDOWS\system32\questmod.dll
C:\WINDOWS\system32\jao.dll
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\txfdb32.dll
C:\WINDOWS\system32\runsrv32.dll
C:\WINDOWS\system32\wstart.dll
C:\WINDOWS\system32\tcpservice2.exe
C:\WINDOWS\system32\dailytoolbar.dll
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\mshtml32.tdb
C:\WINDOWS\system32\lrf.dat
C:\WINDOWS\system32\winlogon.ini
C:\WINDOWS\system32\smaexp32.dll
C:\WINDOWS\system32\winblsrv.dll
C:\WINDOWS\system32\ns0avjco.dat
C:\WINDOWS\system32\6mdvl0at.dat
C:\WINDOWS\system32\q8smifnk.dat
C:\WINDOWS\system32\officescan.exe
C:\WINDOWS\system32\smartdrv.exe
C:\WINDOWS\system32\o6h19kve.exe
C:\WINDOWS\system32\8pm1cn6m.exe
C:\WINDOWS\system32\g3i0pglt.dll
C:\WINDOWS\dlmax.dll
C:\WINDOWS\Pynix.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\ZServ.dll
C:\WINDOWS\susp.exe
C:\WINDOWS\alxtb1.dll
C:\WINDOWS\alxie328.dll
C:\WINDOWS\alexaie.dll
C:\WINDOWS\win_logo.gif
C:\WINDOWS\infected.gif
C:\WINDOWS\spyware_detected.gif
C:\WINDOWS\safe_and_trusted.gif
C:\WINDOWS\remove_spyware_header.gif
C:\WINDOWS\yellow_warning_ico.gif
C:\WINDOWS\red_warning_ico.gif
C:\WINDOWS\logo.gif
C:\WINDOWS\icon_warning_big.gif
C:\WINDOWS\free_scan_red_btn.gif
C:\WINDOWS\download_product.gif
C:\WINDOWS\download.gif
C:\WINDOWS\close_ico.gif
C:\WINDOWS\click_for_free_scan.gif
C:\WINDOWS\buy_now.gif
C:\WINDOWS\big_red_x.gif
C:\WINDOWS\product_box.gif
C:\WINDOWS\system32fab.exe
C:\WINDOWS\bg_bg.gif
C:\WINDOWS\navibar_corner_right.gif
C:\WINDOWS\navibar_corner_left.gif
C:\WINDOWS\navibar_bg.gif
C:\WINDOWS\infected_top_bg.gif
C:\WINDOWS\gjkac70c.exe
C:\WINDOWS\spacer.gif'
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\palstart.exe
C:\Programme\Common Files\Paltalk\PaltalkWebLogin.dll
C:\WINDOWS\Downloaded Program Files\Install.dll

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was nach neustart erscheint


**

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Programme\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O4 - HKLM\..\Run: [o6h19kve] C:\WINDOWS\system32\o6h19kve.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

O4 - Startup: PalNetaware.lnk = C:\Programme\Paltalk\pnetaware.exe
O4 - Global Startup: palstart.exe

O15 - Trusted Zone: http://www.gamyun.net

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/cert/GamyunIeToolbar.cab


PC neustarten

**
scanne mit smitfraudfix - Option 1 und 2 und poste beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html

**
poste noch mal die 4 logs von datfindbat zur ueberpruefung

**
deinstalliere: Paltalk
loesche: C:\Programme\Common Files\Paltalk + C:\Programme\Paltalk


«
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende