Fake Antispyware ...

#0
03.10.2006, 19:44
...neu hier

Beiträge: 6
#1 Hallo und schnen Abend allerseits

Ein kleines gelbes Dreieck mit Ausrufezeichen in der Leiste - permanent pop-ups mit Meldungen wie: last three pop-ups... oder Caution:risk of network attack usw...die dann eine Internetseite ffnen fr ein Total PC Protection soft (Spyware soldier)
Die paperwall wurde durch eine wall mit einer Reklame fr obiges Produkt ersetzt.

Spybot findet Adware.srv32, smitfraud, usw...lscht verschiedene aber ohne Resultat


Anbei die log von HijackThis, combofix

Vielen Dank fr ihre Hilfe

Logfile of HijackThis v1.99.1
Scan saved at 19:11:34, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sumsw32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Adobe\Photoshop Album Edition Dcouverte\3.0\Apps\apdproxy.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\phonostar\ps_agent.exe
C:\Program Files\phonostar\ps_timer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pt.lu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ckozm.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pt.lu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F8C2FF8-B84B-1234-32EF-FBA2FFCC592C} - C:\WINDOWS\apiid.dll (file missing)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Dcouverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhonostarAgent] C:\Program Files\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Contrleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Program Files\FRITZ!\IWatch.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pt.lu
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBAA1521-63A8-4F28-AFA3-A04ABC9AAFAA}: NameServer = 192.168.120.252,192.168.120.253
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Fichiers communs\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\system32\netox32.exe" /s (file missing)
O23 - Service: Workstation NetLogon Service (O.#´) - Unknown owner - C:\WINDOWS\system32\netqk32.exe (file missing)

Combofix:


Marco A - 06-10-03 19:55:38,09 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\"

((((((((((((((((((((((((((((((( Files Created from 2006-09-03 to 2006-10-03 ))))))))))))))))))))))))))))))))))


