Unterstützung zur Beseitigung von Spyquake benötigt!

Thema ist geschlossen!
Thema ist geschlossen!
#0
23.09.2006, 15:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 ich habe auch editiert, mache alles noch mal neu
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.09.2006, 15:48
Member

Themenstarter

Beiträge: 17
#17 Sabina in den TCP/IP einstellungen ist angeklickt IP und DNS automatisch beziehen oder suche ich am falschen ort?


fürs hijack

O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Programme\X Password Manager\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [oeuai] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\tofareraci\systvmrs.exe
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll

nicht mehr vorhanden jedenfalls eben nciht aber ich mach deinen edit jetzt!
Dieser Beitrag wurde am 23.09.2006 um 15:53 Uhr von Rene09 editiert.
Seitenanfang Seitenende
23.09.2006, 15:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18

Zitat

TCP/IP einstellungen ist angeklickt IP und DNS automatisch beziehen
ja, das ist korrekt so, wenn du dann das neue Log vom HijackThis postest, sehe ich, ob die falsche Verbindung raus ist.

poste auch das log vom avenger, nach dem neustart
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.09.2006, 16:06
Member

Themenstarter

Beiträge: 17
#19 Virenscanner läuft hat auch shcon was gefunden hoffe er kanns auch beheben ;)

hijacklog kommt gleich, avanger auch!
Seitenanfang Seitenende
23.09.2006, 16:07
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 o.k. poste dann alles, also HijackThis-Log, Avenger-Log nach der Anwendung, und den report vom Virenscanner
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.09.2006, 16:46
Member

Themenstarter

Beiträge: 17
#21 is gleich fertig sabina

er hängt bei

Processing...
(68 / 70)

Currently cleaning:
Adware.WeirWeb

Action:
Disinfect & Submit

;) nochmal durchlaufen lassen?





hier mal alle 3 logs




Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yhurmpqi

*******************

Script file located at: \??\C:\apmbqfiv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Programme\Internet Explorer\winbrume.dat not found!
Deletion of file C:\Programme\Internet Explorer\winbrume.dat failed!

Could not process line:
C:\Programme\Internet Explorer\winbrume.dat
Status: 0xc0000034



File C:\WINDOWS\system32\dmxlg.exe not found!
Deletion of file C:\WINDOWS\system32\dmxlg.exe failed!

Could not process line:
C:\WINDOWS\system32\dmxlg.exe
Status: 0xc0000034



File C:\WINDOWS\system32\stera.job not found!
Deletion of file C:\WINDOWS\system32\stera.job failed!

Could not process line:
C:\WINDOWS\system32\stera.job
Status: 0xc0000034



File C:\WINDOWS\system32\stera.log not found!
Deletion of file C:\WINDOWS\system32\stera.log failed!

Could not process line:
C:\WINDOWS\system32\stera.log
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\vspf5.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\vspf5.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\vspf5.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\vspf_hk5.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\vspf_hk5.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\vspf_hk5.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\fopn.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\fopn.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\fopn.sys
Status: 0xc0000034



File C:\WINDOWS\system32\av.cpl not found!
Deletion of file C:\WINDOWS\system32\av.cpl failed!

Could not process line:
C:\WINDOWS\system32\av.cpl
Status: 0xc0000034



Folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 not found!
Deletion of folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
Status: 0xc0000034



Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware not found!
Deletion of folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware failed!

Could not process line:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware
Status: 0xc0000034



Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 not found!
Deletion of folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 failed!

Could not process line:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnSpyPC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UnSpyPC failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpyQuake2.com not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpyQuake2.com failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Error Safe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Error Safe failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\dmxlg.exe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\dmxlg.exe failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\X Password Manager deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee2975b6-e8d5-405e-8448-8fe9590f6cfb} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2595f37-48d0-46a1-9b51-478591a97764} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.





