Bin leider auch ein Virus-Burst-Geschädigter :(Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
24.09.2006, 14:44
...neu hier
Beiträge: 9 |
||
|
||
24.09.2006, 14:53
Ehrenmitglied
Beiträge: 29434 |
#17
Bolloman
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\rave.exe C:\photopnt.exe C:\coreldrw.exe poste den report --------------------------------------------------------- Pocket KillBox http://virus-protect.org/killbox.html Options: "Delete on Reboot" und "Single File"--> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ..... C:\backup.reg C:\hjjxhlac.bat C:\avexport.bat C:\ccljnnls.bat C:\hfgkohli.bat C:\pb^nymju.bat C:\pleduidp.bat C:\WINDOWS\system32\drivers\jcjynidt.sys C:\WINDOWS\system32\drivers\dbpptvnl.sys C:\WINDOWS\system32\drivers\tkcpslpv.sys C:\WINDOWS\system32\drivers\uttbgyci.sys C:\WINDOWS\system32\drivers\tmraqlfx.sys PC neustarten öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [hrnkcmlu] C:\pjupgjnb.bat O4 - HKLM\..\Run: [kposouyh] C:\pleduidp.bat O4 - HKLM\..\Run: [wsggahtf] C:\pb^nymju.bat O4 - HKLM\..\Run: [iyausbeg] C:\hfgkohli.bat O4 - HKLM\..\Run: [ceucsnbh] C:\ccljnnls.bat O4 - HKLM\..\Run: [tonnppko] C:\hjjxhlac.bat PC neustarten scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html --------------------------------------------- __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.09.2006, 16:42
...neu hier
Beiträge: 9 |
#18
Hallo Sabina,
Situation scheint sich zu stabilisieren, nach dem Neustart kam der Datenträger-Fehler nicht mehr. Anbei die logs: Antivirus Version Update Result AntiVir 7.2.0.18 09.23.2006 no virus found Authentium 4.93.8 09.23.2006 no virus found Avast 4.7.844.0 09.22.2006 no virus found AVG 386 09.22.2006 no virus found BitDefender 7.2 09.24.2006 no virus found CAT-QuickHeal 8.00 09.22.2006 no virus found ClamAV devel-20060426 09.24.2006 no virus found DrWeb 4.33 09.22.2006 no virus found eTrust-InoculateIT 23.73.4 09.24.2006 no virus found eTrust-Vet 30.3.3093 09.22.2006 no virus found Ewido 4.0 09.24.2006 no virus found Fortinet 2.82.0.0 09.24.2006 no virus found F-Prot 3.16f 09.23.2006 no virus found F-Prot4 4.2.1.29 09.23.2006 no virus found Ikarus 0.2.65.0 09.23.2006 no virus found Kaspersky 4.0.2.24 09.24.2006 no virus found McAfee 4858 09.22.2006 no virus found Microsoft 1.1560 09.24.2006 no virus found NOD32v2 1.1771 09.23.2006 no virus found Norman 5.90.23 09.22.2006 no virus found Panda 9.0.0.4 09.24.2006 no virus found Sophos 4.09.0 09.24.2006 no virus found Symantec 8.0 09.24.2006 no virus found TheHacker 6.0.1.078 09.24.2006 no virus found UNA 1.83 09.22.2006 no virus found VBA32 3.11.1 09.24.2006 no virus found VirusBuster 4.3.7:9 09.24.2006 no virus found Aditional Information File size: 1 bytes MD5: c4ca4238a0b923820dcc509a6f75849b SHA1: 356a192b7913b04c54574d18c28d46e6395428ab Antivirus Version Update Result AntiVir 7.2.0.18 09.23.2006 no virus found Authentium 4.93.8 09.23.2006 no virus found Avast 4.7.844.0 09.22.2006 no virus found AVG 386 09.22.2006 no virus found BitDefender 7.2 09.24.2006 no virus found CAT-QuickHeal 8.00 09.22.2006 no virus found ClamAV devel-20060426 09.24.2006 no virus found DrWeb 4.33 09.22.2006 no virus found eTrust-InoculateIT 23.73.4 09.24.2006 no virus found eTrust-Vet 30.3.3093 09.22.2006 