2006-10-03 19:52 276,526 --a------ C:\combofix.exe
2006-10-03 19:16 339,257 --a------ C:\CleanUp452.exe
2006-10-02 12:48 32,512 --a------ C:\WINDOWS\system32\dailytoolbar.dll
2006-10-02 12:25 32,768 --a------ C:\WINDOWS\system32\runsrv32.exe
2006-10-02 12:25 32,512 --a------ C:\WINDOWS\system32\runsrv32.dll
2006-10-02 12:21 32,768 --a------ C:\WINDOWS\system32\wstart.dll
2006-10-02 12:21 32,768 --a------ C:\WINDOWS\system32\udpmod.dll
2006-10-02 12:21 32,768 --a------ C:\WINDOWS\system32\a.exe
2006-10-02 12:21 32,768 --a------ C:\WINDOWS\susp.exe
2006-10-02 12:21 32,768 --a------ C:\WINDOWS\BTGrab.dll
2006-10-02 12:21 32,768 --a------ C:\WINDOWS\alxie328.dll
2006-10-02 12:21 32,768 --a------ C:\WINDOWS\alexaie.dll
2006-10-02 12:21 32,512 --a------ C:\WINDOWS\ZServ.dll
2006-10-02 12:21 32,512 --a------ C:\WINDOWS\system32\txfdb32.dll
2006-10-02 12:21 32,512 --a------ C:\WINDOWS\system32\tcpservice2.exe
2006-10-02 12:21 32,512 --a------ C:\WINDOWS\system32\jao.dll
2006-10-02 12:21 32,512 --a------ C:\WINDOWS\system32\alxres.dll
2006-10-02 12:21 32,512 --a------ C:\WINDOWS\Pynix.dll
2006-10-02 12:21 32,512 --a------ C:\WINDOWS\dlmax.dll
2006-10-02 12:21 32,512 --a------ C:\WINDOWS\alxtb1.dll
2006-10-02 12:21 32,256 --a------ C:\WINDOWS\system32\bridge.dll
2006-10-02 12:21 32,000 --a------ C:\WINDOWS\system32\questmod.dll
2006-09-29 07:02 8,704 --a------ C:\WINDOWS\system32\mppacaph.exe
2006-09-29 07:02 40,448 --a------ C:\WINDOWS\system32\sumsw32.exe
2006-09-09 18:34 8,266 --a------ C:\WINDOWS\system32\dbdhbfnx.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-03 19:48 -------- d-------- C:\Documents and Settings\Marco A\Application Data\phonostar-Player
2006-10-03 19:21 -------- d-------- C:\Program Files\CleanUp!
2006-09-25 18:07 16772 --a------ C:\Documents and Settings\Marco A\Application Data\wklnhst.dat
2006-09-17 22:07 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-16 08:18 -------- d-------- C:\Program Files\QuickTime
2006-09-16 08:18 -------- d-------- C:\Program Files\phonostar
2006-09-16 08:14 -------- d-------- C:\Program Files\Messenger
2006-09-16 08:12 -------- d-------- C:\Program Files\iTunes
2006-09-16 08:11 -------- d-------- C:\Program Files\Internet Explorer
2006-09-16 08:11 -------- d-------- C:\Program Files\Google
2006-09-16 08:05 -------- d-------- C:\Program Files\Outlook Express
2006-09-03 16:15 -------- d-------- C:\Program Files\Windows Media Player
2006-09-02 16:25 -------- d-------- C:\Program Files\Hp
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-05 14:34 -------- d-------- C:\Documents and Settings\Marco A\Application Data\Talkback
2006-08-05 14:34 -------- d-------- C:\Documents and Settings\Marco A\Application Data\Mozilla
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PhonostarAgent"="C:\\Program Files\\phonostar\\ps_agent.exe"
"PhonostarTimer"="C:\\Program Files\\phonostar\\ps_timer.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\Srv32 spool service]
"Adware.Srv32"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Dcouverte\\3.0\\Apps\\apdproxy.exe\""
"mmtask"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adware.Srv32"="C:\\WINDOWS\\system32\\runsrv32.exe"
"Transponder"="C:\\WINDOWS\\system32\\susp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\Srv32 spool service]
"Adware.Srv32"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 03/10/2006 19:55:57.87
ComboFix.txt
ComboFix2.txt

Le volume dans le lecteur C s'appelle BOOT
Le numro de srie du volume est 04E9-2E4A

Rpertoire de C:\WINDOWS\system32

03/10/2006 20:03 32768 udpmod.dll
03/10/2006 20:03 32000 questmod.dll
03/10/2006 20:03 32512 jao.dll
03/10/2006 20:03 32256 bridge.dll
03/10/2006 20:03 32768 a.exe
03/10/2006 20:03 32768 runsrv32.exe
03/10/2006 20:03 32512 txfdb32.dll
03/10/2006 20:03 32512 runsrv32.dll
03/10/2006 20:03 32768 wstart.dll
03/10/2006 20:03 32512 tcpservice2.exe
03/10/2006 20:03 32512 dailytoolbar.dll
03/10/2006 20:03 32512 alxres.dll
03/10/2006 18:26 665946 perfh00C.dat
03/10/2006 18:26 150552 perfc00C.dat
03/10/2006 18:26 559584 perfh009.dat
03/10/2006 18:26 120950 perfc009.dat
03/10/2006 18:26 2720 PerfStringBackup.INI
03/10/2006 18:22 1814 ModemLog_AVM RNIS Config Adapte.txt
03/10/2006 18:22 1838 ModemLog_AVM RNIS Modem Analogique (V.32bis).txt
03/10/2006 18:22 1802 ModemLog_AVM RNIS Fax (G3).txt
03/10/2006 18:22 1812 ModemLog_AVM RNIS - RNIS (X.75).txt
03/10/2006 18:22 1814 ModemLog_AVM RNIS Mailbox (X.75).txt
03/10/2006 18:22 1822 ModemLog_AVM RNIS RAS (PPP via RNIS).txt
03/10/2006 18:22 1842 ModemLog_AVM RNIS SoftCompression X.75-V.42bis.txt
03/10/2006 18:22 1832 ModemLog_AVM RNIS Internet (PPP via RNIS).txt
03/10/2006 17:14 12 oiso.bin
03/10/2006 17:14 154 lfd.dat
03/10/2006 17:11 2206 wpa.dbl
29/09/2006 07:02 40448 sumsw32.exe
29/09/2006 07:02 8704 mppacaph.exe
16/09/2006 08:01 2550 Uninstall.ico
16/09/2006 08:01 1406 Help.ico
16/09/2006 08:01 30590 pavas.ico
11/09/2006 19:37 8960936 MRT.exe
09/09/2006 18:34 8266 dbdhbfnx.exe
03/09/2006 16:16 16832 amcompat.tlb
03/09/2006 16:16 23392 nscompat.tlb
21/08/2006 14:26 16896 fltlib.dll
21/08/2006 11:14 23040 fltmc.exe
28/07/2006 13:28 3075072 mshtml.dll
27/07/2006 15:26 679424 inetcomm.dll
25/07/2006 22:41 615936 urlmon.dll
21/07/2006 10:27 72704 hlink.dll
14/07/2006 17:41 332288 netapi32.dll
14/07/2006 17:27 546304 hhctrl.ocx
13/07/2006 15:36 8509952 shell32.dll