Scanning Report
Saturday, September 23, 2006 16:05:36 - 16:55:06
Computer name: PRIVAT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 70 malware found
Adware.WeirWeb (spyware)
System (Submitted)
Backdoor.Win32.Hupigon.bxb (virus)
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC943\SPYHUNTERS[1].EXE (Renamed & Submitted)
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC928\FREE-SPYWARE-SCANNER-INSTALL[1].EXE (Renamed & Submitted)
Constructor.Perl.Msdds.b (virus)
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC940\NEW[1].HTM (Renamed & Submitted)
Exploit.JS.CVE-2005-1790.j (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\30D90774.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\30F35758.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4D4174B8.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\5B6445F1.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7DA37575.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7DAD736A.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7E056109.HTM (Renamed & Submitted)
Exploit.JS.CVE-2005-1790.u (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\2ECF31FD.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\2ED25BF9.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B2C58C5.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B2F02C1.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B4628A8.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4D6F09FB.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\5AF139B5.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\6E7B4BBE.HTM (Renamed & Submitted)
Exploit.JS.CVE-2006-1359.b (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0BDB682A.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\28C43E66.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\28E80C3F.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\3D905C0B.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\42CD0597.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\54827E35.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\58D67A50.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\6FBD00D5.HTM (Renamed & Submitted)
Exploit.JS.CVE-2006-1359.r (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\14196C7C.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\51EA1157.HTM (Renamed & Submitted)
Exploit.VBS.Phel.i (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\2B17115C.HTM (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\2B17115C.HTML (Renamed & Submitted)
Spyagent (spyware)
System
Tracking Cookie (spyware)
System (Disinfected)
System
System
Trojan-Clicker.HTML.IFrame.g (virus)
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC943\INDEX[8].HTM (Renamed & Submitted)
Trojan-Clicker.Win32.Small.kg (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\16F32C4F.EXE (Renamed & Submitted)
Trojan-Downloader.JS.Agent.ab (virus)
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC930\MOVIEDAILY4.PORNZONEHOST[1].HTM (Renamed & Submitted)
Trojan-Downloader.JS.Small.cr (virus)
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC937\IE0606[1].HTM (Renamed & Submitted)
Trojan-Downloader.Win32.Agent.alr (virus)
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC947\ERRORSAFESCANNERINSTALL_DE[1].EXE (Renamed)
Trojan-Downloader.Win32.Agent.uj (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34626E05.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Mediket.ce (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\116A2185 (Renamed & Submitted)
Trojan.Win32.DNSChanger.ah (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4BE31936 (Renamed & Submitted)
Trojan.Win32.DNSChanger.dl (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\59D805DB (Renamed & Submitted)
Trojan.Win32.Dialer.on (virus)
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\DC937\AUTO_164N[1].EXE (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0E9425B0 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0E974FAD (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0E9A79A9 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0EA14DA2 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0EA4779E (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\0EA8219B (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\33F7004B (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\33FD5443 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34017E40 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34075239 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\340B7C35 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\3411502E (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34147A2A (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34182427 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\341B4E23 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\3421221C (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34254C18 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\342B2011 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\342E4A0E (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\3432740A (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\34384803 (Renamed & Submitted)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\343C71FF (Renamed & Submitted)
Trojan.Win32.Small.fb (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B6B5EB9.EXE (Renamed & Submitted)
not-virus:Hoax.Win32.Renos.dw (virus)
C:\WINDOWS\SYSTEM32\MZOEUT.DLL (Submitted)
not-virus:Hoax.Win32.Renos.dy (virus)
C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\1C6A690B.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 18528
System: 3274
Not scanned: 9
Actions:
Disinfected: 1
Renamed: 63
Deleted: 0
None: 6
Submitted: 65
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1E8EDD76-7608-4D97-B34E-CC2C76D17DD3}.BIN
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\155547844DE2AA39E0CA5CB2059909EC_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D8A5CDD0D3634C16FE7911E68D3BD56_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C5CEDAC574380A4935C25E1FB347527_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\993919816D15B39468666563A0446D67_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD842C63E733E16F80E79B4D7DFFEC38_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D063DD4F546BB0315967996E8C219E72_D880B566-8522-4DCD-A0A6-F4F2ACAFAC47

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-09-22
F-Secure Libra: 2.4.1, 2006-09-22
F-Secure Orion: 1.2.37, 2006-09-21
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-14
F-Secure Draco: 1.0.35, 2006-09-19
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.






Logfile of HijackThis v1.99.1
Scan saved at 16:56:31, on 23.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140015621125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144775455281
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Dieser Beitrag wurde am 23.09.2006 um 16:54 Uhr von Rene09 editiert.
Seitenanfang Seitenende
23.09.2006, 17:16
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 1.
leere den Papierkorb

2.
scanne und poste den report
http://virus-protect.org/artikel/tools/superantispyware.html

3.
scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.09.2006, 18:16
Member

Themenstarter

Beiträge: 17
#23 SUPERAntiSpyware Scan Log
Generated 09/23/2006 at 05:42 PM

Core Rules Database Version : 3090
Trace Rules Database Version: 1119

Memory Thread detected : 0
Registry Thread detected : 56
File Thread detected : 5

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@msnportal.112.2o7[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\vspf
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start
HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag
HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum#INITSTARTFAILED
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum#INITSTARTFAILED

Adware.MovieLand/MediaPipe
C:\Programme\fsupport\notifier.exe

Dialer.Yes Limited
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc941\close[1].exe

