Problem mit Tr/vundo.gen |
||
|---|---|---|
| #0
| ||
|
25.09.2006, 14:00
Ehrenmitglied
 Beiträge: 29434 |
||
 
|
|
|
|
25.09.2006, 14:41
Member
Themenstarter Beiträge: 25 |
#17
Ich weiß nicht ob das gut oder schlecht ist, ich kann nur im
Verzeichnisdienstwiederherstellungsmodus arbeiten. Im Normalmodus hängt er sich auf sobald ich den Explorer öffne. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\capvcxnj ******************* Script file located at: \??\C:\WINDOWS\pjwaadxe.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\ulfiiwqi.dll not found! Deletion of file C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\ulfiiwqi.dll failed! Could not process line: C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\ulfiiwqi.dll Status: 0xc0000034 File C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\yhywywka.dll not found! Deletion of file C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\yhywywka.dll failed! Could not process line: C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\yhywywka.dll Status: 0xc0000034 File C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\dfmtlvyu.dll not found! Deletion of file C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\dfmtlvyu.dll failed! Could not process line: C:\Dokumente und Einstellungen\asus\Lokale Einstellungen\Temp\dfmtlvyu.dll Status: 0xc0000034 File C:\nlvwhypl.bat not found! Deletion of file C:\nlvwhypl.bat failed! Could not process line: C:\nlvwhypl.bat Status: 0xc0000034 File C:\bdcmkjpu.bat not found! Deletion of file C:\bdcmkjpu.bat failed! Could not process line: C:\bdcmkjpu.bat SmitFraudFix v2.99 Scan done at 14:14:55,32, 25.09.2006 Run from C:\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
|
|
25.09.2006, 15:12
Ehrenmitglied
Beiträge: 29434 |
#18
scanne, dann suche den scanreport (eventuell findest du ihn in der Quarantaene )und poste ihn hier
http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 22:34
Member
Themenstarter Beiträge: 25 |
#19
SUPERAntiSpyware Scan Log
Generated 09/25/2006 at 10:28 PM Core Rules Database Version : 2847 Trace Rules Database Version: 1028 Memory Thread detected : 0 Registry Thread detected : 3 File Thread detected : 16 Adware.TV Media HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks#{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} Adware.Tracking Cookie C:\Dokumente und Einstellungen\asus\Cookies\asus@www.zanox-affiliate[1].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@burstnet[2].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@paycounter[2].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@adbrite[2].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@as1.falkag[1].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@msnportal.112.2o7[1].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@ad.yieldmanager[2].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@serving-sys[1].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@www.burstnet[2].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@st[13].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@cs.sexcounter[2].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@smileycentral[1].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@data3.perf.overture[2].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@banner.nonstoppartner[1].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@xxxcounter[1].txt C:\Dokumente und Einstellungen\asus\Cookies\asus@tribalfusion[1].txt Adware.180solutions/ZangoSearch HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472} Adware.IEPlugin HKCR\Remove |
|
|
|
|
|
|
25.09.2006, 23:12
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
26.09.2006, 12:00
Member
Themenstarter Beiträge: 25 |
#21
Logfile of HijackThis v1.99.1
Scan saved at 12:02:41, on 26.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\Internet Explorer\iexplore.exe c:\dokume~1\asus\lokale~1\temp\temporäres verzeichnis 4 für hijackthis.zip\hijackthis.exe c:\dokume~1\asus\lokale~1\temp\temporäres verzeichnis 5 für hijackthis.zip\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {107FABE1-59EB-431A-B2F0-01287ECAA3FC} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - c:\PROGRA~1\ashampoo\ASHAMP~1\PopUp.dll O2 - BHO: JavaHelperware Class - {4F00C718-FFCA-4748-902B-45E14C4EBAFD} - C:\WINDOWS\system32\ObjHelpr32.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [CieTest] C:\Programme\UNI\UNI_r.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programme\Anti-Blaxx 1.18\Anti-Blaxx.exe O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [vyiduwjr] C:\nckovgdu.bat O4 - HKLM\..