BraveSentry + DriveCleaner 2006 - removeThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
31.08.2006, 20:47
Member
Beiträge: 39 |
||
 
|
|
|
|
01.09.2006, 02:31
Ehrenmitglied
 Beiträge: 29434 |
#2
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint
Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.09.2006, 11:06
Member
Themenstarter Beiträge: 39 |
#3
Hallo Sabina,
vielen Dank erstmal, dass Sie sich dem Problem wieder angenommen haben. Ich bin z.Zt. noch auf der Arbeit, werde aber wie beschrieben die Datei erstellen, wenn ich heute Abend nach Hause komme. Dann melde ich mich wieder. MfG soho101 |
|
|
|
|
|
|
01.09.2006, 11:59
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
01.09.2006, 18:18
Member
Themenstarter Beiträge: 39 |
#5
Hallo Sabina, jetzt bin ich da und habe den ersten Schritt der Anleitung gemacht:
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Program Files\BraveSentry 08.08.2006 16:51 <DIR> . 08.08.2006 16:51 <DIR> .. 08.08.2006 16:51 472.576 BraveSentry.exe 08.08.2006 16:51 100 BraveSentry.lic 08.08.2006 16:51 410.974 BraveSentry0.bs 08.08.2006 16:51 124.928 BraveSentry0.dll 08.08.2006 16:51 27.860 BraveSentry1.bs 08.08.2006 16:51 126.464 BraveSentry1.dll 08.08.2006 16:51 117.760 BraveSentry2.dll 08.08.2006 16:51 119.296 BraveSentry3.dll 08.08.2006 16:51 114.688 Uninstall.exe 9 Datei(en) 1.514.646 Bytes 2 Verzeichnis(se), 54.845.136.896 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\DriveCleaner 2006 Free 28.08.2006 12:00 <DIR> . 28.08.2006 12:00 <DIR> .. 23.02.2006 17:08 327 Activate.dat 12.08.2006 00:37 <DIR> Appbase 12.08.2006 00:37 125 bnlink.dat 01.09.2006 13:55 16.456 diagnosis.dat 30.08.2006 12:00 <DIR> Download 12.08.2006 00:37 <DIR> img 04.04.2006 09:58 111.616 InstHelp.exe 23.12.2005 14:32 3 lapv.dat 23.12.2005 14:34 68.742 license.rtf 12.08.2006 00:37 71 manual.url 14.07.2006 09:56 8 pv.dat 09.12.2005 18:29 53.248 pv.exe 14.07.2006 09:57 58.366 readme.rtf 12.08.2006 00:40 5.504.202 ScanReport.dat 01.09.2006 18:03 160 Schedule.dat 12.08.2006 00:37 106 sr.log 12.08.2006 00:37 72 support.url 14.07.2006 09:51 1.159.680 UDC2006.exe 25.07.2006 17:31 2.426.784 UDC2006.xml 12.08.2006 00:37 53 UDC6.url 14.07.2006 09:46 33.792 UDCPChk.dll 14.07.2006 09:48 124.416 UDCShell.dll 30.03.2006 20:05 35.776 UDCShell.xml 12.08.2006 00:37 12.085 unins000.dat 12.08.2006 00:37 669.002 unins000.exe 06.10.2005 13:09 1.406 uninstall.ico 24.02.2006 15:24 5.012 UninstallPage.html 23.02.2006 19:48 41 up.dat 01.09.2006 13:55 17.366 update.log 12.08.2006 00:37 264 updater.dat 31.03.2006 16:07 536.576 Updater.exe 09.11.2005 13:04 8 vbpv.dat 29 Datei(en) 10.835.763 Bytes 5 Verzeichnis(se), 54.845.136.896 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Windows\System32\Com 22.08.2006 15:33 <DIR> . 22.08.2006 15:33 <DIR> .. 26.07.2005 06:39 195.072 comadmin.dll 18.08.2001 12:00 61.440 comempty.dat 18.08.2001 12:00 77.348 comexp.msc 04.08.2004 01:57 9.728 comrepl.exe 18.08.2001 12:00 5.120 comrereg.exe 18.08.2001 12:00 19.456 mtsadmin.tlb 6 Datei(en) 368.164 Bytes 2 Verzeichnis(se), 54.845.136.896 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\WINDOWS\system32 Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\WINDOWS\Downloaded Program Files 30.06.2005 16:19 227 MsnMessengerSetupDownloader.inf 14.08.2005 01:26 113.664 MsnMessengerSetupDownloader.ocx 09.10.2003 11:32 144 QTPlugin.inf 08.12.2003 14:58 3.759 swflash.inf 4 Datei(en) 117.794 Bytes 0 Verzeichnis(se), 54.845.136.896 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Dokumente und Einstellungen\Sven\Eigene Dateien 11.07.2006 20:01 <DIR> . 11.07.2006 20:01 <DIR> .. 17.08.2006 18:08 <DIR> Downloads 08.08.2006 16:11 <DIR> Eigene Bilder 19.07.2006 21:39 <DIR> Eigene Musik 01.09.2006 15:46 <DIR> FH Wedel 07.07.2006 00:14 <DIR> GEM GbR 08.08.2006 18:29 <DIR> INTERMAS 03.07.2006 17:00 <DIR> Mama 08.05.2006 12:08 <DIR> My Skype Pictures 30.11.2005 21:04 <DIR> My Skype Received Files 02.01.2005 21:07 <DIR> tmx 24.02.2006 15:38 <DIR> Tr„gerverein 15.01.2005 20:35 <DIR> Turbo Lister 20.07.2006 19:28 <DIR> Turbo Lister Backup 05.01.2006 16:15 <DIR> Visual Studio Projects 02.01.2005 21:03 <DIR> Vokabelprogramm 0 Datei(en) 0 Bytes 17 Verzeichnis(se), 54.845.132.800 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Program Files 08.08.2006 16:51 <DIR> . 08.08.2006 16:51 <DIR> .. 08.08.2006 16:51 <DIR> BraveSentry 09.02.2005 12:50 <DIR> Sonic Foundry Setup 0 Datei(en) 0 Bytes 4 Verzeichnis(se), 54.845.132.800 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temp 01.09.2006 18:03 <DIR> . 01.09.2006 18:03 <DIR> .. 01.09.2006 14:56 2.036 IMT90.xml 01.09.2006 14:56 426 IMT91.xml 01.09.2006 14:56 798.234 IMT92.xml 01.09.2006 14:37 893 TWAIN.LOG 01.09.2006 14:37 2 Twain001.Mtx 01.09.2006 14:37 156 Twunk001.MTX 01.09.2006 14:37 0 Twunk002.MTX 31.08.2006 21:59 <DIR> VBE 01.09.2006 15:21 15.284 Z@RB7.tmp 01.09.2006 15:21 21.300 Z@RBC.tmp 01.09.2006 15:21 17.900 Z@RC0.tmp 01.09.2006 15:21 9.016 Z@RC4.tmp 01.09.2006 15:21 15.588 Z@RC8.tmp 01.09.2006 13:53 16.384 ~DF1B34.tmp 01.09.2006 18:03 16.384 ~DF1BAD.tmp 31.08.2006 21:15 16.384 ~DFF8A.tmp 15 Datei(en) 929.987 Bytes 3 Verzeichnis(se), 54.845.132.800 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\WINDOWS\Temp 01.09.2006 18:03 <DIR> . 01.09.2006 18:03 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 54.845.132.800 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme 31.08.2006 21:53 <DIR> . 31.08.2006 21:53 <DIR> .. 20.01.2005 14:48 <DIR> Adobe 18.05.2005 23:55 <DIR> Ahead 10.04.2006 20:10 <DIR> ArcSoft 03.01.2002 18:54 <DIR> Ashampoo 29.01.2005 20:49 <DIR> ATI Technologies 31.08.2006 19:09 <DIR> AVPersonal 31.05.2005 09:53 <DIR> bhv 10.04.2006 20:09 <DIR> Canon 31.08.2006 21:53 <DIR> CCleaner 31.08.2006 20:49 <DIR> CleanUp! 