Trojan.ErrorSafe
C:\WINDOWS\system32\ErrorSafeSetup.exe

Trojan.SpyFalcon
C:\WINDOWS\system32\mzoeut.dll










Incident Status Location

Adware:adware/intcodec Not disinfected Windows Registry
Dialer:dialer.min Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Potentially unwanted tool:application/seekmo Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Adware:adware/vog Not disinfected Windows Registry
Potentially unwanted tool:application/mediapipe Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
Adware:adware/sbsoft Not disinfected Windows Registry
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Programme\Common Files\Companion Wizard\WapCHK.dll
Adware:Adware/SpywareQuake Not disinfected C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc1385.tmp
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc947\ERRORSAFESCANNERINSTALL_DE[1].0XE
Potentially unwanted tool:Application/Processor Not disinfected C:\Verseuchungsbehebung\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected E:\SmitfraudFix.zip[SmitfraudFix/Process.exe]



hier nochmal nur die locations vom panda scan:


A Windows Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Windows Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
Windows Registry
C:\Programme\Common Files\Companion Wizard\WapCHK.dll
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc1385.tmp
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500\Dc947\ERRORSAFESCANNERINSTALL_DE[1].0XE
C:\Verseuchungsbehebung\SmitfraudFix.zip[SmitfraudFix/Process.exe]
E:\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Seitenanfang Seitenende
23.09.2006, 18:59
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 1.
leere den Papierkorb

2.
Avenger

Zitat

registry keys to delete:
HKEY_CURRENT_USER\Software\ErrorSafe
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk

Files to delete:
C:\Windows\System32\drivers\erssdd.sys

Folders to delete:
C:\Programme\fsupport
C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500
C:\Programme\Common Files\Companion Wizard
poste den report vom avenger
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.09.2006, 09:12
Member

Themenstarter

Beiträge: 17
#25 //////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CURRENT_USER\Software\ErrorSafe


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59}


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ghrbxikp

*******************

Script file located at: \??\C:\WINDOWS\system32\scsualls.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk
Status: 0xc0000034



File C:\Windows\System32\drivers\erssdd.sys not found!
Deletion of file C:\Windows\System32\drivers\erssdd.sys failed!

Could not process line:
C:\Windows\System32\drivers\erssdd.sys
Status: 0xc0000034

Folder C:\Programme\fsupport deleted successfully.
Folder C:\RECYCLER\S-1-5-21-515967899-152049171-839522115-500 deleted successfully.
Folder C:\Programme\Common Files\Companion Wizard deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
25.09.2006, 09:54
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 gehe in die Registry
Start - Ausfuehren - regedit

bearbeiten - suchen
{DB893839-10F0-4AF9-92FA-B23528F530AF}
{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
{B3E19860-0CD5-4991-A066-4FCA2704DE59}

loesche diese Eintraege

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3E19860-0CD5-4991-A066-4FCA2704DE59}

««
PC neustarten

««
loesche das backup vom Avenger unter c:\ Avenger\backup.zip

««
scanne noch mal mit panda

««
poste das neue Log vom HijackTHis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.09.2006, 15:49
Member

Themenstarter

Beiträge: 17
#27 Incident Status Location

Adware:adware/intcodec Not disinfected Windows Registry
Adware:adware/vog Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Verseuchungsbehebung\SmitfraudFix.zip[SmitfraudFix/Process.exe]



Logfile of HijackThis v1.99.1
Scan saved at 15:50:36, on 25.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
C:\Programme\Messenger\msmsgs.exe
C:\DOKUME~1\Besitzer\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CompanionWizard] "C:\Programme\Common Files\Companion Wizard\compwiz.exe" /silent
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - Global Startup: Sinus 154 stick WLAN Manager.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140015621125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144775455281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O20 - Winlogon Notify: SASWinLogon - C:\Verseuchungsbehebung\SASW\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Seitenanfang Seitenende
25.09.2006, 15:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#28 Rene09

««
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen

PC neustarten

an die anderen Registry-Eintraege komme ich nicht ran, mit denen musst du leben....

««
wende an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner
http://virus-protect.org/reinigungstoolsregistry.html

dann sollte alles wieder mehr oder weniger in Ordnung sein ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.09.2006, 16:49
Member

Themenstarter

Beiträge: 17
#29 Gut ok ;)

Ich danke dir recht herzlich! Um deine Arbeit zu belohnen werde ich dir nach Erhalt des Rechunngsbetrages einen Teil davon zukommen lassen! Bist du mit 25€ einverstanden?

Frage nebenbei wo lernt man das was du hier machst? Welchen Beruf übst du aus bzw hast du mal gelernt?

mfg René
Seitenanfang Seitenende
25.09.2006, 17:42
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#30 ich bin Mod bei Protecus, aber beruflich nicht im IT-Bereich taetig.
was die andere Frage betrifft: klar, einverstanden und freu ;)

------

fixe noch (ich hatte es uebersehen)

O4 - HKLM\..\Run: [CompanionWizard] "C:\Programme\Common Files\Companion Wizard\compwiz.exe" /silent

**
dann installiere
http://virus-protect.org/artikel/tools/sandboxie.html
und erklaere dem PC-Besitzer, dass er immer nur ueber die Sandboxie surfen soll
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: