Pop UP: Security Alert: Spyware found |
||
---|---|---|
#0
| ||
06.10.2006, 15:08
...neu hier
Beiträge: 5 |
||
|
||
06.10.2006, 15:34
Ehrenmitglied
Beiträge: 29434 |
#2
ebolasebo
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT4_____________________________________________________ 1. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint ** scanne mit smitfraudfix (Option 1 und 2) http://virus-protect.org/artikel/tools/smitfrautfix.html poste hier beide scanreporte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.10.2006, 15:55
...neu hier
Themenstarter Beiträge: 5 |
#3
du scheinst ja hier der gelbe Engel zu sein :-) DANKE
ok und hier der erste scanreport: SmitFraudFix v2.105 Scan done at 15:58:20,09, 06.10.2006 Run from C:\Dokumente und Einstellungen\Sebo\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Sebo »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Sebo\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\SEBO\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Dieser Beitrag wurde am 06.10.2006 um 16:01 Uhr von ebolasebo editiert.
|
|
|
||
06.10.2006, 15:56
Ehrenmitglied
Beiträge: 29434 |
#4
««
scanne mit smitfraudfix (Option 1 und 2) http://virus-protect.org/artikel/tools/smitfrautfix.html poste hier beide scanreporte «« scanne, stelle alles auf remove und poste den report http://virus-protect.org/counterspy.html __________________________________________ ps: auf dem rechner ist das hier: http://virus-protect.org/artikel/spyware/antivirusgolden_remove.html http://virus-protect.org/artikel/spyware/softcodec_remove.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.10.2006, 16:13
...neu hier
Themenstarter Beiträge: 5 |
#5
ja ich bekomm diesen softcodec nicht weg.
bin leider nicht so schnell, aber hier der zweite report: SmitFraudFix v2.105 Scan done at 16:06:38,81, 06.10.2006 Run from C:\Dokumente und Einstellungen\Sebo\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ich scan jetzt mal .... |
|
|
||
06.10.2006, 16:15
Ehrenmitglied
Beiträge: 29434 |
#6
Zitat File C:\WINDOWS\system32\msvcp71.dll deleted successfully. scanne mit Counterspy, stelle alles auf remove und poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.10.2006, 16:43
...neu hier
Themenstarter Beiträge: 5 |
#7
Ich glaub Du hast es hinbekommen - Juhu. Ich würde Dir glatt um den Hals fallen, wenn Du hier wärst.
Hier der Report: Spyware Scan Details Start Date: 06.10.2006 16:21:03 End Date: 06.10.2006 16:37:44 Total Time: 16 mins 41 secs Detected spyware Everest Poker Potentially Unwanted Program more information... Status: Deleted Infected files detected c:\programme\everest poker\init.ini c:\programme\everest poker\cstart.exe c:\programme\everest poker\log.dat c:\programme\everest poker\everest poker.exe c:\programme\everest poker\udhglstl.tmp c:\programme\everest poker\settings.ini c:\programme\everest poker\casino.exe c:\programme\everest poker\commlib.dll c:\programme\everest poker\gvbase.dll c:\programme\everest poker\gvcrt.dll c:\programme\everest poker\gvgfx.dll c:\programme\everest poker\gvmain.dll c:\programme\everest poker\gvmain.exe c:\programme\everest poker\gvnetwork.dll c:\programme\everest poker\gvsound.dll c:\programme\everest poker\mp-lobby.dll c:\programme\everest poker\mp-poker.dll c:\programme\everest poker\toc_de.ini c:\programme\everest poker\data\startup\shared\bitmaps\splash_poker.art c:\programme\everest poker\data\startup\shared\icons\ep.ico c:\programme\everest poker\data\startup\shared\paths.txt c:\programme\everest poker\data\startup\shared\settings_paths.txt c:\programme\everest poker\data\startup\shared\sounds\alert.ogg c:\programme\everest poker\data\startup\de\startup_strings.txt c:\programme\everest poker\data\startup\en\startup_strings.txt c:\programme\everest poker\data\shared\shared\fonts.txt c:\programme\everest poker\data\shared\shared\paths.txt c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_100.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_1000.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_10000.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_25.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_2500.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_500.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_al.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_100.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_1000.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_10000.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_25.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_2500.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_500.art c:\programme\everest poker\data\shared\shared\bitmaps\check.art c:\programme\everest poker\data\shared\shared\bitmaps\chips.art c:\programme\everest poker\data\shared\shared\bitmaps\cursor100.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor1000.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor10000.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor10000_fun.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor1000_fun.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor100_fun.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor25.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor2500.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor2500_fun.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor25_fun.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor500.cur c:\programme\everest poker\data\shared\shared\bitmaps\cursor500_fun.cur c:\programme\everest poker\data\shared\shared\bitmaps\fun_chips.art c:\programme\everest poker\data\shared\shared\bitmaps\btn_scroll.gvt c:\programme\everest poker\data\shared\shared\sounds\button.ogg c:\programme\everest poker\data\shared\shared\sounds\chipclick.ogg c:\programme\everest poker\data\shared\shared\sounds\carddeal.ogg c:\programme\everest poker\data\shared\shared\sounds\cardflip.ogg c:\programme\everest poker\data\shared\de\ordinal.txt c:\programme\everest poker\data\shared\de\country.txt c:\programme\everest poker\data\shared\de\language.txt c:\programme\everest poker\data\casino\de.gvt c:\programme\everest poker\data\casino\shared.gvt c:\programme\everest poker\data\cpanel\de.gvt c:\programme\everest poker\data\cpanel\shared.gvt c:\programme\everest poker\data\mp-lobby\de\bitmaps.gvt c:\programme\everest poker\data\mp-lobby\de\mp-history_strings.txt c:\programme\everest poker\data\mp-lobby\de\mp-lobby_strings.txt c:\programme\everest poker\data\mp-lobby\de\mp-style.gvm c:\programme\everest poker\data\mp-lobby\shared.gvt c:\programme\everest poker\data\mp-poker\de\bitmaps.gvt c:\programme\everest poker\data\mp-poker\de\mp-chat-options.gvm c:\programme\everest poker\data\mp-poker\de\mp-poker_strings.txt c:\programme\everest poker\data\mp-poker\de\mp-poker_tutorial.txt c:\programme\everest poker\data\mp-poker\shared.gvt c:\programme\everest poker\var\font-cache.txt c:\programme\everest poker\history\5.txt c:\programme\everest poker\history\6.txt c:\programme\everest poker\history\8.txt c:\programme\everest poker\history\10.txt c:\programme\everest poker\history\15.txt c:\programme\everest poker\history\16.txt c:\programme\everest poker\history\17.txt c:\programme\everest poker\history\21.txt c:\programme\everest poker\history\22.txt c:\programme\everest poker\history\23.txt c:\programme\everest poker\history\26.txt c:\programme\everest poker\history\28.txt c:\programme\everest poker\history\31.txt c:\programme\everest poker\history\32.txt c:\programme\everest poker\history\34.txt c:\programme\everest poker\history\35.txt c:\programme\everest poker\history\38.txt c:\programme\everest poker\history\39.txt c:\programme\everest poker\history\42.txt c:\programme\everest poker\history\44.txt c:\programme\everest poker\history\45.txt c:\programme\everest poker\history\46.txt c:\programme\everest poker\history\48.txt c:\programme\everest poker\history\53.txt c:\programme\everest poker\history\54.txt c:\programme\everest poker\history\56.txt c:\programme\everest poker\history\57.txt c:\programme\everest poker\history\58.txt c:\programme\everest poker\history\59.txt c:\programme\everest poker\history\60.txt c:\programme\everest poker\history\61.txt c:\programme\everest poker\history\62.txt c:\programme\everest poker\history\63.txt c:\programme\everest poker\history\64.txt c:\programme\everest poker\history\65.txt c:\programme\everest poker\history\66.txt c:\programme\everest poker\history\67.txt c:\programme\everest poker\history\68.txt c:\programme\everest poker\history\69.txt c:\programme\everest poker\history\71.txt c:\programme\everest poker\history\75.txt c:\programme\everest poker\history\76.txt c:\programme\everest poker\history\77.txt c:\programme\everest poker\history\79.txt c:\programme\everest poker\history\80.txt c:\programme\everest poker\history\81.txt c:\programme\everest poker\history\83.txt c:\programme\everest poker\history\87.txt c:\programme\everest poker\history\88.txt c:\programme\everest poker\history\89.txt c:\programme\everest poker\history\96.txt c:\programme\everest poker\history\97.txt c:\programme\everest poker\history\99.txt c:\programme\everest poker\history\110.txt c:\programme\everest poker\history\113.txt c:\programme\everest poker\history\116.txt c:\programme\everest poker\history\121.txt c:\programme\everest poker\history\124.txt c:\programme\everest poker\history\126.txt c:\programme\everest poker\history\127.txt c:\programme\everest poker\history\130.txt c:\programme\everest poker\history\132.txt c:\windows\gvcasinos.ini Trojan-Downloader.BAT.Ftp.ab Trojan Downloader more information... Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Sebo\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe eDonkey2000 P2P Program more information... Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1 HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5} HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object Warez P2P P2P Program more information... Details: Warez P2P is a file sharing program that allows the user to participate in online file sharing networks. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Warez HKEY_CURRENT_USER\Software\Warez\BTLib Refresh Timeout 1000 HKEY_CURRENT_USER\Software\Warez\BTLib Upload Ratio HKEY_CURRENT_USER\Software\Warez\BTLib Download Ratio HKEY_CURRENT_USER\Software\Warez\BTLib Use Proxy 0 HKEY_CURRENT_USER\Software\Warez\BTLib Proxy Type 0 HKEY_CURRENT_USER\Software\Warez\BTLib Proxy User HKEY_CURRENT_USER\Software\Warez\BTLib Proxy Password HKEY_CURRENT_USER\Software\Warez\BTLib Proxy IP HKEY_CURRENT_USER\Software\Warez\BTLib Proxy Port 0 HKEY_CURRENT_USER\Software\Warez\BTLib Max Connections 500 HKEY_CURRENT_USER\Software\Warez\BTLib Max Download Rate 13631488 HKEY_CURRENT_USER\Software\Warez\BTLib Max Upload Rate 13631488 HKEY_CURRENT_USER\Software\Warez\BTLib Major Version 3 HKEY_CURRENT_USER\Software\Warez\BTLib Minor Version 0 HKEY_CURRENT_USER\Software\Warez\BTLib Download Queue 10 HKEY_CURRENT_USER\Software\Warez\BTLib Upload Queue 10 Cookie: ClickBank Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sebo\cookies\sebo@clickbank[2].txt Cookie: Spyster 1.0.19 Cookies Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sebo\cookies\sebo@dcsg0vt88mp9k5v7k4bomulab_2p3g[1].txt Cookie: ad.yieldmanager Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sebo\cookies\sebo@ad.yieldmanager[1].txt Cookie: Com.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sebo\cookies\sebo@com[1].txt Cookie: SpyLog.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sebo\cookies\sebo@spylog[1].txt Cookie: HotLog.ru Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\sebo\cookies\sebo@hotlog[1].txt Was ich nur komisch finde, ist die Sache mit Edonkey. Das Programm ist schon lange weg und ich habe es auch schon mit einem anderen Registry cleaner rausgeholt und nu taucht es wieder auf? Counterspy scheint ziemlich gut sein - sollte ich drauf lassen - Oder? Ich hab ansonsten noch Antivir, Past Patrol und Registry Repair auf dem Rechner. Kann ich das nun alles ruterwerfen? Echt 10000000000000000000000000000 dank Sebo |
|
|
||
06.10.2006, 16:56
Ehrenmitglied
Beiträge: 29434 |
#8
Counterspy ist nur 14 tage free...dann musst du es kaufen
Ansonsten --- es muesste wieder alles sauber sein . __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.10.2006, 17:04
...neu hier
Themenstarter Beiträge: 5 |
||
|
||
06.10.2006, 17:06
Ehrenmitglied
Beiträge: 29434 |
#10
nichts laden, was nicht koscher ist + gewisse Seiten meiden....
und http://virus-protect.org/artikel/tools/sandboxie.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.01.2007, 13:55
...neu hier
Beiträge: 2 |
#11
Hey, schönen guten Tag.
Ich habe auch ein so schönes Problem wie ebolasebo. Habe "Video ActiveX Object" installiert und seitdem spinnt mein PC. Bei mir erscheint die gleiche Meldung wie bei Sebo, "System Performance Monitor: Warning" blabla und "Critical System Warning!". Außerdem öffnen sich dauernd Werbefenster für "ErrorSafe", "Network Activity Monitor", "DriveCleaner 2006" und andere. Antivir löscht zwar vielerlei Dropper, doch helfen tut das nicht weiter.. Würde mich sehr über hilfe freuen, danke.. Logfile of HijackThis v1.99.1 Scan saved at 13:32:11, on 22.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Video ActiveX Object\pmsngr.exe C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Video ActiveX Object\pmmon.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\TerraTec\CinergyTV\TerraTV App.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Lydia\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Programme\GMX\GMX Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\GEMEIN~1\TerraTec\SCHEDU~1\TTTimer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aidyld.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145886279357 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148548999421 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe Dieser Beitrag wurde am 22.01.2007 um 14:10 Uhr von aidylD editiert.
|
|
|
||
22.01.2007, 14:31
Ehrenmitglied
Beiträge: 29434 |
#12
aidylD
scanne mit smitfraudfix (Option 1 und 2) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.01.2007, 14:37
...neu hier
Beiträge: 2 |
#13
1.