30.12.2004 21:10 <DIR> ComPlus Applications 19.03.2005 21:21 <DIR> DivX 28.08.2006 12:00 <DIR> DriveCleaner 2006 Free 14.01.2005 15:27 <DIR> eBay 22.08.2006 15:15 <DIR> FreePDF_XP 10.04.2006 20:13 <DIR> Gemeinsame Dateien 28.11.2005 14:37 <DIR> Google 29.05.2005 23:11 <DIR> Haufe 01.11.2005 15:43 <DIR> HTML Help Workshop 30.12.2004 22:27 <DIR> Intel 22.08.2006 15:34 <DIR> Internet Explorer 31.08.2006 19:26 <DIR> Lavasoft 27.01.2005 19:28 <DIR> Macromedia 22.08.2006 15:34 <DIR> Messenger 30.12.2004 21:14 <DIR> microsoft frontpage 01.11.2005 15:37 <DIR> Microsoft Office 30.12.2004 21:53 <DIR> Microsoft Visual Studio 01.11.2005 16:01 <DIR> Microsoft Visual Studio .NET 2003 30.12.2004 21:53 <DIR> Microsoft Works 30.12.2004 21:54 <DIR> Microsoft.NET 27.11.2005 19:33 <DIR> Mindjet 30.12.2004 21:35 <DIR> Movie Maker 01.11.2005 16:18 <DIR> MSDN 30.12.2004 21:10 <DIR> MSN 30.12.2004 21:09 <DIR> MSN Gaming Zone 18.01.2006 15:29 <DIR> MSN Messenger 30.12.2004 21:31 <DIR> NetMeeting 30.12.2004 21:10 <DIR> Online Services 30.12.2004 21:12 <DIR> Online-Dienste 22.08.2006 15:32 <DIR> Outlook Express 07.02.2005 22:36 <DIR> QuickTime 10.04.2006 20:13 <DIR> ScanSoft 08.08.2006 22:26 <DIR> Sch”nherr Personal Firewall 13.03.2006 15:33 <DIR> Shareaza 11.05.2005 13:09 <DIR> Skype 09.02.2005 12:51 <DIR> Sonic Foundry 31.08.2006 19:46 <DIR> Spybot - Search & Destroy 30.12.2004 22:36 <DIR> Synaptics 13.12.2005 23:24 <DIR> Telekom 31.12.2004 21:32 <DIR> TightVNC 28.07.2005 14:48 <DIR> tmx 31.08.2006 21:19 <DIR> Ultimate Defender 30.12.2004 22:32 <DIR> VIAudioi 07.05.2005 09:58 <DIR> Winamp 22.08.2006 15:01 <DIR> Windows Media Player 30.12.2004 21:31 <DIR> Windows NT 07.05.2005 09:54 <DIR> WinRAR 14.01.2005 17:08 <DIR> WinZip 14.01.2005 17:05 <DIR> WinZip Self-Extractor 30.12.2004 21:14 <DIR> xerox 06.01.2005 23:29 <DIR> Yahoo! 0 Datei(en) 0 Bytes 63 Verzeichnis(se), 54.845.128.704 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten 06.01.2005 23:32 <DIR> Adobe 07.05.2005 09:57 <DIR> Ahead 05.01.2006 16:15 <DIR> ApplicationHistory 31.08.2006 19:45 94.720 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 08.08.2006 16:50 20.992 fae624fe.exe 01.11.2005 16:13 137 fusioncache.dat 01.01.2002 01:28 66.912 GDIPFONTCACHEV1.DAT 28.11.2005 14:37 <DIR> Google 15.01.2005 20:21 <DIR> Help 02.01.2005 20:46 <DIR> Identities 02.01.2002 18:04 <DIR> Microsoft 01.11.2005 16:13 <DIR> Microsoft Help 01.11.2005 21:37 <DIR> Shareaza 11.05.2005 17:31 <DIR> Skype 4 Datei(en) 182.761 Bytes 10 Verzeichnis(se), 54.845.128.704 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Dokumente und Einstellungen\Sven\Anwendungsdaten 05.10.2005 18:11 <DIR> Adobe 25.07.2006 16:32 <DIR> AdobeUM 19.03.2005 21:27 <DIR> Ahead 03.01.2002 18:54 <DIR> Ashampoo Photo Commander 4 18.08.2006 13:41 <DIR> Canon 14.01.2005 12:48 <DIR> FileMaker 28.11.2005 14:37 <DIR> Google 15.01.2005 20:21 <DIR> Help 30.12.2004 21:18 <DIR> Identities 28.01.2005 17:21 <DIR> Macromedia 09.02.2005 12:53 <DIR> NetMedia Providers 09.02.2005 12:53 <DIR> Publish Providers 10.04.2006 20:13 <DIR> ScanSoft 01.11.2005 21:37 <DIR> Shareaza 11.05.2005 15:07 <DIR> Skype 09.02.2005 12:53 <DIR> Sonic Foundry 08.08.2006 17:10 <DIR> Ultimate Defender 0 Datei(en) 0 Bytes 17 Verzeichnis(se), 54.845.124.608 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 21.07.2006 21:03 <DIR> Adobe 19.03.2005 21:23 <DIR> Ahead 27.01.2005 19:24 <DIR> Macromedia 01.11.2005 20:36 <DIR> Microsoft Help 01.09.2006 18:15 <DIR> Skype 31.08.2006 19:49 <DIR> Spybot - Search & Destroy 10.04.2006 20:13 <DIR> SSScanAppDataDir 10.04.2006 20:13 <DIR> SSScanWizard 0 Datei(en) 0 Bytes 8 Verzeichnis(se), 54.845.124.608 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\Gemeinsame Dateien 10.04.2006 20:13 <DIR> . 10.04.2006 20:13 <DIR> .. 20.01.2005 14:47 <DIR> Adobe 19.03.2005 21:23 <DIR> Ahead 01.11.2005 15:42 <DIR> Crystal Decisions 27.11.2005 19:34 <DIR> DESIGNER 30.12.2004 21:11 <DIR> Dienste 28.11.2005 14:36 <DIR> InstallShield 27.01.2005 19:26 <DIR> Macromedia 01.11.2005 16:11 <DIR> Merge Modules 01.11.2005 15:56 <DIR> Microsoft Shared 30.12.2004 21:11 <DIR> MSSoap 30.12.2004 21:02 <DIR> ODBC 10.04.2006 20:13 <DIR> ScanSoft Shared 30.12.2004 21:02 <DIR> SpeechEngines 22.08.2006 15:32 <DIR> System 0 Datei(en) 0 Bytes 16 Verzeichnis(se), 54.845.124.608 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Windows\tasks |
|
|
|
|
|
|
01.09.2006, 23:57
Ehrenmitglied
Beiträge: 29434 |
#6
soho101
du bist selbst fuer die Zerstoerung von deinem System verantwortlich ! gleich 3 Faketools !!!!! hast du geladen, diese Tools sind Trojaner/viren. Information bravesentry http://virus-protect.org/artikel/spyware/bravesentry.html Information DriveCleaner 2006 Free http://virus-protect.org/artikel/spyware/drivecleaner_2006.html ------------------------------------------------------------------------ 1. erstelle eine neu.bat - poste den text Zitat cd\-------------------------------------------------------------------------- 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT43. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten 4. poste das log vom avenger, was erscheint 5. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {50D933AE-2351-177F-BA64-0AF24BF84B71} - C:\WINDOWS\system32\pkmjdqd.dllPC neustarten loesche: C:\Programme\Ultimate Defender C:\Programme\DriveCleaner 2006 Free C:\Program Files\BraveSentry C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Ultimate Defender C:\Dokumente und Einstellungen\All Users\Start Menu\Programme\DriveCleaner 2006 Free ** scanne mit smitfraud.fix (option 1 und 2 ) http://virus-protect.org/artikel/tools/smitfrautfix.html poste hier beide scanreporte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.09.2006, 10:11
Member
Themenstarter Beiträge: 39 |
#7
Hallo Sabina, vielen Dank für die Mühe, hier sind die Logs:
1. von neu.bat Verzeichnis von C:\Programme\Ultimate Defender 31.08.2006 21:19 <DIR> . 31.08.2006 21:19 <DIR> .. 31.08.2006 21:19 1.369.808 App.exe 31.08.2006 21:19 16.177.072 extensions.pkg 31.08.2006 21:19 91.856 IeSafe.exe 31.08.2006 21:19 309 program.info 31.08.2006 21:19 198.352 Uninstall.exe 31.08.2006 21:19 446 _uninstall.log 6 Datei(en) 17.837.843 Bytes 2 Verzeichnis(se), 54.818.418.688 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Ultimate Defender 08.08.2006 17:10 <DIR> . 08.08.2006 17:10 <DIR> .. 08.08.2006 17:10 <DIR> logs 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 54.818.418.688 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\DriveCleaner 2006 Free\Appbase 12.08.2006 00:37 <DIR> . 12.08.2006 00:37 <DIR> .. 05.08.2004 15:38 1.127 AE_CD_Cr.dat 11.11.2005 20:49 1.135 AReadr4.dat 11.11.2005 20:49 1.180 AReadr5.dat 05.08.2004 15:38 1.112 ASDSEEpv.dat 05.08.2004 15:38 1.098 ASPack.dat 05.08.2004 15:38 1.108 Babylon.dat 05.08.2004 15:38 1.374 BDelphi5.dat 05.08.2004 15:38 1.076 CatchUp.dat 05.08.2004 15:38 1.202 CBuildr5.dat 05.08.2004 15:38 1.121 CCGA.dat 05.08.2004 15:38 1.124 CManager.dat 05.08.2004 15:38 1.147 CuteFTP4.dat 05.08.2004 15:38 1.103 CuteHTML.dat 05.08.2004 15:38 1.117 DAcceler.dat 05.08.2004 15:38 1.082 DiscJug.dat 05.08.2004 15:38 1.235 ECDCreat4.dat 05.08.2004 15:38 1.184 Far.dat 05.08.2004 15:38 22 FFTsks.dat 05.08.2004 15:38 1.066 FlashFXP.dat 05.08.2004 15:38 1.185 FrntPage.dat 05.08.2004 15:38 1.164 FrontPEx.dat 05.08.2004 15:38 1.115 FtpEXP.dat 05.08.2004 15:38 1.100 FtpVoya.dat 05.08.2004 15:38 1.189 GetRight.dat 05.08.2004 15:38 1.640 GoZilla.dat 05.08.2004 15:38 1.082 GravMRU.dat 05.08.2004 15:38 1.081 HomeSite.dat 05.08.2004 15:38 1.077 HotDogPr.dat 05.08.2004 15:38 1.099 H_TxtPad.dat 05.08.2004 15:38 1.169 IconExtr.dat 05.08.2004 15:38 1.092 iMesh.dat 05.08.2004 15:38 1.164 ImgReady3.dat 05.08.2004 15:38 1.118 InsShExp.dat 05.08.2004 15:38 1.113 JASC_P_P.dat 05.08.2004 15:38 1.105 KaZaA.dat 05.08.2004 15:38 1.082 LView.dat 05.08.2004 15:38 1.090 MacDir.dat 05.08.2004 15:38 1.125 MacDrWea.dat 05.08.2004 15:38 1.114 MicAng.dat 05.08.2004 15:38 1.090 MicDes.dat 05.08.2004 15:38 1.091 MMUnDisk.dat 05.08.2004 15:38 1.141 MM_CON.dat 05.08.2004 15:38 1.079 Morpheus.dat 05.08.2004 15:38 1.173 MPaint.dat 05.08.2004 15:38 1.108 MPicPub.dat 05.08.2004 15:38 1.113 MPImaGal.dat 07.03.2006 19:40 1.157 MSExplorer.dat 05.08.2004 15:38 2.814 MSoffice.dat 07.03.2006 19:44 1.179 MSRegEdit.dat 07.03.2006 19:38 1.193 MSWMP.dat 07.03.2006 19:40 1.180 MSWordPad.dat 05.08.2004 15:38 1.102 Nero.dat 11.11.2005 20:55 1.095 NetShow.dat 05.08.2004 15:38 1.078 NTBackup.dat 10.07.2006 11:44 77 pfilelst.xda 05.08.2004 15:38 1.197 PhotShel.dat 05.08.2004 15:38 1.086 PHPCoder.dat 05.08.2004 15:38 1.095 PowerZIP.dat 05.08.2004 15:38 1.131 RapidBr.dat 05.08.2004 15:38 1.126 RealAuPl.dat 05.08.2004 15:38 1.126 RealDown.dat 05.08.2004 15:38 1.135 SecurCRT.dat 05.08.2004 15:38 1.110 SL_BlWin.dat 05.08.2004 15:38 1.099 SmartClr.dat 05.08.2004 15:38 1.100 Sonique.dat 05.08.2004 15:38 1.106 StuffIt.dat 05.08.2004 15:38 1.120 TelepPro.dat 05.08.2004 15:38 1.143 UGifAnim.dat 05.08.2004 15:38 1.073 UltraEd.dat 05.08.2004 15:38 1.176 UMedStud.dat 05.08.2004 15:38 1.166 UPhImpV.dat 05.08.2004 15:38 1.222 UPhotoEx.dat 05.08.2004 15:38 1.146 UVidStud.dat 05.08.2004 15:38 1.061 VNC.dat 05.08.2004 15:38 1.119 WebFeret.dat 05.08.2004 15:38 1.084 WebReap.dat 05.08.2004 15:38 1.167 WinACE.dat 05.08.2004 15:38 1.111 WinGate.dat 05.08.2004 15:38 1.096 WinRAR.dat 05.08.2004 15:38 1.182 WinZIP.dat 05.08.2004 15:38 1.162 WiseInst.dat 11.07.2006 17:00 61 wordslst.xda 05.08.2004 15:38 1.097 YahooPl.dat 05.08.2004 15:38 1.097 ZipMagic.dat 84 Datei(en) 93.781 Bytes 2 Verzeichnis(se), 54.818.414.592 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\DriveCleaner 2006 Free\Download 30.08.2006 12:00 <DIR> . 30.08.2006 12:00 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 54.818.414.592 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\DriveCleaner 2006 Free\img 12.08.2006 00:37 <DIR> . 12.08.2006 00:37 <DIR> .. 27.05.2005 21:44 2.738 button.gif 27.05.2005 21:44 2.497 button2.gif 27.05.2005 21:44 3.915 header.gif 05.12.2005 16:19 3.605 logo.gif 27.05.2005 21:44 43 spacer.gif 27.05.2005 21:44 498 top1.jpg 27.05.2005 21:44 7.108 top2.jpg 27.05.2005 21:44 44 top_line.gif 8 Datei(en) 20.448 Bytes 2 Verzeichnis(se), 54.818.410.496 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\Ultimate Defender 31.08.2006 21:19 <DIR> . 31.08.2006 21:19 <DIR> .. 31.08.2006 21:19 1.369.808 App.exe 31.08.2006 21:19 16.177.072 extensions.pkg 31.08.2006 21:19 91.856 IeSafe.exe 31.08.2006 21:19 309 program.info 31.08.2006 21:19 198.352 Uninstall.exe 31.08.2006 21:19 446 _uninstall.log 6 Datei(en) 17.837.843 Bytes 2 Verzeichnis(se), 54.826.754.048 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Ultimate Defender 08.08.2006 17:10 <DIR> . 08.08.2006 17:10 <DIR> .. 08.08.2006 17:10 <DIR> logs 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 54.826.754.048 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\DriveCleaner 2006 Free\Appbase 02.09.2006 10:07 <DIR> . 02.09.2006 10:07 <DIR> .. 10.07.2006 11:44 77 pfilelst.xda 05.08.2004 15:38 1.096 WinRAR.dat 05.08.2004 15:38 1.182 WinZIP.dat 11.07.2006 17:00 61 wordslst.xda 4 Datei(en) 2.416 Bytes 2 Verzeichnis(se), 54.826.754.048 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\DriveCleaner 2006 Free\Download 30.08.2006 12:00 <DIR> . 30.08.2006 12:00 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 54.826.754.048 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: C4CB-8156 Verzeichnis von C:\Programme\DriveCleaner 2006 Free\img 02.09.2006 10:07 <DIR> . 02.09.2006 10:07 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 54.826.754.048 Bytes frei 2. ich habe die fixme.reg der Registry beigefügt. 3. Avenger ausgeführt, es kam jedoch zu einigen Fehlermeldungen... 4. Hier das Log vom avenger: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\Install Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\software\bravesentry Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_ALL_USERS\Software\DriveCleaner 2006 Free ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\vylblfei ******************* Script file located at: \??\C:\WINDOWS\system32\bvgraaww.