Le volume dans le lecteur C s'appelle BOOT
Le numro de srie du volume est 04E9-2E4A

Rpertoire de C:\DOCUME~1\MARCOA~1\LOCALS~1\Temp

03/10/2006 19:50 32768 ~DFD2F0.tmp
03/10/2006 19:48 136 hpotdd000.log
2 fichier(s) 32904 octets
0 Rp(s) 67621048320 octets libres

03/10/2006 20:07 32512 dlmax.dll
03/10/2006 20:07 32512 Pynix.dll
03/10/2006 20:07 32768 BTGrab.dll
03/10/2006 20:07 32512 ZServ.dll
03/10/2006 20:07 32768 susp.exe
03/10/2006 20:07 32512 alxtb1.dll
03/10/2006 20:07 32768 alxie328.dll
03/10/2006 20:07 32768 alexaie.dll
03/10/2006 20:07 3175 yod.htm
03/10/2006 18:23 1608240 WindowsUpdate.log
03/10/2006 18:22 0 0.log
03/10/2006 18:22 3928 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
03/10/2006 18:22 159 wiadebug.log
03/10/2006 18:22 50 wiaservc.log
03/10/2006 18:21 2048 bootstat.dat
03/10/2006 17:18 32532 SchedLgU.Txt
02/10/2006 12:14 230889 setupact.log
02/10/2006 11:55 3397560 ntbtlog.txt
27/09/2006 11:28 202 NeroDigital.ini
27/09/2006 10:03 147482 iis6.log
27/09/2006 10:03 322992 comsetup.log
27/09/2006 10:03 197144 ntdtcsetup.log
27/09/2006 10:03 1374 imsins.log
27/09/2006 10:03 374164 tsoc.log
27/09/2006 10:03 45780 ocmsn.log
27/09/2006 10:03 10588 KB925486.log
27/09/2006 10:03 492251 ocgen.log
27/09/2006 10:03 47802 msgsocm.log
27/09/2006 10:03 954579 FaxSetup.log
27/09/2006 10:03 1021088 setupapi.log
26/09/2006 23:06 54156 QTFont.qfn
26/09/2006 08:10 618 win.ini
25/09/2006 10:50 69636 wmsetup.log
16/09/2006 08:02 32 pavsig.txt
15/09/2006 22:28 296 wmsetup10.log
13/09/2006 23:05 21260 KB920685.log
13/09/2006 23:05 23037 KB920872.log
13/09/2006 23:04 21450 KB919007.log
13/09/2006 23:04 17865 KB922582.log
13/09/2006 23:04 42856 updspapi.log
06/09/2006 13:28 35581 spupdsvc.log
03/09/2006 16:16 18210 wmp11.log
03/09/2006 16:15 4824 avmcoins.log
03/09/2006 16:15 12475 Wudf01000Inst.log
03/09/2006 16:14 22832 WMFDist11.log
27/08/2006 18:31 153625 hpdj3600.his
27/08/2006 18:31 7372 hpdj3600.ini
11/08/2006 21:29 27044 KB920214.log
11/08/2006 21:29 26711 KB921883.log
11/08/2006 21:28 26630 KB922616.log
11/08/2006 21:28 27184 KB921398.log
11/08/2006 21:28 30454 KB918899.log
11/08/2006 21:27 23021 KB920670.log
11/08/2006 21:27 23178 KB917422.log
11/08/2006 21:27 23579 KB920683.log
06/08/2006 18:41 1409 QTFont.for
05/08/2006 14:34 0 nsreg.dat
05/08/2006 14:34 2825 mozver.dat
28/07/2006 21:56 121 GEARInstall.log
15/07/2006 18:21 11854 KB917159.log
15/07/2006 18:21 12363 KB914388.log
15/07/2006 18:21 10346 KB916595.log
Dieser Beitrag wurde am 03.10.2006 um 20:12 Uhr von mariopolo editiert.
Seitenanfang Seitenende
05.10.2006, 01:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\Srv32 spool service