\Run: [!ewido] "c:\programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] c:\programme\ashampoo\ashampoo winoptimizer platinum suite 2\PopUpKiller.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] c:\programme\superantispyware\superantispyware.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - C:\Programme\SchnapperPro\SchnapperPro.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.erotiklounge24.com/chats/lobby/index.html O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Programme\ProENGINEER Special Edition\i486_nt\obj\pvx_install.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/de/win/QuickTimeInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.map4you.at/Mapguide/mgaxctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139860372234 O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O20 - Winlogon Notify: SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe |
|
|
|
|
|
|
26.09.2006, 12:19
Ehrenmitglied
Beiträge: 29434 |
#22
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" ( reinkopieren) {4F00C718-FFCA-4748-902B-45E14C4EBAFD} {107FABE1-59EB-431A-B2F0-01287ECAA3FC} ObjHelpr32 in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. ------------------------------------------ öffne das HijackThis -- Button "scan" -- vor Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {107FABE1-59EB-431A-B2F0-01287ECAA3FC} - C:\WINDOWS\system32\pmnlm.dll (file missing)PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.09.2006, 12:31
Member
Themenstarter Beiträge: 25 |
#23
REGEDIT4 erst mal, der Rest kommt nach neustart
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 26.09.2006 12:31:45 for strings: ; '{4f00c718-ffca-4748-902b-45e14c4ebafd} {107fabe1-59eb-431a-b2f0-01287ecaa3fc} objhelpr32' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... und der neue Hijack Logfile of HijackThis v1.99.1 Scan saved at 12:41:46, on 26.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.exe C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Programme\Internet Explorer\iexplore.exe c:\dokume~1\asus\lokale~1\temp\temporäres verzeichnis 7 für hijackthis.zip\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - c:\PROGRA~1\ashampoo\ASHAMP~1\PopUp.dll O2 - BHO: JavaHelperware Class - {4F00C718-FFCA-4748-902B-45E14C4EBAFD} - C:\WINDOWS\system32\ObjHelpr32.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programme\Anti-Blaxx 1.18\Anti-Blaxx.exe O4 - HKLM\..\Run: [ViewMgr] C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!ewido] "c:\programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] c:\programme\ashampoo\ashampoo winoptimizer platinum suite 2\PopUpKiller.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] c:\programme\superantispyware\superantispyware.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - C:\Programme\SchnapperPro\SchnapperPro.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.erotiklounge24.com/chats/lobby/index.html O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Programme\ProENGINEER Special Edition\i486_nt\obj\pvx_install.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/de/win/QuickTimeInstaller.exe O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.map4you.at/Mapguide/mgaxctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139860372234 O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O20 - Winlogon Notify: SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Dieser Beitrag wurde am 26.09.2006 um 12:41 Uhr von fleckenzwerg editiert.
|
|
|
|
|
|
|
26.09.2006, 14:17
Ehrenmitglied
Beiträge: 29434 |
#24
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\ObjHelpr32.dll poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.09.2006, 14:30
Member
Themenstarter Beiträge: 25 |
#25
VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.
Select file : DistributeSSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu: News Hot news in the virus/antivirus sector. Estadisticas Statistics of VirusTotal procesing. Virustotal More info about Virustotal. STATUS: QUEUEDYour file "ObjHelpr32.dll" is queued in position: 41. Estimated start time is between 9 and 13 minutes. Antivirus Version Update Result Aditional Information VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com |
|
|
|
|
|
|
26.09.2006, 14:32
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
26.09.2006, 15:05
Member
Themenstarter Beiträge: 25 |
#27
VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.