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\desktop.html deleted successfully. File C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temp\update1.exe3072.exe not found! Deletion of file C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temp\update1.exe3072.exe failed! Could not process line: C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temp\update1.exe3072.exe Status: 0xc0000034 File C:\Program Files\BraveSentry\BraveSentry.exe deleted successfully. File C:\Program Files\BraveSentry\BraveSentry.lic deleted successfully. File C:\Program Files\BraveSentry\BraveSentry0.bs deleted successfully. File C:\Program Files\BraveSentry\BraveSentry0.dll deleted successfully. File C:\Program Files\BraveSentry\BraveSentry1.bs deleted successfully. File C:\Program Files\BraveSentry\BraveSentry1.dll deleted successfully. File C:\Program Files\BraveSentry\BraveSentry2.dll deleted successfully. File C:\Program Files\BraveSentry\BraveSentry3.dll deleted successfully. File C:\Program Files\BraveSentry\Uninstall.exe deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Activate.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\bnlink.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\diagnosis.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\InstHelp.exe deleted successfully. File C:\Programme\DriveCleaner 2006 Free\lapv.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\license.rtf deleted successfully. File C:\Programme\DriveCleaner 2006 Free\manual.url deleted successfully. File C:\Programme\DriveCleaner 2006 Free\pv.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\pv.exe deleted successfully. File C:\Programme\DriveCleaner 2006 Free\readme.rtf deleted successfully. File C:\Programme\DriveCleaner 2006 Free\ScanReport.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Schedule.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\sr.log deleted successfully. File C:\Programme\DriveCleaner 2006 Free\support.url deleted successfully. File C:\Programme\DriveCleaner 2006 Free\UDC2006.exe deleted successfully. File C:\Programme\DriveCleaner 2006 Free\UDC2006.xml deleted successfully. File C:\Programme\DriveCleaner 2006 Free\UDC6.url deleted successfully. File C:\Programme\DriveCleaner 2006 Free\UDCPChk.dll deleted successfully. File C:\Programme\DriveCleaner 2006 Free\UDCShell.dll deleted successfully. File C:\Programme\DriveCleaner 2006 Free\UDCShell.xml deleted successfully. File C:\Programme\DriveCleaner 2006 Free\unins000.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\unins000.exe deleted successfully. File C:\Programme\DriveCleaner 2006 Free\uninstall.ico deleted successfully. File C:\Programme\DriveCleaner 2006 Free\UninstallPage.html deleted successfully. File C:\Programme\DriveCleaner 2006 Free\up.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\update.log deleted successfully. File C:\Programme\DriveCleaner 2006 Free\updater.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Updater.exe deleted successfully. File C:\Programme\DriveCleaner 2006 Free\vbpv.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\img\button.gif deleted successfully. File C:\Programme\DriveCleaner 2006 Free\img\button2.gif deleted successfully. File C:\Programme\DriveCleaner 2006 Free\img\header.gif deleted successfully. File C:\Programme\DriveCleaner 2006 Free\img\logo.gif deleted successfully. File C:\Programme\DriveCleaner 2006 Free\img\spacer.gif deleted successfully. File C:\Programme\DriveCleaner 2006 Free\img\top1.jpg deleted successfully. File C:\Programme\DriveCleaner 2006 Free\img\top2.jpg deleted successfully. File C:\Programme\DriveCleaner 2006 Free\img\top_line.gif deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\AE_CD_Cr.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\AReadr4.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\AReadr5.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\ASDSEEpv.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\ASPack.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\BDelphi5.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\Babylon.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\CBuildr5.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\CCGA.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\CManager.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\CatchUp.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\CuteFTP4.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\CuteHTML.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\DAcceler.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\DiscJug.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\ECDCreat4.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\FFTsks.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\Far.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\FlashFXP.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\FrntPage.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\FrontPEx.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\FtpEXP.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\FtpVoya.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\GetRight.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\GoZilla.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\GravMRU.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\H_TxtPad.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\HomeSite.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\HotDogPr.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\IconExtr.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\ImgReady3.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\InsShExp.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\JASC_P_P.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\KaZaA.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\LView.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MMUnDisk.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MM_CON.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MPImaGal.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MPaint.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MPicPub.