SmitFraudFix v2.133 Scan done at 14:37:21,43, 22.01.2007 Run from C:\Dokumente und Einstellungen\Lydia\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Lydia »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Lydia\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Lydia\FAVORI~1 C:\DOKUME~1\Lydia\FAVORI~1\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme C:\Programme\AntiVerminser\ FOUND ! C:\Programme\Video ActiveX Object\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End 2. (hat bei mir nicht so recht geklappt, kommt mir so vor, denn mit wininet.dll war nix..) SmitFraudFix v2.133 Scan done at 14:43:53,65, 22.01.2007 Run from C:\Dokumente und Einstellungen\Lydia\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOKUME~1\Lydia\FAVORI~1\Online Security Test.url Deleted C:\Programme\AntiVerminser\ Deleted C:\Programme\Video ActiveX Object\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End HEY!! Das komisch Ausrufezeichen in meiner Taskleiste ist weg! War's das etwa schon?!^^ VIELEN VIELEN DANK! (k) Dieser Beitrag wurde am 22.01.2007 um 15:13 Uhr von aidylD editiert.
|
|
|
||
15.11.2007, 18:02
...neu hier
Beiträge: 1 |
#14
versuchs mal mit avg! lade dir die testversion runter, installiere es und lass es mal scannen! wenn das nix hilft, dann wähle oben ANALYSE und BROWSER PLUGINS!
Da müssten dann drei meldungen mit fehler stehen die du löschst und den CPU dann neustartest! Und siehe da die popups sind weg! Hoffe es hat geholfen!! ;-) |
|
|
||
Ich bekomm verschiedene Pop up fenster von Windows:
1.) System Performance Monitor: Warning .......
2.) Security Alert: Spyware found
Your Computer is infected with last version of PSW.x-Vir trojan ...
3.) Critical System Warning ..... infected CyberLog-X .....
Ich werd echt noch wahnsinnig. Habe schon zich Viren programme, wie Antivir, usw. drüberlaufen lassen. Auch andere Programme, wie Pest Patrol, Xoftspy, ..... Nichts passiert. Pest Patrol erkennt immer eins Namens Nuvens. Bekommt es aber nicht weg.
Hier mein Log: ich erkenn leider nichts, aber vielleicht irgendjemand von Euch.
Logfile of HijackThis v1.99.1
Scan saved at 14:49:21, on 06.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\SoftCodec\pmsngr.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\SoftCodec\pmmon.exe
C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe
C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\pestpatrol\ppRemoteService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Sebo\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Programme\GMX\GMX Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programme\Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144618964054
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Programme\Gemeinsame Dateien\pestpatrol\ppRemoteService.exe
danke schon mal im Voraus.
Grüße
Sebo
ICh hab bei ComboFix folgendes bekommen:
Sebo - 06-10-06 15:20:02,34 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\Sebo\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))
2006-10-05 13:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-28 08:44 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-09-08 13:48 78,096 --a------ C:\WINDOWS\system32\GAPI32.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-06 15:11 -------- d-------- C:\Programme\CleanUp!
2006-10-06 13:47 -------- d-------- C:\Programme\AntivirusGolden
2006-10-06 13:31 -------- d-------- C:\Programme\Gemeinsame Dateien\Scanner
2006-10-06 13:31 -------- d-------- C:\Programme\CA
2006-10-06 12:53 -------- d-------- C:\Programme\XoftSpy
2006-10-05 16:42 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-10-05 12:25 -------- d-------- C:\Programme\SoftCodec
2006-10-05 12:08 -------- d-------- C:\Programme\AudioKit
2006-10-05 11:39 -------- d-------- C:\Programme\Super Audio Converter
2006-10-05 00:02 -------- d-------- C:\Programme\Audacity
2006-09-28 08:44 -------- d-------- C:\Programme\RegistrySmart
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Windows Registry Repair Pro"="C:\\Programme\\Registry Repair Pro\\RegistryRepairPro.exe 4"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\CPLBCL53.EXE"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ScheduleSync.Siemens.SmartSync.5.2.exe"="C:\\Programme\\Mobile Phone Manager\\SmartSync\\ScheduleSync.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"AGRSMMSG"="AGRSMMSG.exe"
"CaISSDT"="\"C:\\Programme\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
"eTrustPPAP"="\"C:\\Programme\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
"LtMoh"="C:\\Programme\\ltmoh\\Ltmoh.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoThemesTab"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\DisallowRun]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"pmsngr.exe"="C:\\Programme\\SoftCodec\\pmsngr.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: 06.10.2006 15:20:52.10
ComboFix.txt