Files to delete:
C:\WINDOWS\system32\udpmod.dll
C:\WINDOWS\system32\questmod.dll
C:\WINDOWS\system32\jao.dll
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\txfdb32.dll
C:\WINDOWS\system32\runsrv32.dll
C:\WINDOWS\system32\wstart.dll
C:\WINDOWS\system32\tcpservice2.exe
C:\WINDOWS\system32\dailytoolbar.dll
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\oiso.bin
C:\WINDOWS\system32\lfd.dat
C:\WINDOWS\system32\sumsw32.exe
C:\WINDOWS\system32\mppacaph.exe
C:\WINDOWS\system32\dbdhbfnx.exe
C:\WINDOWS\dlmax.dll
C:\WINDOWS\Pynix.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\ZServ.dll
C:\WINDOWS\susp.exe
C:\WINDOWS\alxtb1.dll
C:\WINDOWS\alxie328.dll
C:\WINDOWS\alexaie.dll
C:\WINDOWS\yod.htm

Klicke die gruene Ampel
das Script wird nun ausgefhrt, dann wird der PC automatisch neustarten

**
scanne
http://virus-protect.org/artikel/tools/smitfrautfix.html

**
ffne das HijackThis -- Button "scan" -- vor die Malware-Eintrge Hkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

O2 - BHO: (no name) - {0F8C2FF8-B84B-1234-32EF-FBA2FFCC592C} - C:\WINDOWS\apiid.dll (file missing)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)

O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
**
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

**
loesche das backop vom Avenger unter c:\Avenger\backup.zip

**
scanne und poste den report
http://virus-protect.org/a2.html

____________

Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

O.#´

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

Network Security Service

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

Workstation NetLogon Service


in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.


in: "Enter search strings" (reinschreiben oder reinkopieren)

__NS_Service_3

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.



O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\system32\netox32.exe" /s (file missing)
O23 - Service: Workstation NetLogon Service (O.#´) - Unknown owner - C:\WINDOWS\system32\netqk32.exe (file missing)

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.10.2006, 17:06
...neu hier

Themenstarter

Beiträge: 6
#3 Hallo Sabina

Anbei die Scans

Vielen lieben Dank fr deine Mhe

Mariopolo


a-squared Free - Version 2.0

Scan Einstellungen:

Objekte: Speicher, Traces, Cookies, C:\WINDOWS, C:\Program Files
Archiv Scan: An
Heuristik: An
ADS Scan: An