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MSExplorer.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MSRegEdit.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MSWMP.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MSWordPad.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MSoffice.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MacDir.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MacDrWea.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MicAng.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\MicDes.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\Morpheus.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\NTBackup.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\Nero.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\NetShow.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\PHPCoder.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\PhotShel.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\PowerZIP.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\RapidBr.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\RealAuPl.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\RealDown.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\SL_BlWin.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\SecurCRT.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\SmartClr.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\Sonique.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\StuffIt.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\TelepPro.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\UGifAnim.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\UMedStud.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\UPhImpV.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\UPhotoEx.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\UVidStud.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\UltraEd.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\VNC.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\WebFeret.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\WebReap.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\WinACE.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\WinGate.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\WiseInst.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\YahooPl.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\ZipMagic.dat deleted successfully. File C:\Programme\DriveCleaner 2006 Free\Appbase\iMesh.dat deleted successfully. File C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten\fae624fe.exe deleted successfully. File C:\WINDOWS\system32\2.txt deleted successfully. File C:\WINDOWS\system32\1.txt deleted successfully. File C:\WINDOWS\system32\cpehmyc.dll deleted successfully. File C:\WINDOWS\system32\pkmjdqd.dll deleted successfully. File C:\WINDOWS\system32\winsub.xml deleted successfully. File C:\WINDOWS\system32\svcp.csv deleted successfully. File C:\WINDOWS\system32\testtestt.exe deleted successfully. File C:\WINDOWS\system32\fae624fe.exe deleted successfully. File C:\WINDOWS\system32\dlh9jkdq8.exe deleted successfully. File C:\WINDOWS\system32\vx.tll deleted successfully. File C:\WINDOWS\system32\dlh9jkdq7.exe deleted successfully. File C:\WINDOWS\system32\dlh9jkdq6.exe deleted successfully. File C:\WINDOWS\system32\dlh9jkdq2.exe deleted successfully. File C:\WINDOWS\system32\qjcgejln.dll deleted successfully. File C:\WINDOWS\system32\pejohnkm.exe deleted successfully. File C:\WINDOWS\system32\ipv6mons.dll deleted successfully. File C:\Windows\xpupdate.exe not found! Deletion of file C:\Windows\xpupdate.exe failed! Could not process line: C:\Windows\xpupdate.exe Status: 0xc0000034 File C:\WINDOWS\KB902767.exe deleted successfully. File C:\23100247.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bravesentry deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DriveCleaner 2006 Free deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UDCShell deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\UDCShell deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UDCPChk.UDCPChk deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UDCPChk.UDCPChk.1 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UDCShell deleted successfully. Completed script processing. ******************* Finished! Terminate. 5. habe HijackThis ausgeführt, konnte aber folgende Einträge nicht löschen: O4 - Startup: .protected O4 - Global Startup: .protected hier hat eine Fehlermeldung gesagt, dass diese Programme gerade laufen, ich den Taskmanager öffnen soll, sie beenden soll und HijackThis nochmal ausführen soll. Die Einträge kommen im Taskmanager aber so nicht vor, daher weiss ich nicht, was ich da löschen soll. Folgende Einträge hat HijackThis nicht angezeigt: O4 - HKCU\..\Run: [WinMedia] C:\DOKUME~1\Sven\LOKALE~1\Temp\update1.exe3072.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe Die angegebenen Ordner habe ich gelöscht. 1. Scanreport: SmitFraudFix v2.83 Scan done at 10:51:06,42, 02.09.2006 Run from C:\Dokumente und Einstellungen\Sven\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\.protected FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Sven\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOKUME~1\Sven\STARTM~1\PROGRA~1\AUTOST~1\.protected FOUND ! C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\.protected FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Sven\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End 2. Scanreport SmitFraudFix v2.83 Scan done at 10:58:41,57, 02.09.2006 Run from C:\Dokumente und Einstellungen\Sven\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Super, die Viren scheinen weg zu sein, jedenfalls kommt nicht mehr der schwarze Bildschirm und die Fake-Programme sind auch nicht mehr da! Falls ich noch weitere Schritte machen muss, gib mir bitte Bescheid! Tausend Dank schonmal bis hierhin! Dieser Beitrag wurde am 02.09.2006 um 11:15 Uhr von soho101 editiert.