no virus found Ewido 4.0 09.24.2006 no virus found Fortinet 2.82.0.0 09.24.2006 no virus found F-Prot 3.16f 09.23.2006 no virus found F-Prot4 4.2.1.29 09.23.2006 no virus found Ikarus 0.2.65.0 09.23.2006 no virus found Kaspersky 4.0.2.24 09.24.2006 no virus found McAfee 4858 09.22.2006 no virus found Microsoft 1.1560 09.24.2006 no virus found NOD32v2 1.1771 09.23.2006 no virus found Norman 5.90.23 09.22.2006 no virus found Panda 9.0.0.4 09.24.2006 no virus found Sophos 4.09.0 09.24.2006 no virus found Symantec 8.0 09.24.2006 no virus found TheHacker 6.0.1.078 09.24.2006 no virus found UNA 1.83 09.22.2006 no virus found VBA32 3.11.1 09.24.2006 no virus found VirusBuster 4.3.7:9 09.24.2006 no virus found Aditional Information File size: 1 bytes STATUS: FINISHEDComplete scanning result of "rave.exe", received in VirusTotal at 09.24.2006, 15:11:17 (CET). Antivirus Version Update Result AntiVir 7.2.0.18 09.23.2006 no virus found Authentium 4.93.8 09.23.2006 no virus found Avast 4.7.844.0 09.22.2006 no virus found AVG 386 09.22.2006 no virus found BitDefender 7.2 09.24.2006 no virus found CAT-QuickHeal 8.00 09.22.2006 no virus found ClamAV devel-20060426 09.24.2006 no virus found DrWeb 4.33 09.22.2006 no virus found eTrust-InoculateIT 23.73.4 09.24.2006 no virus found eTrust-Vet 30.3.3093 09.22.2006 no virus found Ewido 4.0 09.24.2006 no virus found Fortinet 2.82.0.0 09.24.2006 no virus found F-Prot 3.16f 09.23.2006 no virus found F-Prot4 4.2.1.29 09.23.2006 no virus found Ikarus 0.2.65.0 09.23.2006 no virus found Kaspersky 4.0.2.24 09.24.2006 no virus found McAfee 4858 09.22.2006 no virus found Microsoft 1.1560 09.24.2006 no virus found NOD32v2 1.1771 09.23.2006 no virus found Norman 5.90.23 09.22.2006 no virus found Panda 9.0.0.4 09.24.2006 no virus found Sophos 4.09.0 09.24.2006 no virus found Symantec 8.0 09.24.2006 no virus found TheHacker 6.0.1.078 09.24.2006 no virus found UNA 1.83 09.22.2006 no virus found VBA32 3.11.1 09.24.2006 no virus found VirusBuster 4.3.7:9 09.23.2006 no virus found Aditional Information File size: 1 bytes MD5: eccbc87e4b5ce2fe28308fd9f2a7baf3 SHA1: 77de68daecd823babbb58edb1c8e14d7106e83bb ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Dialer.Generic Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial Risk: High Name: Dialer.Generic Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial\CLSID Risk: High Name: Dialer.Generic Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial\CurVer Risk: High Name: Dialer.Generic Path: HKLM\SOFTWARE\Classes\IEAccess2.IEDial.1 Risk: High Name: Dialer.Generic Path: HKLM\SOFTWARE\IntexusDial Risk: High Name: Adware.Generic Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Risk: Medium Name: Adware.Generic Path: HKU\S-1-5-21-1434109735-1774555873-3433309461-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b} Risk: Medium Name: Adware.Msnagent Path: C:\backup-06-09-24- 7.56.56.65.zip/avenger/{C46867D7-4B61-47CF-AFD0-DC5C69C7606F}.exe Risk: Medium Name: Rootkit.Agent.cf Path: C:\backup-06-09-24-13.59.14.54.zip/avenger/ntio256.sys.ren Risk: High Name: Proxy.Wopla.ac Path: C:\backup-06-09-24-13.59.14.54.zip/avenger/protector.exe.ren Risk: High Name: Trojan.NoClose.i Path: C:\Dokumente und Einstellungen\Silvia\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M3AH6783\exitpoplighthostsk[1].htm Risk: High Name: Adware.MemoryWatcher Path: C:\Programme\MemoryWatcher Risk: Medium Name: Adware.MemoryWatcher Path: C:\Programme\MemoryWatcher\EULA.URL Risk: Medium Name: Adware.Gator Path: C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll Risk: Medium Vielen Dank für die schnellen Antworten. |