Scan Beginn: 06/10/2006 16:12:56

C:\Documents and Settings\All Users\Menu Dmarrer\Programmes\dealhelper gefunden: Trace.Directory.DealHelper.com
C:\Program Files\dealhelper.com inc gefunden: Trace.Directory.DealHelper.com
C:\Program Files\timesync gefunden: Trace.Directory.DealHelper.com
C:\Documents and Settings\All Users\Menu Dmarrer\Programmes\dealhelper\uninstall dealhelper.lnk gefunden: Trace.File.DealHelper.com
C:\Program Files\dealhelper.com inc\dealhelper\setup.exe gefunden: Trace.File.DealHelper.com
C:\Program Files\dealhelper.com inc\dealhelper\setup.ini gefunden: Trace.File.DealHelper.com
C:\Program Files\timesync\_setupx.dll gefunden: Trace.File.DealHelper.com
C:\Program Files\timesync\setup.exe gefunden: Trace.File.DealHelper.com
C:\Program Files\timesync\setup.ini gefunden: Trace.File.DealHelper.com
C:\WINDOWS\dhdom.bin gefunden: Trace.File.DealHelper.com
C:\WINDOWS\dhdomp.bin gefunden: Trace.File.DealHelper.com
C:\WINDOWS\dsearch.bin gefunden: Trace.File.DealHelper.com
C:\WINDOWS\kyf.dat gefunden: Trace.File.Whazit
Key: HKEY_LOCAL_MACHINE\software\180solutions gefunden: Trace.Registry.180Solutions
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\ncase gefunden: Trace.Registry.180Solutions
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00bdo.#*017e*201a*201e*0081*00f5*00d8*00c2*00b4*001e*00e2 gefunden: Trace.Registry.CWS.Feads
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy___ns_service_3 gefunden: Trace.Registry.CWS.Feads
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\__ns_service_3 gefunden: Trace.Registry.CWS.Feads
Key: HKEY_CLASSES_ROOT\appid\{a1f53f1d-fb2d-4fe0-8ee8-7bbe69999d9f} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\appid\{a57afb0f-c63e-4ae2-8a7b-bca01ba32cc5} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\clsid\{54a41ae7-b358-4d41-98bd-bbbffdf5186b} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\clsid\{5e3e1dc0-239a-4067-a4a0-88902c108e58} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\clsid\{6dd8b352-21a7-4c24-ac49-e9b4730c1823} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\clsid\{8b477303-698c-4eed-b9f6-c715842fbe33} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\clsid\{8ee1aaf5-ed6b-4601-b333-cd30ffb8b39d} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\clsid\{b8e910b5-7452-4a29-b121-08e8cf09ec07} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\clsid\{f00586de-a432-4b9f-877d-e29cd87efdd6} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dealhlpr.band.1 gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dealhlpr.band\clsid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dealhlpr.band\curver gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dealhlpr.band gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhbrwsr.browserwindows.1 gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhbrwsr.browserwindows\clsid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhbrwsr.browserwindows\curver gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhbrwsr.browserwindows gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhp.dhevents.1 gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhp.dhevents\clsid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhp.dhevents\curver gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhp.dhevents gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhp.popup.1 gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhp.popup\clsid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhp.popup\curver gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhp.popup gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.cfiledatabase.1 gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.cfiledatabase\clsid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.cfiledatabase\curver gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.cfiledatabase gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.dbhelper.1 gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.dbhelper\clsid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.dbhelper\curver gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.dbhelper gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.even.1 gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.even gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.webdealevents.1 gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\dhsvr.webdealevents gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{06e53101-654c-45eb-bff6-e37e13b5972a} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{1da40091-14b4-4c21-8170-a2ceede90b10} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{3afae37a-56a3-4850-b599-4da9a9104b82} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{3d89a731-9f4a-418f-a997-2d633c7c404c} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{81739076-56b7-42ec-a0aa-692794fded1a} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{a2cdafb4-eb9c-4efc-bcfc-a7aa6745ff7e} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{deba1742-2bec-4b78-a987-5837971193f7} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CLASSES_ROOT\interface\{f3816084-9608-485a-b63b-cad8f931577e} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\appid\{a1f53f1d-fb2d-4fe0-8ee8-7bbe69999d9f} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\appid\{a57afb0f-c63e-4ae2-8a7b-bca01ba32cc5} gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\classes\appid\dhbrwsr.exe --> appid gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\classes\appid\dhsvr.exe --> appid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{54a41ae7-b358-4d41-98bd-bbbffdf5186b} gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\classes\clsid\{54a41ae7-b358-4d41-98bd-bbbffdf5186b} --> appid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{5e3e1dc0-239a-4067-a4a0-88902c108e58} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{6dd8b352-21a7-4c24-ac49-e9b4730c1823} gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\classes\clsid\{6dd8b352-21a7-4c24-ac49-e9b4730c1823} --> appid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{8b477303-698c-4eed-b9f6-c715842fbe33} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{8ee1aaf5-ed6b-4601-b333-cd30ffb8b39d} gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\classes\clsid\{8ee1aaf5-ed6b-4601-b333-cd30ffb8b39d} --> appid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{b8e910b5-7452-4a29-b121-08e8cf09ec07} gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\classes\clsid\{b8e910b5-7452-4a29-b121-08e8cf09ec07} --> appid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{f00586de-a432-4b9f-877d-e29cd87efdd6} gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\classes\clsid\{f00586de-a432-4b9f-877d-e29cd87efdd6} --> appid gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{06e53101-654c-45eb-bff6-e37e13b5972a} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{1da40091-14b4-4c21-8170-a2ceede90b10} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{3afae37a-56a3-4850-b599-4da9a9104b82} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{3d89a731-9f4a-418f-a997-2d633c7c404c} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{81739076-56b7-42ec-a0aa-692794fded1a} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{a2cdafb4-eb9c-4efc-bcfc-a7aa6745ff7e} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{deba1742-2bec-4b78-a987-5837971193f7} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{f3816084-9608-485a-b63b-cad8f931577e} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\typelib\{25ab1639-3f81-45a8-8318-2dafba8b8f3d} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\typelib\{5e19a321-635e-4ba5-8828-a5b6427cc61d} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\typelib\{771262e0-8feb-4e78-b292-b01c4071b9d1} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\classes\typelib\{b82b9ecf-40ae-46f2-b98e-b87cf17f70d0} gefunden: Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{fe4bbea8-1efd-4b8a-bd1b-341ccdbeeaa6} gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> contact gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> displayname gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> displayversion gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> helplink gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> installdate gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> installlocation gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> installsource gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> publisher gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> uninstallstring gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> urlinfoabout gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> urlupdateinfo gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> versionmajor gefunden: Trace.Registry.DealHelper.com
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync --> versionminor gefunden: Trace.Registry.DealHelper.com
Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\spyaxe gefunden: Trace.Registry.SpyAxe