|
|
|
|
|
|
|
02.09.2006, 13:11
Ehrenmitglied
Beiträge: 29434 |
#8
1.
Avenger Zitat Files to delete:* loesche: C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Ultimate Defender C:\Programme\Ultimate Defender C:\Programme\DriveCleaner 2006 Free * Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" ( reinkopieren) Ultimate Defender BraveSentry DriveCleaner 2006 Free in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. + poste das neue log vom HijackTHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.09.2006, 16:03
Member
Themenstarter Beiträge: 39 |
#9
Hallo Sabina, hier die Logs:
im Avenger gab es leider nur einen Error Log: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Fatal error: could not create new script file. Error code: 0 Error logged to errorlog.txt. Aborting now! Die Dateien sind wohl nicht mehr vorhanden... Die Ordner waren auch nicht mehr vorhanden, sind jedenfalls nicht wiedergekommen, nachdem ich sie das letzte Mal gelöscht habe. Hier das Log vom Registry Search: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 02.09.2006 15:54:32 for strings: ; 'ultimate defender' ; 'bravesentry' ; 'drivecleaner 2006 free' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Defender] [HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Defender\Updates] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\DriveCleaner 2006 Free] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Erase] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Scan] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Scan\Folders] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Scripts] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Scripts\Variables] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Settings] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Application Restrictions] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Browser Helper Objects] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Disable Regedit Policy] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\IE Reset Web Settings] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer 3rd Party Cookies] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Explorer Bars] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Extensions] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Menu Extension] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Plugins] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Restrictions] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Security Settings] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Security Zones] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer ShellBrowser] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Toolbars] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer Trusted Sites] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer URLs] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Internet Explorer WebBrowser] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Startup Files] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\Startup Registry Files] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Application Agent Checkpoints\URL Search Hooks] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Internet Agents Checkpoints] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Internet Agents Checkpoints\Dialup Connection] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Internet Agents Checkpoints\Internet Proxy Server] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Internet Agents Checkpoints\Internet Trusted Sites] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Internet Agents Checkpoints\Name Server Protection] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Internet Agents Checkpoints\TCPIP Parameters] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\Internet Agents Checkpoints\Winsock Layered Service Providers] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Active Desktop] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Active Desktop\Items] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\AppInit DLLs] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Approved Shell Extensions] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Context Menu Handler] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Control.ini Policy] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Explorer Trojan] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Ini File Mapping] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Shared TaskScheduler] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Shell Service Object Delay Load] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\User Shell Folders] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Directory Trojans] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Extensions] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Hosts File] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Password Protection] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Protocols] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Restrict Anonymous] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Services] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Shell Execute Hooks] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Windows Update Service] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Winlogon Shell] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\Winlogon Userinit] [HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender\Shield\System Agent Checkpoints\WOW Boot Shell] ; End Of The Log... Hier das Log von HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 16:02:39, on 02.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Lavasoft\Ad-aware 6\Ad-watch.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Sven\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cwlan-cache.fh-wedel.de:3128 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{86CA7F76-0FAB-407F-A556-DAB2B8678C94}: NameServer = 217.237.149.161 217.237.150.205 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe |
|
|
|
|
|
|
02.09.2006, 18:53
Ehrenmitglied
Beiträge: 29434 |
#10
Avenger
Zitat registry keys to delete:poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.09.2006, 20:03
Member
Themenstarter Beiträge: 39 |
#11
Hier der erste Log:
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: selected file does not appear to be a valid script. Error code: 0 Der 2. Log sieht genauso aus, es kommen immer nur Fehlermeldungen... |
|
|
|
|
|
|
02.09.2006, 21:47
Ehrenmitglied
Beiträge: 29434 |
#12
gehe in die Registry
Start - Ausfuehren - regedit bearbeiten - suchen - Ultimate Defender und dann: DriveCleaner 2006 Free loesche alles manuell: HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Defender HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\Ultimate Defender HKEY_USERS\S-1-5-21-1123561945-1677128483-1957994488-1003\Software\DriveCleaner 2006 Free PC neustarten + loesche:C:\Programme\Ultimate Defender + scanne und poste den scanreport (stelle vorher alles auf "remove" http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.09.2006, 12:02
Member
Themenstarter Beiträge: 39 |
#13
Hallo,
habe in der Registry die Daten manuell gelöscht. Den Ordner C:\Programme\Ultimate Defender habe ich schon vorher mal gelöscht. Ich kann ihn bei mir nicht mehr sehen. Kann es sein, dass er irgendwie versteckt ist. Bitte erklär mir sonst, wie ich ihn löschen kann. Hier der Scanreport von counterspy: Spyware Scan Details Start Date: 03.09.2006 11:08:51 End Date: 03.09.2006 11:40:00 Total Time: 31 mins 9 secs DriveCleaner Rogue Security Program more information... Details: DriveCleaner is a system cleaning program from Winsoftware that is typically installed through aggressive, badgering pop-ups sprung on users in confusing circumstances. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\UDCShell HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\UDCShell {C4C4786C-9861-46d2-BB63-AC782AB07046} PWS-Banker Password Cracker/Stealer more information... Details: PWS-Banker is trojan that steals passwords and sensitive data from the infected computer. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\AppID\{73364D99-1240-4dff-B11A-67E448373048} [/b] |
|
|
|
|
|
|
03.09.2006, 13:48
Ehrenmitglied
Beiträge: 29434 |
#14
es ist alles wieder in Ordnung
 loesche das backup vom Avenger, unter c:\Avenger dann, zur Sicherheit: F-Secure Online Scanner Next Generation Beta http://support.f-secure.com/enu/home/ols3.shtml 1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta". 2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.09.2006, 16:51
Member
Themenstarter Beiträge: 39 |
#15
Das freut mich echt, dass mir hier so super geholfen werden konnte!