Select file : DistributeSSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu: News Hot news in the virus/antivirus sector. Estadisticas Statistics of VirusTotal procesing. Virustotal More info about Virustotal. STATUS: FINISHEDComplete scanning result of "ObjHelpr32.dll", received in VirusTotal at 09.26.2006, 14:42:06 (CET). Antivirus Version Update Result AntiVir 7.2.0.18 09.26.2006 no virus found Authentium 4.93.8 09.25.2006 no virus found Avast 4.7.892.0 09.26.2006 Win32:Small-TB AVG 386 09.25.2006 no virus found BitDefender 7.2 09.26.2006 no virus found CAT-QuickHeal 8.00 09.25.2006 no virus found ClamAV devel-20060426 09.26.2006 no virus found DrWeb 4.33 09.26.2006 no virus found eTrust-InoculateIT 23.73.5 09.26.2006 no virus found eTrust-Vet 30.3.3102 09.26.2006 no virus found Ewido 4.0 09.26.2006 no virus found Fortinet 2.82.0.0 09.26.2006 no virus found F-Prot 3.16f 09.25.2006 no virus found F-Prot4 4.2.1.29 09.25.2006 no virus found Ikarus 0.2.65.0 09.26.2006 no virus found Kaspersky 4.0.2.24 09.26.2006 no virus found McAfee 4859 09.25.2006 no virus found Microsoft 1.1603 09.26.2006 no virus found NOD32v2 1.1776 09.26.2006 no virus found Norman 5.90.23 09.26.2006 no virus found Panda 9.0.0.4 09.25.2006 Suspicious file Sophos 4.10.0 09.26.2006 no virus found Symantec 8.0 09.26.2006 no virus found TheHacker 6.0.1.081 09.26.2006 no virus found UNA 1.83 09.25.2006 no virus found VBA32 3.11.1 09.25.2006 suspected of Trojan-Spy.Banker.21 VirusBuster 4.3.7:9 09.25.2006 no virus found Aditional Information File size: 323584 bytes MD5: 4773c9d0cd4d5c1ed5cc1a57f0e77882 SHA1: 8011e3febc10b9cc45eae5a67c34d8763488c637 VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com |
|
|
|
|
|
|
26.09.2006, 15:28
Ehrenmitglied
Beiträge: 29434 |
#28
Avenger
Zitat registry keys to delete:poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.09.2006, 16:12
Member
Themenstarter Beiträge: 25 |
#29
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CLASSES_ROOT\CLSID\{4F00C718-FFCA-4748-902B-45E14C4EBAFD} ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ldepuqot ******************* Script file located at: \??\C:\l^tvqbth.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\ObjHelpr32.txt deleted successfully. File C:\WINDOWS\system32\ObjHelpr32.dll deleted successfully. Could not open file D:\WINDOWS\system32\ObjHelpr32.dll for deletion Deletion of file D:\WINDOWS\system32\ObjHelpr32.dll failed! Could not process line: D:\WINDOWS\system32\ObjHelpr32.dll Status: 0xc000003a Could not open file D:\WINDOWS\system32\ObjHelpr32.txt for deletion Deletion of file D:\WINDOWS\system32\ObjHelpr32.txt failed! Could not process line: D:\WINDOWS\system32\ObjHelpr32.txt Status: 0xc000003a Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F00C718-FFCA-4748-902B-45E14C4EBAFD} deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F00C718-FFCA-4748-902B-45E14C4EBAFD} deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
26.09.2006, 16:23
Ehrenmitglied
Beiträge: 29434 |
#30
loeche manuell auf d:\
D:\WINDOWS\system32\ObjHelpr32.dll D:\WINDOWS\system32\ObjHelpr32.txt dann schau, ob es auch auf c:\ geloescht ist und poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Zitat
**scanne (option 1 und 2 - und poste den report)
http://virus-protect.org/artikel/tools/smitfrautfix.html
Hinweis: der Desktop-Hintergrund wird MS-blau werden)
__________
MfG Sabina
rund um die PC-Sicherheit