Gescannt

Dateien: 89057
Traces: 76790
Cookies: 5
Prozesse: 45

Gefunden

Dateien: 0
Traces: 110
Cookies: 0
Prozesse: 0
Registry Keys: 0

Scan Ende: 06/10/2006 16:43:24
Scan Zeit: 00:30:28

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.1.0

; Results at 06/10/2006 16:52:51 for strings:
; 'o.#´'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000]
"Service"="O.#´"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O.#´]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O.#´\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000]
"Service"="O.#´"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O.#´]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O.#´\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O.#´\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000]
"Service"="O.#´"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O.#´]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O.#´\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O.#´\Enum]

; End Of The Log...

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.1.0

; Results at 06/10/2006 16:55:52 for strings:
; 'network security service
'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.1.0

; Results at 06/10/2006 17:02:54 for strings:
; '__ns_service_3'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3\0000]
"Service"="__NS_Service_3"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\__NS_Service_3]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\__NS_Service_3\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY___NS_SERVICE_3]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY___NS_SERVICE_3\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY___NS_SERVICE_3\0000]
"Service"="__NS_Service_3"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\__NS_Service_3]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\__NS_Service_3\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\__NS_Service_3\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\__NS_Service_3\Enum]
"0"="Root\\LEGACY___NS_SERVICE_3\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3\0000]
"Service"="__NS_Service_3"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3\Enum]
"0"="Root\\LEGACY___NS_SERVICE_3\\0000"