Tausend Dank an Sabina!!! :-) Hier nochmal der Scanreport: Scanning Report Sunday, September 03, 2006 15:28:40 - 16:16:57 Computer name: ROCCO Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ -------------------------------------------------------------------------------- Result: 4 malware found IntexusDial (spyware) System (Disinfected) Possible Browser Hijack attempt (spyware) System (Disinfected) Tracking Cookie (spyware) System (Disinfected) W32/Malware (virus) C:\DOKUMENTE UND EINSTELLUNGEN\SVEN\LOADED.EXE (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 31167 System: 3824 Not scanned: 2 Actions: Disinfected: 3 Renamed: 0 Deleted: 0 None: 1 Submitted: 1 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT -------------------------------------------------------------------------------- Options Scanning engines: F-Secure AVP: 6.0.171, 2006-09-01 F-Secure Libra: 2.4.1, 2006-09-01 F-Secure Orion: 1.2.37, 2006-09-01 F-Secure Blacklight: 1.0.31, 0000-00-00 F-Secure Pegasus: 1.19.0, 2006-07-30 F-Secure Draco: 1.0.35, 2006-08-28 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX Use Advanced heuristics |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
- » Error Safe, Win Antivir Pro 2006 und Drivecleaner 2006 Pop Ups
- » Popups: Winantivir Pro 2006, Drivecleaner 2006...
- » Winantivirus Pro 2006 - Drivecleaner 2006 - Errorsafe
- » Winantivirus Pro 2006 - Drivecleaner 2006 - Klappe die Xte
- » Popups von DriveCleaner, Winantivirus 2006, Sicherheitscenter, Search the Web un
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich wäre echt sehr dankbar, wenn ihr mich durch die einzelnen Schritte führen könntet, da ich mich mit dem Beseitigen von Viren nicht sehr gut auskenne. In anderen Threads habe ich gesehen, dass "Sabina" das immer super und leicht verständlich gemacht hat.
Vielen Dank schonmal im Vorraus!!
Ich bitte um Hilfe, habe die empfohlenen Logs gepostet.
Logfile of HijackThis v1.99.1
Scan saved at 20:46:39, on 31.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\testtestt.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\fae624fe.exe
C:\Programme\DriveCleaner 2006 Free\UDC2006.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Windows\xpupdate.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BraveSentry\BraveSentry.exe
C:\Programme\TightVNC\WinVNC.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Dokumente und Einstellungen\Sven\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cwlan-cache.fh-wedel.de:3128
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {50D933AE-2351-177F-BA64-0AF24BF84B71} - C:\WINDOWS\system32\pkmjdqd.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\testtestt.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [fae624fe.exe] C:\WINDOWS\system32\fae624fe.exe
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Programme\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [cpehmyc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cpehmyc.dll,bhejphb
O4 - HKCU\..\Run: [WinMedia] C:\DOKUME~1\Sven\LOKALE~1\Temp\update1.exe3072.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [fae624fe.exe] C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten\fae624fe.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launch TightVNC Server.lnk = C:\Programme\TightVNC\WinVNC.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86CA7F76-0FAB-407F-A556-DAB2B8678C94}: NameServer = 217.237.149.161 217.237.150.205
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\qjcgejln.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
ComboFix Log:
Sven - 06-08-31 20:54:19,23
ComboFix 06.08.30BT - Running from: C:\Dokumente und Einstellungen\Sven\Desktop
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\vxgamet1.exe
C:\WINDOWS\system32\vxgamet2.exe
C:\WINDOWS\system32\vxgamet3.exe
C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Install.dat
C:\WINDOWS\system32\kernels8.exe
C:\WINDOWS\system32\maxd641.exe
C:\WINDOWS\xpupdate.exe
((((((((((((((((((((((((((((((( Files Created from 2006-07-31 to 2006-08-31 ))))))))))))))))))))))))))))))))))
2006-08-30 11:49 95,232 --a------ C:\WINDOWS\system32\cpehmyc.dll
2006-08-30 11:49 72,704 --a------ C:\WINDOWS\system32\pkmjdqd.dll
2006-08-08 16:51 5,744 --a------ C:\WINDOWS\system32\testtestt.exe
2006-08-08 16:50 6,599 --a------ C:\WINDOWS\system32\dlh9jkdq7.exe
2006-08-08 16:50 6,599 --a------ C:\WINDOWS\system32\dlh9jkdq6.exe
2006-08-08 16:50 36,864 --a------ C:\WINDOWS\system32\qjcgejln.dll
2006-08-08 16:50 20,992 --a------ C:\WINDOWS\system32\fae624fe.exe
2006-08-08 16:50 18,944 --ah----- C:\WINDOWS\system32\pejohnkm.exe
2006-08-08 16:50 18,585 --a------ C:\WINDOWS\system32\dlh9jkdq2.exe
2006-08-08 16:50 15 --a------ C:\WINDOWS\system32\dlh9jkdq8.exe
2006-08-08 16:33 74,968 --a------ C:\WINDOWS\KB902767.exe
2006-08-08 16:33 56,536 --a------ C:\WINDOWS\system32\ipv6mons.dll
2006-08-08 16:33 5,392 --a------ C:\23100247.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-31 20:49 -------- d-------- C:\Programme\CleanUp!
2006-08-31 19:26 -------- d-------- C:\Programme\Lavasoft
2006-08-31 19:09 -------- d-------- C:\Programme\AVPersonal
2006-08-28 12:00 -------- d-------- C:\Programme\DriveCleaner 2006 Free
2006-08-22 15:34 -------- d-------- C:\Programme\Messenger
2006-08-22 15:34 -------- d-------- C:\Programme\Internet Explorer
2006-08-22 15:32 -------- d-------- C:\Programme\Outlook Express
2006-08-22 15:15 -------- d-------- C:\Programme\FreePDF_XP
2006-08-22 15:01 -------- d-------- C:\Programme\Windows Media Player
2006-08-22 09:40 -------- d--h----- C:\Programme\WindowsUpdate
2006-08-18 13:41 -------- d-------- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Canon
2006-08-08 22:26 -------- d-------- C:\Programme\Sch”nherr Personal Firewall
2006-08-08 18:28 -------- d-------- C:\Programme\Ultimate Defender
2006-08-08 17:10 -------- d-------- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Ultimate Defender
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 16:32 -------- d-------- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\AdobeUM
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"OpwareSE2"="\"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HydraVisionDesktopManager"="C:\\Programme\\ATI Technologies\\ATI HYDRAVISION\\HydraDM.exe"
"FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe"
"fae624fe.exe"="C:\\WINDOWS\\system32\\fae624fe.exe"
"DriveCleaner 2006 Free"="\"C:\\Programme\\DriveCleaner 2006 Free\\UDC2006.exe\" /min"
"AVSCHED32"="C:\\Programme\\AVPersonal\\AVSched32.EXE /min"
"AVGCtrl"="\"C:\\Programme\\AVPersonal\\AVGNT.EXE\" /min"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"cpehmyc.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\cpehmyc.dll,bhejphb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BraveSentry"="C:\\Program Files\\BraveSentry\\BraveSentry.exe"
"fae624fe.exe"="C:\\Dokumente und Einstellungen\\Sven\\Lokale Einstellungen\\Anwendungsdaten\\fae624fe.exe"
"WinMedia"="C:\\DOKUME~1\\Sven\\LOKALE~1\\Temp\\update1.exe3072.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"Wallpaper"="C:\\WINDOWS\\desktop.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Completion time: 31.08.2006 20:57:57.11
ComboFix.txt
1. datFind Log:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C4CB-8156
Verzeichnis von C:\WINDOWS\system32
31.08.2006 21:01 20 2.txt
31.08.2006 21:01 3 1.txt
30.08.2006 11:49 95.232 cpehmyc.dll
30.08.2006 11:49 72.704 pkmjdqd.dll
30.08.2006 11:47 2.206 wpa.dbl
23.08.2006 17:21 53.942 perfc009.dat
23.08.2006 17:21 383.588 perfh009.dat
23.08.2006 17:21 395.074 perfh007.dat
23.08.2006 17:21 64.994 perfc007.dat
23.08.2006 17:21 906.552 PerfStringBackup.INI
23.08.2006 17:18 250.288 FNTCACHE.DAT
08.08.2006 16:51 4 winsub.xml
08.08.2006 16:51 60 svcp.csv
08.08.2006 16:51 5.744 testtestt.exe
08.08.2006 16:50 20.992 fae624fe.exe
08.08.2006 16:50 15 dlh9jkdq8.exe
08.08.2006 16:50 1 vx.tll
08.08.2006 16:50 6.599 dlh9jkdq7.exe
08.08.2006 16:50 6.599 dlh9jkdq6.exe
08.08.2006 16:50 18.585 dlh9jkdq2.exe
08.08.2006 16:50 36.864 qjcgejln.dll
08.08.2006 16:50 18.944 pejohnkm.exe
08.08.2006 16:33 56.536 ipv6mons.dll
28.07.2006 13:28 3.075.072 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
25.07.2006 22:33 615.936 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
05.07.2006 12:55 1.057.792 kernel32.dll
26.06.2006 19:40 148.480 dnsapi.dll
26.06.2006 19:40 8.192 rasadhlp.dll
23.06.2006 13:10 664.576 wininet.dll
23.06.2006 13:10 474.624 shlwapi.dll
23.06.2006 13:10 448.512 mshtmled.dll
23.06.2006 13:10 1.494.016 shdocvw.dll
23.06.2006 13:10 532.480 mstime.dll
23.06.2006 13:10 146.432 msrating.dll
23.06.2006 13:10 39.424 pngfilt.dll
23.06.2006 13:10 1.022.976 browseui.dll
23.06.2006 13:10 152.064 cdfview.dll
23.06.2006 13:10 1.056.256 danim.dll
23.06.2006 13:10 96.768 inseng.dll
23.06.2006 13:10 357.888 dxtmsft.dll
23.06.2006 13:10 251.392 iepeers.dll
23.06.2006 13:10 55.808 extmgr.dll
23.06.2006 13:10 205.312 dxtrans.dll
23.06.2006 13:10 16.384 jsproxy.dll
23.06.2006 10:53 27.136 xpsp3res.dll
22.06.2006 12:47 181.248 rasmans.dll
01.06.2006 20:47 163.840 jgdw400.dll
2.datFind Log:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C4CB-8156
Verzeichnis von C:\DOKUME~1\Sven\LOKALE~1\Temp
31.08.2006 21:15 16.384 ~DFF8A.tmp
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 54.545.223.680 Bytes frei[/b]
3. datFind Log:
nach dem Einfügen des 3. Logs stürzt jedes Mal der Browser ab, wenn ich auf "Beitrag aktualisieren" klicke...
4. datFind Log:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C4CB-8156
Verzeichnis von C:\
31.08.2006 21:43 0 sys.txt
31.08.2006 21:41 8.242 system.txt
31.08.2006 21:40 290 systemtemp.txt
31.08.2006 21:39 97.767 system32.txt
31.08.2006 21:19 0 .protected
31.08.2006 21:14 805.306.368 pagefile.sys
17.08.2006 11:07 221 boot.ini
08.08.2006 16:45 5.392 23100247.exe
08.04.2005 17:49 330 log.txt
20.01.2005 15:02 505 FSC-DeskUpdate.txt
14.01.2005 15:26 5.250 0x0407.ini
30.12.2004 21:28 47.564 NTDETECT.COM
30.12.2004 21:28 251.184 ntldr
30.12.2004 21:13 0 AUTOEXEC.BAT
30.12.2004 21:13 0 IO.SYS
30.12.2004 21:13 0 CONFIG.SYS
30.12.2004 21:13 0 MSDOS.SYS
18.08.2001 12:00 4.952 bootfont.bin
18 Datei(en) 805.728.065 Bytes
0 Verzeichnis(se), 54.545.072.128 Bytes frei