|
|
||
24.09.2006, 16:53
Ehrenmitglied
Beiträge: 29434 |
#19
gehe in die registry
Start - Ausfuehren - regedit «« bearbeiten - suchen - IntexusDial HKEY_LOCAL_MACHINE\SOFTWARE\IntexusDial -> loeschen «« bearbeiten - suchen - {6af69c4d-420a-4c95-b34f-e4635f84f53b} HKU\S-1-5-21-1434109735-1774555873-3433309461-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\ {6af69c4d-420a-4c95-b34f-e4635f84f53b} -> loeschen «« bearbeiten - suchen - IEAccess HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEAccess2.IEDial HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EAccess2.IEDial.1 -> loeschen «« bearbeiten - suchen - {c95fe080-8f5d-11d2-a20b-00aa003c157a} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> loeschen ---------------------------------------------------------- Avenger Zitat Files to delete:PC neustarten ** loesche alle backups vom avenger C:\backup-06-09-24- 7.56.56.65.zip..und die anderen....... ** poste noch mal die 4 logs von datfindbat « __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.09.2006, 18:30
...neu hier
Beiträge: 3 |
#20
Hallo Sabina!
Hier die txt von Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\evwgwrue ******************* Script file located at: \??\I:\vslssfig.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at I:\Avenger ******************* Beginning to process script file: File I:\WINDOWS\system32\zphnok.dll deleted successfully. File I:\Dokumente und Einstellungen\Hermann Ruetz\Anwendungsdaten\errorsafefreeinstall_de[1].exe deleted successfully. Folder I:\Programme\Error Safe not found! Deletion of folder I:\Programme\Error Safe failed! Could not process line: I:\Programme\Error Safe Status: 0xc0000034 Folder I:\Programme\MPVIDEOCODEC deleted successfully. Folder I:\Programme\Spy-Heal deleted successfully. Folder I:\Programme\vb deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\ErrorSafe not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\ErrorSafe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96E6B1C3-B5D0-89CC-4909-92D85A48B1A0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0EBCA7C4-AA97-4B47-99D7-4932A73E9198} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16640BA0-193C-4BD5-882B-F92D6EF82156} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A041B9C-44AC-47FF-9399-CB8AEEF1CFE8} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DFFBEAB-DB11-4602-A3E8-0454ED3F928B} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57DD6CFE-ABDB-46C2-92EB-316A5F499167} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{690D2910-BFD6-47D3-A96C-13E6BA2935E8} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8407F578-6FA7-446A-8852-53E6A147472E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8407F578-6FA7-446A-8852-53E6A147472E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85A126D1-2706-443D-9979-8841A1C5B482} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85