; End Of The Log...
Seitenanfang Seitenende
06.10.2006, 17:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Avenger

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\180solutions
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{fe4bbea8-1efd-4b8a-bd1b-341ccdbeeaa6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\spyaxe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O.#´
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O.#´
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O.#´ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\__NS_Service_3
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY___NS_SERVICE_3
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\__NS_Service_3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3

Files to delete:
C:\WINDOWS\dhdom.bin
C:\WINDOWS\dhdomp.bin
C:\WINDOWS\dsearch.bin
C:\WINDOWS\kyf.dat

Folders to delete:
C:\Program Files\dealhelper.com
C:\Program Files\timesync
C:\Documents and Settings\All Users\Menu Dmarrer\Programmes\dealhelper
-------

poste den report vom avenger

??
dann sanne noch mal mit a-squared Free, aber bitte alles loeschen lassen !
gefunden - ist ja ganz schoen - aber geloescht viiiel besser !

**
scanne mit smitfraud fix - Option 1 und 2 - poste beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.10.2006, 02:04
...neu hier

Themenstarter

Beiträge: 6
#5 Liebe Sabina...

Nach einem ausgedehntem Bacalhau-essen (Kabeljau auf portugiesische Art) mit mehr oder weniger viel Rotwein und sonstiges mehr...hab ich versucht deine Anleitungen zu befolgen....hoffe, dass ich alles in der richtigen Reihenfolge abgesch(l)ossen habe! Weiterhin bedanke ich mich fr deine immense Geduld und deinen unermdlichen Einsatz.

Mariopolo



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\spyaxe


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gcxhqydn

*******************

Script file located at: \??\C:\WINDOWS\rtiysutc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O.#´ not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O.#´ failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O.#´
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O.#´ not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O.#´ failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O.#´
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_*00BDO.#*017E*201A*201E*0081*00F5*00D8*00C2*00B4*001E*00E2\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O.#´ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O.#´ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O.#´ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\__NS_Service_3 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\__NS_Service_3 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\__NS_Service_3
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY___NS_SERVICE_3 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY___NS_SERVICE_3 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY___NS_SERVICE_3
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\__NS_Service_3 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\__NS_Service_3 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\__NS_Service_3
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3
Status: 0xc0000034



File C:\WINDOWS\dhdom.bin not found!
Deletion of file C:\WINDOWS\dhdom.bin failed!

Could not process line:
C:\WINDOWS\dhdom.bin
Status: 0xc0000034



File C:\WINDOWS\dhdomp.bin not found!
Deletion of file C:\WINDOWS\dhdomp.bin failed!

Could not process line:
C:\WINDOWS\dhdomp.bin
Status: 0xc0000034



File C:\WINDOWS\dsearch.bin not found!
Deletion of file C:\WINDOWS\dsearch.bin failed!

Could not process line:
C:\WINDOWS\dsearch.bin
Status: 0xc0000034



File C:\WINDOWS\kyf.dat not found!
Deletion of file C:\WINDOWS\kyf.dat failed!

Could not process line:
C:\WINDOWS\kyf.dat
Status: 0xc0000034



Folder C:\Program Files\dealhelper.com not found!
Deletion of folder C:\Program Files\dealhelper.com failed!

Could not process line:
C:\Program Files\dealhelper.com
Status: 0xc0000034



Folder C:\Program Files\timesync not found!
Deletion of folder C:\Program Files\timesync failed!

Could not process line:
C:\Program Files\timesync
Status: 0xc0000034



Folder C:\Documents and Settings\All Users\Menu Dmarrer\Programmes\dealhelper not found!
Deletion of folder C:\Documents and Settings\All Users\Menu Dmarrer\Programmes\dealhelper failed!

Could not process line:
C:\Documents and Settings\All Users\Menu Dmarrer\Programmes\dealhelper
Status: 0xc0000034


Warning --- HKLM\Software did not load within MAX_WAIT_ITERATIONS


Registry key HKEY_LOCAL_MACHINE\software\180solutions not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\180solutions failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{fe4bbea8-1efd-4b8a-bd1b-341ccdbeeaa6} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{fe4bbea8-1efd-4b8a-bd1b-341ccdbeeaa6} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\timesync failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

SmitFraudFix v2.105

Rapport fait 1:51:47,95, 07/10/2006
Execut partir de C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix execut en mode normal

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Marco A


C:\Documents and Settings\Marco A\Application Data


Menu Dmarrer


C:\DOCUME~1\MARCOA~1\Favoris


Bureau


C:\Program Files


Cls corrompues


Elments du bureau



Sharedtaskscheduler
!!!Attention, les cls qui suivent ne sont pas forcment infectes!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, les cls qui suivent ne sont pas forcment infectes!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


pe386-msguard-lzx32


Recherche infection wininet.dll


Fin

SmitFraudFix v2.105

Rapport fait 1:52:40,95, 07/10/2006
Execut partir de C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix execut en mode normal

Avant SmitFraudFix
!!!Attention, les cls qui suivent ne sont pas forcment infectes!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Arret des processus


Generic Renos Fix

GenericRenosFix by S!Ri


Suppression des fichiers infects


Suppression Fichiers Temporaires


Nettoyage du registre

Nettoyage termin.

Aprs SmitFraudFix
!!!Attention, les cls qui suivent ne sont pas forcment infectes!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


Fin
Seitenanfang Seitenende
07.10.2006, 18:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 a-squared Free - noch mal scannen, aber alles loeschen lassen, dann poste den neuen report von a-squared Free

12.) Nach dem Scan muss man "Markierte Malware entfernen" (anhaken, was entfernt werden soll)
13.) Klicke --> Beenden

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.10.2006, 15:05
...neu hier

Themenstarter

Beiträge: 6
#7 Hallo...

Hoffe, dass ich jetzt alles richtig gemacht habe. Hier der Report.
Nochmals grossen Dank

a-squared Free - Version 2.0

Scan Einstellungen:

Objekte: Speicher, Traces, Cookies, C:\WINDOWS, C:\Program Files
Archiv Scan: An
Heuristik: An
ADS Scan: An

Scan Beginn: 13/10/2006 14:15:42

Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00bdo.#*
017e*201a*201e*0081*00f5*00d8*00c2*00b4*001e*00e2 gefunden: Trace.Registry.CWS.Feads
Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{fe4bbea8-1efd-4b8a-bd1b-341ccdbeeaa6} gefunden: Trace.Registry.DealHelper.com

Gescannt

Dateien: 89046
Traces: 78425
Cookies: 31
Prozesse: 46

Gefunden

Dateien: 0
Traces: 2
Cookies: 0
Prozesse: 0
Registry Keys: 0

Scan Ende: 13/10/2006 14:46:43
Scan Zeit: 00:31:01

Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\
distribution units\{fe4bbea8-1efd-4b8a-bd1b-341ccdbeeaa6} Gelscht Trace.Registry.DealHelper.com
Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*00bdo.
#*017e*201a*201e*0081*00f5*00d8*00c2*00b4*001e*00e2 Gelscht Trace.Registry.CWS.Feads

Gelscht

Dateien: 0
Traces: 2
Cookies: 0
Seitenanfang Seitenende
13.10.2006, 16:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 lade, scanne Counterspy, nach dem scan stelle alles, was gefunden wird auf "remove" und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.10.2006, 19:07
...neu hier

Themenstarter

Beiträge: 6
#9 Hallo

Anbei der report

Vielen Dank fr die Hilfe


Spyware Scan Details
Start Date: 18/10/2006 18:31:55
End Date: 18/10/2006 18:58:09
Total Time: 26 mins 14 secs

Detected spyware

DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e9b951e-6f72-431b-82cf-4a9fbf2f53bc}
Seitenanfang Seitenende
18.10.2006, 19:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 nun muesste wieder alles o.k. sein ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: