Home » Spyware & Browser Hijacker Support Forum » blinkenes "!" und blinkendes "?" » Themenansicht

blinkenes "!" und blinkendes "?"
#0
08.10.2006, 17:47
kkp
...neu hier

Beiträge: 2
#1 man man, alles blinkt und dauert öffnet sich der internet explorer.

hoffe ihr könnt mir helfen!

hier mal mein log:
Logfile of HijackThis v1.99.1
Scan saved at 17:47:25, on 08.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\DCPFLICS\DCPFLICS.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
E:\3dsmax6\sfmgr\sfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\SoftCodec\isamonitor.exe
C:\Programme\SoftCodec\pmsngr.exe
C:\Programme\SoftCodec\pmmon.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\SoftCodec\isamini.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\ac\Distillr\acrotray.exe
C:\Programme\UltraMon\UltraMon.exe
C:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Alice\Signup\AliceCnn.exe
C:\Dokumente und Einstellungen\M**** Ö***\Desktop\stng260.exe
C:\Dokumente und Einstellungen\M***Ö***\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice-dsl.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\SoftCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\ac\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\ac\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - e:\PROGRA~1\LANGEN~1.0\Engine\mte\StdAlone\T1IE.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\ac\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: UltraMon.lnk = C:\Programme\UltraMon\UltraMon.exe
O8 - Extra context menu item: Download with NetPumper - e:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot6_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11F44F56-0B88-41E6-BA33-A86E5E216F1E} (bilder_vobis_de_bilduebertragung) - http://bilder.vobis.de/upload/bilder_vobis_bilduebertragung.cab
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://www.pixaco.de/static/download/iedropupload.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.knoll.com/FSL/KnFSLInstall/setup.exe
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1111.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65DA643D-AB0B-4641-A9CD-3A061373842F}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4AC722-60D4-4DA6-BEBE-E01349B5F66C}: NameServer = 213.191.92.82 213.191.74.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe
O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Programme\avmclient\panapp.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DCPFLICS - Unknown owner - C:\Programme\DCPFLICS\DCPFLICS.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - E:\3dsmax6\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Seitenanfang Seitenende
09.10.2006, 09:42
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.10.2006, 17:03
kkp
...neu hier

Themenstarter

Beiträge: 2
#3 da is der log:

*****t ™***** - 06-10-09 16:57:36,90 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\*****™*****\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-09 to 2006-10-09 ))))))))))))))))))))))))))))))))))


2006-09-30 00:24 94,080 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
2006-09-30 00:23 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-30 00:13 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-15 21:59 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-09-15 21:59 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2006-09-14 12:12 8,192 --a------ C:\WINDOWS\suecmdial.dll
2006-09-14 07:36 42,982 --a------ C:\WINDOWS\system32\PDDSLADP.DLL
2006-09-14 07:36 15,571 --a------ C:\WINDOWS\system32\drivers\PDDSLADP.SYS
2006-09-14 07:36 15,187 --a------ C:\WINDOWS\system32\drivers\PDDSLHND.SYS
2006-09-10 23:36 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-09-10 23:36 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-09 16:56 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-08 22:30 -------- d-------- C:\Programme\Trillian
2006-10-08 18:55 -------- d-------- C:\Programme\Roguescanfix
2006-10-08 17:57 -------- d-------- C:\Programme\CleanUp!
2006-10-07 18:07 -------- d-------- C:\Programme\ICQToolbar
2006-10-07 13:04 -------- d-------- C:\Programme\SoftCodec
2006-10-07 12:13 -------- d-------- C:\Programme\TuneUp Utilities 2004
2006-10-05 22:39 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-10-05 22:31 -------- d-------- C:\Programme\MD Adressbuch
2006-10-05 20:42 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Canon
2006-10-01 13:51 -------- d-------- C:\Programme\SmartFTP Client 2.0
2006-10-01 13:50 -------- d-------- C:\Programme\SmartFTP Client 2.0 Setup Files
2006-09-30 19:01 -------- d-------- C:\Programme\iTunes
2006-09-30 19:01 -------- d-------- C:\Programme\iPod
2006-09-30 18:57 -------- d-------- C:\Programme\QuickTime
2006-09-30 18:52 -------- d-------- C:\Programme\Apple Software Update
2006-09-30 00:45 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Vso
2006-09-30 00:24 94080 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ezplay.sys
2006-09-30 00:24 81920 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ezpinst.exe
2006-09-30 00:24 7172 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ezplay.cat
2006-09-30 00:24 34 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\pcouffin.log
2006-09-30 00:24 34 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\KGFGCNUI.log
2006-09-30 00:24 125 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\KGFGCNUI.ini
2006-09-30 00:24 1104 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\KGFGCNUI.inf
2006-09-30 00:23 7176 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\pcouffin.cat
2006-09-30 00:23 47360 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\pcouffin.sys
2006-09-30 00:23 1144 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\pcouffin.inf
2006-09-30 00:18 -------- d-------- C:\Programme\DAEMON Tools
2006-09-15 22:01 -------- d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2006-09-15 22:00 -------- d-------- C:\Programme\AVSMedia
2006-09-15 21:59 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-14 07:36 -------- d-------- C:\Programme\Gemeinsame Dateien\Alice
2006-09-14 07:36 -------- d-------- C:\Programme\Alice
2006-09-10 23:36 -------- d-------- C:\Programme\Winamp
2006-09-07 13:44 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-07 13:43 -------- d-------- C:\Programme\Gemeinsame Dateien\NewSoft
2006-09-07 13:34 -------- d-------- C:\Programme\NewSoft
2006-09-06 22:47 -------- d-------- C:\Programme\AviSynth 2.5
2006-09-06 22:46 -------- d-------- C:\Programme\iDump
2006-09-06 14:01 -------- d-------- C:\Programme\TIPP-Kurs
2006-09-05 19:00 -------- d-------- C:\Programme\eMule
2006-09-05 17:59 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Slowstore
2006-09-05 17:46 -------- d-------- C:\Programme\WordBiz
2006-09-05 17:39 -------- d-------- C:\Programme\Sony Ericsson
2006-09-05 17:38 -------- d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared
2006-09-05 17:34 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SlimBrowser
2006-09-05 17:27 -------- d-------- C:\Programme\Logon Loader
2006-09-05 17:27 -------- d-------- C:\Programme\lineup2win
2006-09-05 17:23 -------- d-------- C:\Programme\Gemeinsame Dateien\ACD Systems
2006-09-05 17:23 -------- d-------- C:\Programme\ACD Systems
2006-09-05 17:20 -------- d-------- C:\Programme\Gemeinsame Dateien\Autodesk Shared
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 21:05 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\PersBackup
2006-08-16 17:28 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\NetPumper
2006-08-11 00:30 -------- d-------- C:\Programme\Internet Explorer
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"IntelliType"="\"C:\\Programme\\Microsoft Hardware\\Keyboard\\type32.exe\""
"FRISK FP-Scheduler"="C:\\Programme\\FSI\\F-Prot\\F-Sched.exe STARTUP"
"F-StopW"="C:\\Programme\\FSI\\F-Prot\\F-StopW.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"Presto! PVR Monitor"="C:\\Programme\\NewSoft\\Presto! PVR\\Monitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,81,01,00,00,00,00,00,00,f7,03,00,00,04,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,aa,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,aa,03,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://mugiac.com/"
"SubscribedURL"="http://mugiac.com/"
"FriendlyName"=""
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e1,01,00,00,6b,01,00,00,9f,00,00,00,30,01,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e1,01,00,00,6b,01,00,00,9f,00,00,00,30,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:19,02,02,00,00,00,00,00,00,00,00,00,a8,5c,06,00,00,e0,\
fd,7f,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://www.heute.de/ZDFheute"
"SubscribedURL"="http://www.heute.de/ZDFheute"
"FriendlyName"="heute.de - Titelseite"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,00,00,00,33,01,00,00,83,02,00,00,39,01,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,33,01,00,00,83,02,00,00,39,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,0c,00,00,00,00,00,4c,5c,06,00,d1,73,a5,00,00,00,\
00,00,2c,05,04,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3]
"Source"="http://www.heute.de/"
"SubscribedURL"="http://www.heute.de/"
"FriendlyName"="heute.de - Titelseite"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,15,00,00,00,e0,01,00,00,92,00,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e1,01,00,00,1d,00,00,00,9f,00,00,00,30,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,0c,00,00,00,00,00,4c,5c,06,00,d1,73,a5,00,00,00,\
00,00,34,05,01,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"NoDriveAutoRun"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\SoftCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\SoftCodec\\pmsngr.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"bxxs5"="RunDLL32.EXE C:\\WINDOWS\\bxxs5.dll,DllRun"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~2\\NEWDOT~2.DLL,ClientStartup -s"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe"
"AVMBLUEOBEX"="C:\\Programme\\avmclient\\AvmObex.exe -pushclient -ftpclient"
"AVMBlueClient"="C:\\Programme\\avmclient\\bluefritz.exe"
"DAEMON Tools-1033"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033"
"PivotSoftware"="\"C:\\Programme\\WinPortrait\\wpctrl.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Google Desktop Search"="\"C:\\Programme\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"gcasServ"="\"C:\\Programme\\Microsoft AntiSpyware\\gcasServ.exe\""
"ChangeFilterMerit"="C:\\Programme\\NewSoft\\Presto! PVR\\ChangeFilterMerit.exe"
"FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe"
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"Presto! PVR Monitor"="C:\\Programme\\NewSoft\\Presto! PVR\\Monitor.exe"
"URemote"="C:\\Programme\\NewSoft\\Presto! PVR\\URemote.exe"
"NetPumper"="\"e:\\Programme\\NetPumper\\NetPumperIEProxy.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 09.10.2006 16:59:40.44
ComboFix.txt
Seitenanfang Seitenende
09.10.2006, 17:12
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen

Zitat

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"=-
"pmsngr.exe"=-
2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein

Zitat

registry keys to delete:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurster
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurster
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}

Files to delete:
C:\WINDOWS\system32\gqagksr.dll

Folders to delete:
C:\Programme\VirusBurster
C:\Programme\SoftCodec
C:\Programme\NetPumper
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\NetPumper
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

3.
loesche:
e:\Programme\NetPumper

4.
loesche das Backup vom Avenger unter C:\Avenger\backup.zip

5.
scanne mit smitfraudfix (Option 1 und 2)
http://virus-protect.org/artikel/tools/smitfrautfix.html

6.
scanne
http://virus-protect.org/artikel/tools/nolop.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1