A126D1-2706-443D-9979-8841A1C5B482} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B11E589E-9A82-40EF-9777-8E13553F83D4} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E39865-E9E9-462F-87CB-9A09CEB4795F} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12E00DE-9BE2-486C-A9F1-19730F93807E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBDD9FB9-3A6C-4DA2-B0A9-D117528D4040} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED33F056-D246-4FF2-8D2A-D9F3938753BF} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFC68768-18B9-4930-9643-F6DD7AA60A71} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5EC0F1E-A3EB-49EA-BD87-989899B6E1C9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEB6CDEC-70F6-4D2B-BCA4-1AB3BCDCC513} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A48995B0-2BB5-4246-B0EA-55B2FFCF9129} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeal.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeal failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeal failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70305bc2-b289-4209-a344-be21f22bc930} deleted successfully. Completed script processing. ******************* Finished! Terminate. Bitte um weitere Unterstützung, danke |
|
|
||
24.09.2006, 20:03
Ehrenmitglied
Beiträge: 29434 |
#21
Ruetz Herman
arbeite noch hijackThis ab und scanne mit smitfraudfix (schaue auf der anderen Seite, meine Anleitung) dann berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.09.2006, 21:02
...neu hier
Beiträge: 9 |
#22
Hallo Sabina,
habe mich wohl zu früh gefreut, der "cmd.exe - kein Datenträger Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR6" war nach dem Neustart nach dem avenger wieder da. Die IntexusDial {6af69c4d-420a-4c95-b34f-e4635f84f53b} IEAccess wurden nicht gefunden, die {c95fe080-8f5d-11d2-a20b-00aa003c157a} konnte ich löschen. Hier der Log vom Avenger bzw. die 4 Logs vom datfindbat: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ffccvkyo ******************* Script file located at: \??\C:\WINDOWS\aoiojlkx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll deleted successfully. File C:\Dokumente und Einstellungen\Silvia\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M3AH6783\exitpoplighthostsk[1].htm deleted successfully. Folder C:\Programme\MemoryWatcher deleted successfully. Completed script processing. ******************* Finished! Terminate. Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\ 06-09-24 20:54 0 sys.txt 06-09-24 20:54 12,193 system.txt 06-09-24 20:54 429 systemtemp.txt 06-09-24 20:54 97,502 system32.txt 06-09-24 20:49 536,399,872 hiberfil.sys 06-09-24 20:49 402,653,184 pagefile.sys 06-09-24 20:49 1,994 avenger.txt 06-09-24 14:34 5,072 ComboFix.txt 06-09-24 08:03 5,398 ComboFix2.txt 06-09-24 07:53 1,144 rapport.txt 06-09-19 20:56 113,300 dirdat.txt 06-09-19 16:39 128 ComboFix3.txt 05-12-28 10:50 2,301 routcnf.txt 05-10-28 07:52 3,515 INSTALL.LOG 05-04-16 05:23 365 log.txt 04-02-13 20:41 47,580 NTDETECT.COM 04-02-13 20:41 235,296 ntldr 03-11-28 22:02 211 SOFTBALL.PRO 03-11-28 22:02 6 SOFTBALL.STA 03-11-28 22:02 660 SOFTBALL.HGH 03-11-11 23:58 0 TDSLCheck.txt 03-03-01 14:35 32 BLOCKOUT.SET 02-05-10 12:24 194 boot.ini 01-12-14 00:54 124 TOnlProt.log 01-09-24 16:46 164 IPH.PH 01-09-15 23:23 0 AUTOEXEC.BAT 01-09-15 23:23 0 MSDOS.SYS 01-09-15 23:23 0 IO.SYS 01-08-18 14:00 4,952 bootfont.bin 01-05-24 12:59 162,304 UNWISE.EXE 00-12-06 12:53 1 rave.exe 00-12-06 12:52 1 photopnt.exe 00-12-06 12:07 1 coreldrw.exe 00-07-15 03:57 15,375 wkhlpqms.hlp 34 Datei(en) 939,763,298 Bytes 0 Verzeichnis(se), 18,453,164,032 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\WINDOWS\system32 06-09-24 05:53 1,158 wpa.dbl 06-09-19 17:31 315,764 perfh009.dat 06-09-19 17:31 42,050 perfc009.dat 06-09-19 17:31 321,382 perfh007.dat 06-09-19 17:31 50,728 perfc007.dat 06-09-19 17:31 735,332 PerfStringBackup.INI 06-06-02 11:04 57,384 avsda.dll 06-03-18 21:51 34,064 lhacm.acm 05-09-09 14:25 94,208 EUMEX4SP.TSP 05-09-09 14:25 143,360 CAPI2032.DLL 05-04-14 20:26 16,832 amcompat.tlb 05-04-14 20:26 23,392 nscompat.tlb Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\WINDOWS 06-09-24 20:50 0 0.log 06-09-24 20:50 3,880 ModemLog_V9X HAM 1394V.txt 06-09-24 20:50 159 wiadebug.log 06-09-24 20:50 50 wiaservc.log 06-09-24 20:49 2,048 bootstat.dat 06-09-24 20:48 32,544 SchedLgU.Txt 06-09-24 15:37 208,554 setupapi.log 06-09-24 07:55 226,904 ntbtlog.txt 06-09-24 07:55 213,900 setupact.log 06-09-19 17:32 19,537 iis6.log 06-09-19 17:32 53,861 comsetup.log 06-09-19 17:32 35,683 ntdtcsetup.log 06-09-19 17:32 4,566 imsins.log 06-09-19 17:32 73,056 tsoc.log 06-09-19 17:32 7,870 ocmsn.log 06-09-19 17:32 112,334 ocgen.log 06-09-19 17:32 7,924 msgsocm.log 06-09-19 17:32 159,319 FaxSetup.log 06-09-18 00:50 81,726 wmsetup.log 06-08-21 04:09 1,501 IE4 Error Log.txt 06-08-21 03:59 346 system.ini 06-08-03 20:11 4,096 d3dx.dat 06-08-03 20:08 77,840 DirectX.log 06-07-30 18:28 103,532 War3Unin.dat 06-05-23 12:19 1,071 AWMODEM.INF 06-05-21 13:04 1,409 QTFont.for 06-05-21 13:04 54,156 QTFont.qfn 06-04-01 03:17 487 Capictrl.INI 06-02-24 06:14 796 stwin05.ini 06-02-24 06:13 810 d2hnav.ini 06-02-11 18:14 133,142 Windows Update.log 06-01-02 23:02 538 WINPHONE.INI Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: A062-6B94 Verzeichnis von C:\DOKUME~1\REN~1\LOKALE~1\Temp 06-09-24 20:50 16,384 Perflib_Perfdata_6c0.dat 06-09-24 20:48 14,038 Des3.tmp 06-09-24 15:05 13,078 Des2.tmp 06-09-24 14:55 16,384 ~DFBA94.tmp 4 Datei(en) 59,884 Bytes 0 Verzeichnis(se), 18,453,172,224 Bytes frei Vielen Dank! |
|
|
||
24.09.2006, 21:10
Ehrenmitglied
Beiträge: 29434 |
#23
Bolloman
«« poste das neue log von combofix «« poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.09.2006, 22:04
...neu hier
Beiträge: 9 |
#24
Hallo Sabina,
anbei die Logs: Ren‚ - 06-09-24 22:00:16.75 Service Pack 1 ComboFix 06.09.23.2 - Running from: "C:\Dokumente und Einstellungen\Ren‚\Desktop\Combofix" ((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 )))))))))))))))))))))))))))))))))) 2006-09-19 17:00 57,384 --a------ C:\WINDOWS\system32\avsda.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-24 14:04 -------- d-------- C:\Dokumente und Einstellungen\Ren‚\Anwendungsdaten\AdobeUM 2006-09-19 17:52 -------- d-------- C:\Programme\Windows Media Player 2006-09-19 17:51 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic 2006-08-27 11:55 -------- d-------- C:\Programme\World of Warcraft (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe" "updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe" "Microsoft Works Portfolio"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe" "C-Media Mixer"="Mixer.exe /startup" "RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe" "nwiz"="nwiz.exe /install" "Corel Reminder"="" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: 06-09-24 22:01:47.87 ComboFix.txt ComboFix2.txt ComboFix3.txt Logfile of HijackThis v1.99.1 Scan saved at 22:02, on 06-09-24 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Telekom\Eumex 704PC LAN\HNetCtrl.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Microsoft Office\Office10\msoffice.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\René\Desktop\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 O4 - Global Startup: HomeNet Control.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MedionShop - {FB7C19EE-F934-44AC-9AFC-EB60504D3B9E} - http://www.medionshop.de (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.mp3-projekt.de/InstallationsAssistent.ocx O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Danke! |
|
|
||
25.09.2006, 09:53
...neu hier
Beiträge: 3 |
||
|
||
25.09.2006, 11:11
Ehrenmitglied
Beiträge: 29434 |
#26
Bolloman
«« loesche den Avenger und die Combofix, mache die WindowsUpdates - lade SP2 «« TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner dann berichte, wie es laeuft __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.10.2006, 17:26
...neu hier
Beiträge: 9 |
#27
Hallo Sabina,
habe Anweisungen vom 25.09.06 ausgeführt, System läuft stabil und unauffällig. Auch der Trojaner "TR/SrchSpy.G", den Antivir immer mal wieder aufgespürt hatte, wird seither nicht mehr gefunden. In der Hoffnung, dass nun alles in Ordnung ist, möchte ich mich verabschieden und vielmals bei Dir für die schnelle und professionelle Hilfe bedanken - das war echt super! Erleichterte Grüße vom Bolloman |
|
|
||
hier die gewünschten Logs, der Avenger erzeugt jedoch folgende Fehlermeldung:
"//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Fatal error: could not create new script file.
Error code: 0
Error logged to errorlog.txt. Aborting now!"
Hier die Logs, die funktioniert haben:
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94
Verzeichnis von C:\
06-09-24 14:20 0 sys.txt
06-09-24 14:20 12,193 system.txt
06-09-24 14:20 338 systemtemp.txt
06-09-24 14:19 97,502 system32.txt
06-09-24 14:13 22 backup-06-09-24-14.13.27.37.zip
06-09-24 14:13 0 backup.reg
06-09-24 14:13 536,399,872 hiberfil.sys
06-09-24 14:13 402,653,184 pagefile.sys
06-09-24 14:12 9,002 avenger.txt
06-09-24 14:12 1,080 hjjxhlac.bat
06-09-24 14:11 2,748 avexport.bat
06-09-24 14:04 1,473 backup-06-09-24-14.13.27.00.zip
06-09-24 14:02 1,080 ccljnnls.bat
06-09-24 13:59 22 backup-06-09-24-14.04.16.45.zip
06-09-24 13:57 1,080 hfgkohli.bat
06-09-24 13:54 45,700 backup-06-09-24-13.59.14.54.zip
06-09-24 13:52 1,080 pb^nymju.bat
06-09-24 13:51 1,080 pleduidp.bat
06-09-24 08:03 5,398 ComboFix.txt
06-09-24 07:53 1,144 rapport.txt
06-09-24 07:38 592,604 backup-06-09-24- 7.56.56.65.zip
06-09-24 07:37 126,976 zip.exe
06-09-19 20:56 113,300 dirdat.txt
06-09-19 16:39 128 ComboFix2.txt
06-09-19 16:36 128 ComboFix3.txt
06-09-19 16:11 1,068,421 backup-06-09-24- 7.38.49.23.zip
05-12-28 10:50 2,301 routcnf.txt
05-10-28 07:52 3,515 INSTALL.LOG
05-04-16 05:23 365 log.txt
04-02-13 20:41 47,580 NTDETECT.COM
04-02-13 20:41 235,296 ntldr
03-11-28 22:02 211 SOFTBALL.PRO
03-11-28 22:02 6 SOFTBALL.STA
03-11-28 22:02 660 SOFTBALL.HGH
03-11-11 23:58 0 TDSLCheck.txt
03-03-01 14:35 32 BLOCKOUT.SET
02-05-10 12:24 194 boot.ini
01-12-14 00:54 124 TOnlProt.log
01-09-24 16:46 164 IPH.PH
01-09-15 23:23 0 IO.SYS
01-09-15 23:23 0 MSDOS.SYS
01-09-15 23:23 0 AUTOEXEC.BAT
01-08-18 14:00 4,952 bootfont.bin
01-05-24 12:59 162,304 UNWISE.EXE
00-12-06 12:53 1 rave.exe
00-12-06 12:52 1 photopnt.exe
00-12-06 12:07 1 coreldrw.exe
00-07-15 03:57 15,375 wkhlpqms.hlp
48 Datei(en) 941,608,637 Bytes
0 Verzeichnis(se), 18,397,556,736 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94
Verzeichnis von C:\WINDOWS\system32
06-09-24 05:53 1,158 wpa.dbl
06-09-19 17:31 315,764 perfh009.dat
06-09-19 17:31 42,050 perfc009.dat
06-09-19 17:31 321,382 perfh007.dat
06-09-19 17:31 50,728 perfc007.dat
06-09-19 17:31 735,332 PerfStringBackup.INI
06-06-02 11:04 57,384 avsda.dll
06-03-18 21:51 34,064 lhacm.acm
05-09-09 14:25 94,208 EUMEX4SP.TSP
05-09-09 14:25 143,360 CAPI2032.DLL
05-04-14 20:26 16,832 amcompat.tlb
05-04-14 20:26 23,392 nscompat.tlb
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94
Verzeichnis von C:\WINDOWS
06-09-24 14:17 159 wiadebug.log
06-09-24 14:16 0 0.log
06-09-24 14:14 3,880 ModemLog_V9X HAM 1394V.txt
06-09-24 14:14 50 wiaservc.log
06-09-24 14:13 2,048 bootstat.dat
06-09-24 14:12 32,544 SchedLgU.Txt
06-09-24 11:06 208,064 setupapi.log
06-09-24 07:55 226,904 ntbtlog.txt
06-09-24 07:55 213,900 setupact.log
06-09-19 17:32 19,537 iis6.log
06-09-19 17:32 53,861 comsetup.log
06-09-19 17:32 35,683 ntdtcsetup.log
06-09-19 17:32 4,566 imsins.log
06-09-19 17:32 73,056 tsoc.log
06-09-19 17:32 7,870 ocmsn.log
06-09-19 17:32 112,334 ocgen.log
06-09-19 17:32 7,924 msgsocm.log
06-09-19 17:32 159,319 FaxSetup.log
06-09-18 00:50 81,726 wmsetup.log
06-08-21 04:09 1,501 IE4 Error Log.txt
06-08-21 03:59 346 system.ini
06-08-03 20:11 4,096 d3dx.dat
06-08-03 20:08 77,840 DirectX.log
06-07-30 18:28 103,532 War3Unin.dat
06-05-23 12:19 1,071 AWMODEM.INF
06-05-21 13:04 1,409 QTFont.for
06-05-21 13:04 54,156 QTFont.qfn
06-04-01 03:17 487 Capictrl.INI
06-02-24 06:14 796 stwin05.ini
06-02-24 06:13 810 d2hnav.ini
06-02-11 18:14 133,142 Windows Update.log
06-01-02 23:02 538 WINPHONE.INI
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: A062-6B94
Verzeichnis von C:\DOKUME~1\REN~1\LOKALE~1\Temp
06-09-24 14:13 16,384 Perflib_Perfdata_718.dat
06-09-24 13:52 11,158 Des2.tmp
2 Datei(en) 27,542 Bytes
0 Verzeichnis(se), 18,397,597,696 Bytes frei
09/24/06 14:21:33 [Info]: BlackLight Engine 1.0.46 initialized
09/24/06 14:21:33 [Info]: OS: 5.1 build 2600 (Service Pack 1)
09/24/06 14:21:34 [Note]: 7019 4
09/24/06 14:21:34 [Note]: 7005 0
09/24/06 14:21:37 [Note]: 7006 0
09/24/06 14:21:37 [Note]: 7011 1484
09/24/06 14:21:38 [Note]: 7026 0
09/24/06 14:21:38 [Note]: 7026 0
09/24/06 14:21:50 [Note]: FSRAW library version 1.7.1019
09/24/06 14:26:21 [Note]: 2000 1006
09/24/06 14:26:51 [Note]: 7006 0
09/24/06 14:26:51 [Note]: 7011 1484
09/24/06 14:26:51 [Note]: 7026 0
09/24/06 14:26:51 [Note]: 7026 0
09/24/06 14:26:59 [Note]: FSRAW library version 1.7.1019
09/24/06 14:31:27 [Note]: 2000 1006
09/24/06 14:31:47 [Note]: 7007 0
Ren‚ - 06-09-24 14:33:23.26 Service Pack 1
ComboFix 06.09.23.2 - Running from: "C:\Dokumente und Einstellungen\Ren‚\Desktop\Combofix"
((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))
2006-09-24 14:13 0 --a------ C:\backup.reg
2006-09-24 14:12 1,080 --a------ C:\hjjxhlac.bat
2006-09-24 14:02 1,080 --a------ C:\ccljnnls.bat
2006-09-24 13:57 1,080 --a------ C:\hfgkohli.bat
2006-09-24 13:52 1,080 --a------ C:\pb^nymju.bat
2006-09-24 13:51 1,080 --a------ C:\pleduidp.bat
2006-09-24 07:37 2,748 --a------ C:\avexport.bat
2006-09-24 07:37 126,976 --a------ C:\zip.exe
2006-09-19 17:00 57,384 --a------ C:\WINDOWS\system32\avsda.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-24 14:11 60416 --a------ C:\WINDOWS\system32\drivers\jcjynidt.sys
2006-09-24 14:04 -------- d-------- C:\Dokumente und Einstellungen\Ren‚\Anwendungsdaten\AdobeUM
2006-09-24 14:02 60416 --a------ C:\WINDOWS\system32\drivers\dbpptvnl.sys
2006-09-24 13:57 60416 --a------ C:\WINDOWS\system32\drivers\tkcpslpv.sys
2006-09-24 13:52 60416 --a------ C:\WINDOWS\system32\drivers\uttbgyci.sys
2006-09-24 13:51 60416 --a------ C:\WINDOWS\system32\drivers\tmraqlfx.sys
2006-09-19 17:52 -------- d-------- C:\Programme\Windows Media Player
2006-09-19 17:51 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-08-27 11:55 -------- d-------- C:\Programme\World of Warcraft
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe"
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"Microsoft Works Portfolio"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"C-Media Mixer"="Mixer.exe /startup"
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe"
"nwiz"="nwiz.exe /install"
"Corel Reminder"=""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"hrnkcmlu"="C:\\pjupgjnb.bat"
"kposouyh"="C:\\pleduidp.bat"
"wsggahtf"="C:\\pb^nymju.bat"
"iyausbeg"="C:\\hfgkohli.bat"
"ceucsnbh"="C:\\ccljnnls.bat"
"tonnppko"="C:\\hjjxhlac.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: 06-09-24 14:34:54.78
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
Logfile of HijackThis v1.99.1
Scan saved at 14:35, on 06-09-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Telekom\Eumex 704PC LAN\HNetCtrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Microsoft Office\Office10\msoffice.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\René\Desktop\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [hrnkcmlu] C:\pjupgjnb.bat
O4 - HKLM\..\Run: [kposouyh] C:\pleduidp.bat
O4 - HKLM\..\Run: [wsggahtf] C:\pb^nymju.bat
O4 - HKLM\..\Run: [iyausbeg] C:\hfgkohli.bat
O4 - HKLM\..\Run: [ceucsnbh] C:\ccljnnls.bat
O4 - HKLM\..\Run: [tonnppko] C:\hjjxhlac.bat
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Global Startup: HomeNet Control.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MedionShop - {FB7C19EE-F934-44AC-9AFC-EB60504D3B9E} - http://www.medionshop.de (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.mp3-projekt.de/InstallationsAssistent.ocx
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Übrigens: meine interexplorer-Startseite ist wieder da, folgende Fehlermeldung erscheint jedoch immer noch bei jedem (Neu-)Start als erstes:
"cmd.exe - kein Datenträger
Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR6"
Vorab vielen Dank!