Home » Spyware & Browser Hijacker Support Forum » StrCodec (Virus, Trojaner, System Alert: Spyware found) » Themenansicht

StrCodec (Virus, Trojaner, System Alert: Spyware found)

Thema ist geschlossen!
Thema ist geschlossen!
#0
18.09.2006, 16:16
Immortal Sou
...neu hier

Beiträge: 2
#1 Hallo,

habe auch den komischen Codec der ständig popups öffnet und will das ich was gegen viren programme downloade. Könnte nen bisschen Hilfe gebrauchen ;-).
Hier die logs die man machen sollte und in den beitrag einfügen sollte.

Danke schonmal

Immortal

1. -----------
Logfile of HijackThis v1.99.1
Scan saved at 15:40:00, on 18.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
P:\PROGRA~1\SYMANT~1\vptray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
P:\Programme\Winamp\winampa.exe
P:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
P:\Programme\QuickTime\qttask.exe
P:\Programme\ICQLite\ICQLite.exe
P:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
P:\Programme\sipgate X-Lite\sipgateXLite.exe
P:\Programme\FRITZ!DSL\IGDCTRL.EXE
P:\Programme\Trillian\trillian.exe
P:\PROGRA~1\SYMANT~1\DefWatch.exe
P:\PROGRA~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
P:\Programme\Winamp\winamp.exe
C:\Programme\strCodec\pmmon.exe
C:\Programme\strCodec\pmsngr.exe
P:\PROGRA~1\MOZILLA\FIREFOX\FIREFOX.EXE
P:\Programme\Symantec AntiVirus\VPC32.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

fritz.box
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -

P:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

P:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -

P:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Programme\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -

P:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [vptray] P:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] P:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "P:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [QuickTime Task] "P:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "P:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\RunOnce: [ICQ Lite] P:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Startup: Trillian.lnk = P:\Programme\Trillian\trillian.exe
O4 - Startup: Winamp.lnk = P:\Programme\Winamp\winamp.exe
O4 - Global Startup: Acrobat Assistant.lnk = P:\Programme\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O4 - Global Startup: sipgate X-Lite.lnk = P:\Programme\sipgate X-Lite\sipgateXLite.exe
O8 - Extra context menu item: &eBay Search - res://P:\Programme\eBay\eBay

Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ICQ Toolbar Search -

res://P:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren -

res://P:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

P:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

P:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

P:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: p:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: p:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: p:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: p:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: p:\programme\fritz!dsl\sarah.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093

202494171
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AVM IGD CTRL Service - AVM Berlin - P:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: DefWatch - Symantec Corporation - P:\PROGRA~1\SYMANT~1\DefWatch.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame

Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

P:\PROGRA~1\SYMANT~1\Rtvscan.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - P:\Programme\T-DSL

SpeedManager\tsmsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 -

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


C:\WINDOWS\Prefetch\ASHDRI~1.EXE-16E847B3.pf - deleted
C:\WINDOWS\Prefetch\AU_.EXE-1563F1CE.pf - deleted
C:\WINDOWS\Prefetch\BS6_UNINSTALL.EXE-05DE05FB.pf - deleted
C:\WINDOWS\Prefetch\BURNIN~1.EXE-178BB04E.pf - deleted
C:\WINDOWS\Prefetch\CANCELAUTOPLAY.EXE-22950F82.pf - deleted
C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\CRAZYMACHINESNH.EXE-055653DC.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\DOKOPF.EXE-23C6115E.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted
C:\WINDOWS\Prefetch\DW20.EXE-005BA42F.pf - deleted
C:\WINDOWS\Prefetch\DWHWIZRD.EXE-063FD5DC.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\EXCEL.EXE-37225E3A.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FBOXUPD.EXE-287029A8.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-08B833D8.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-22F6A826.pf - deleted
C:\WINDOWS\Prefetch\FPDISP5A.EXE-109D6FA9.pf - deleted
C:\WINDOWS\Prefetch\FREECELL.EXE-0CC25C3B.pf - deleted
C:\WINDOWS\Prefetch\FRITZDSL.EXE-26302C5A.pf - deleted
C:\WINDOWS\Prefetch\GLB1A2B.EXE-1C0B4E74.pf - deleted
C:\WINDOWS\Prefetch\GLBC3.TMP-1367311E.pf - deleted
C:\WINDOWS\Prefetch\GLF29G~1.EXE-02DD7B35.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\ICQLITE.EXE-15BE1417.pf - deleted
C:\WINDOWS\Prefetch\IESUNINST.EXE-10B6C947.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\INSTALLER.EXE-26AF1199.pf - deleted
C:\WINDOWS\Prefetch\INSTALL_FLASH_PLAYER.EXE-081A3174.pf - deleted
C:\WINDOWS\Prefetch\ISAMINI.EXE-39EA987F.pf - deleted
C:\WINDOWS\Prefetch\ISAMONITOR.EXE-140E41D4.pf - deleted
C:\WINDOWS\Prefetch\JAVA.EXE-1586CEFA.pf - deleted
C:\WINDOWS\Prefetch\JUCHECK.EXE-03FBF417.pf - deleted
C:\WINDOWS\Prefetch\JUSCHED.EXE-2E5491BE.pf - deleted
C:\WINDOWS\Prefetch\LAUNCHER.EXE-31C8D5F4.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf - deleted
C:\WINDOWS\Prefetch\LUALL.EXE-2BCC229F.pf - deleted
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf - deleted
C:\WINDOWS\Prefetch\MMC.EXE-22FA564C.pf - deleted
C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf - deleted
C:\WINDOWS\Prefetch\MRTSTUB.EXE-2FA5E158.pf - deleted
C:\WINDOWS\Prefetch\MSHEARTS.EXE-0D7FE295.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted
C:\WINDOWS\Prefetch\NERO.EXE-15EB5D03.pf - deleted
C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf - deleted
C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-125F98A3.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\OLRSUBMISSION.EXE-21890CE7.pf - deleted
C:\WINDOWS\Prefetch\OSE.EXE-313A091F.pf - deleted
C:\WINDOWS\Prefetch\OUTLOOK.EXE-390C7E6B.pf - deleted
C:\WINDOWS\Prefetch\PDVDSERV.EXE-3488BE82.pf - deleted
C:\WINDOWS\Prefetch\PMMON.EXE-18463871.pf - deleted
C:\WINDOWS\Prefetch\PMSNGR.EXE-191E6298.pf - deleted
C:\WINDOWS\Prefetch\POWERDVD.EXE-08F29875.pf - deleted
C:\WINDOWS\Prefetch\POWERPNT.EXE-102723CA.pf - deleted
C:\WINDOWS\Prefetch\QTTASK.EXE-0907D0B8.pf - deleted
C:\WINDOWS\Prefetch\QUICKTIMEPLAYER.EXE-00CB3397.pf - deleted
C:\WINDOWS\Prefetch\REALPLAY.EXE-3A376948.pf - deleted
C:\WINDOWS\Prefetch\REALSCHED.EXE-0A2A7558.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-14B29E97.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-16ED3112.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-188DF14E.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-18ACD379.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2B4598AD.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-463AFAD9.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C2ED272.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C86CC09.pf - deleted
C:\WINDOWS\Prefetch\SIPGATEXLITE.EXE-192B9512.pf - deleted
C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf - deleted
C:\WINDOWS\Prefetch\STCENTER.EXE-17D4416F.pf - deleted
C:\WINDOWS\Prefetch\STRCODEC.424.EXE-21D7FF73.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TEAMSPEAK.EXE-0BCB9FEE.pf - deleted
C:\WINDOWS\Prefetch\TMP18.TMP-042A4303.pf - deleted
C:\WINDOWS\Prefetch\TMP19.TMP-35A14B3D.pf - deleted
C:\WINDOWS\Prefetch\TMP1A.TMP-1F2BF28B.pf - deleted
C:\WINDOWS\Prefetch\TMP1B.TMP-1A9F9BB5.pf - deleted
C:\WINDOWS\Prefetch\TRILLIAN.EXE-2B857182.pf - deleted
C:\WINDOWS\Prefetch\UNINST.EXE-10F53BB8.pf - deleted
C:\WINDOWS\Prefetch\UNINST.EXE-206152E1.pf - deleted
C:\WINDOWS\Prefetch\UNWISE.EXE-08A37141.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-0BAB557A.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1289F95D.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-1E7D3B0D.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-21623DCF.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2176BE1E.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2461DDD9.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-26BEEFEC.pf - deleted
C:\WINDOWS\Prefetch\UPDATER.EXE-0680A4E7.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VB1C.EXE-1FDFC176.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VIRUS-BURST.EXE-0C261FE6.pf - deleted
C:\WINDOWS\Prefetch\VLC-0.8.5-WIN32.EXE-1C9630A8.pf - deleted
C:\WINDOWS\Prefetch\VLC.EXE-3ACE3305.pf - deleted
C:\WINDOWS\Prefetch\VPC32.EXE-2BD4559D.pf - deleted
C:\WINDOWS\Prefetch\VPDN_LU.EXE-2BE7D4A4.pf - deleted
C:\WINDOWS\Prefetch\VPTRAY.EXE-07950455.pf - deleted
C:\WINDOWS\Prefetch\WINAMP.EXE-2B90D5BD.pf - deleted
C:\WINDOWS\Prefetch\WINAMPA.EXE-15C2275C.pf - deleted
C:\WINDOWS\Prefetch\WINDOWS-KB890830-V1.20-DELTA.-224F9000.pf - deleted
C:\WINDOWS\Prefetch\WINDOWSXP-KB922582-X86-DEU.EX-39C04EF5.pf - deleted
C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-30744526.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-0763EDA3.pf - deleted
C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969332.pf - deleted
C:\WINDOWS\Prefetch\WOW-1.12.0-DEDE-DOWNLOADER.EX-2AF26107.pf - deleted
C:\WINDOWS\Prefetch\WOW-1.12.0-DEDE-PATCH.EXE-03FEEF38.pf - deleted
C:\WINDOWS\Prefetch\WOW.EXE-377BA877.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\X10NETS.EXE-199F9ADE.pf - deleted
C:\WINDOWS\Prefetch\XP-ANTISPY_SETUP-DEUTSCH2.EXE-087BED3F.pf - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 95.9 MB of disk space from 3731 files.
CleanUp! finished on 09/18/06 16:17:46.

3. combofix
-----------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"pmsngr.exe"="C:\\Programme\\strCodec\\pmsngr.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Mon 18.09.2006 16:07:42.31
ComboFix.txt

4.datfind
-----------------------

-------SYSTEM32-----------

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: A076-0C41

Verzeichnis von C:\WINDOWS\system32

18.09.2006 13:11 176.128 syycum.dll
11.09.2006 19:37 8.960.936 MRT.exe
31.08.2006 18:21 2.262 wpa.dbl
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
17.08.2006 22:22 49.174 perfc007.dat



------TEMP--------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: A076-0C41

Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

18.09.2006 16:09 206 jusched.log
1 Datei(en) 206 Bytes
0 Verzeichnis(se), 3.908.001.792 Bytes frei

---------Windows-------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: A076-0C41

Verzeichnis von C:\WINDOWS

18.09.2006 16:00 1.125 Winamp.ini
18.09.2006 15:59 0 0.log
18.09.2006 15:59 1.905.523 WindowsUpdate.log
18.09.2006 15:59 2.048 bootstat.dat
18.09.2006 15:58 32.622 SchedLgU.Txt
18.09.2006 14:28 672.385 setupapi.log
15.09.2006 14:32 849.959 iis6.log
15.09.2006 14:32 257.907 comsetup.log


----------C----------
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: A076-0C41

Verzeichnis von C:\

18.09.2006 16:12 0 sys.txt
18.09.2006 16:12 11.753 system.txt
18.09.2006 16:10 287 systemtemp.txt
18.09.2006 16:09 100.175 system32.txt
18.09.2006 16:07 5.705 ComboFix.txt
18.09.2006 15:59 805.306.368 pagefile.sys
18.09.2006 14:08 11.535 files.txt
18.09.2006 14:05 1.263 c.txt
Dieser Beitrag wurde am 18.09.2006 um 20:08 Uhr von Immortal Sou editiert.
Seitenanfang Seitenende
19.09.2006, 12:57
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Immortal Sou

«
mediacodec.zip laden
http://virus-protect.org/zip/mediacodec.zip
entpacken auf dem Desktop -> mediacodec.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen

«
avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}

Files to delete:
C:\WINDOWS\system32\syycum.dll

Folders to delete:
C:\Programme\strCodec
C:\Programme\VirusBurst
C:\Programme\Virus-Burst
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

«
scanne mit smitfraud fix -Option 1 und 2
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.09.2006, 17:02
Immortal Sou
...neu hier

Themenstarter

Beiträge: 2
#3 Hy,

danke hab beides gemacht, Popups und warnhinweise sind weg.
Vielen vielen dank.
Wollte eigentlich nach dem mist direkt neu instalieren aber hatte meine cd´s noch net wieder;-)

Avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\woycbvyx

*******************

Script file located at: \??\C:\WINDOWS\system32\fbhmsiio.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\syycum.dll deleted successfully.
Folder C:\Programme\strCodec deleted successfully.


Folder C:\Programme\VirusBurst not found!
Deletion of folder C:\Programme\VirusBurst failed!

Could not process line:
C:\Programme\VirusBurst
Status: 0xc0000034



Folder C:\Programme\Virus-Burst not found!
Deletion of folder C:\Programme\Virus-Burst failed!

Could not process line:
C:\Programme\Virus-Burst
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


SmitfrauFix
-------------------------
SmitFraudFix v2.92

Scan done at 17:04:07,81, Di 19.09.2006
Run from C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\ADMINI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Dieser Beitrag wurde am 19.09.2006 um 17:10 Uhr von Immortal Sou editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1