Home » Spyware & Browser Hijacker Support Forum » VirusBurst-Virusburster-AntiVermins - Critical System Error! » Themenansicht
VirusBurst-Virusburster-AntiVermins - Critical System Error! |
||
|---|---|---|
| #0
| ||
|
12.11.2006, 11:16
Member
Beiträge: 3716 |
#31
hallo, du solltest auch den combofix, das hijackthis und smitfraud nutzen, dass fördert meist noch was zu tage...
|
|
 
|
|
|
|
12.11.2006, 11:21
Ehrenmitglied
 Beiträge: 29434 |
#32
xern
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« poste hier das log vom Avenger, was nach neustart erscheint »» lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html «« öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Programme\QualityCodec\isaddon.dllPC neustarten ** scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
12.11.2006, 11:21
...neu hier
Beiträge: 2 |
||
|
|
|
|
|
12.11.2006, 13:51
...neu hier
Beiträge: 4 |
||
|
|
|
|
|
12.11.2006, 16:30
...neu hier
Beiträge: 4 |
#35
Avenger
---------------------------------------------------------------------- Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ivbbgycp ******************* Script file located at: \??\C:\Program Files\uetdcrbu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\okkmtv.dll deleted successfully. File C:\WINDOWS\system32\htmdeng.exe deleted successfully. File C:\WINDOWS\system32\photowjz.dll deleted successfully. Folder C:\Programme\QualityCodec deleted successfully. Folder C:\Programme\NavExcel Search Toolbar deleted successfully. Folder C:\Programme\VirusBursters deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|bonspells deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusBursters deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{310014E4-FBE9-412B-8439-6766CBEA6DB6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{310014E4-FBE9-412B-8439-6766CBEA6DB6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{D80C4E21-C346-4E21-8E64-20746AA20AEB} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{D80C4E21-C346-4E21-8E64-20746AA20AEB} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{bf1ced2c-4b3f-4079-a330-864eda5a4cff} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{bf1ced2c-4b3f-4079-a330-864eda5a4cff} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{310014E4-FBE9-412B-8439-6766CBEA6DB6} deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters deleted successfully. Completed script processing. ******************* Finished! Terminate. ---------------------------------------------------------------------- Den panda bekomme ich leider nicht zum laufen, alles weitere hab ich gemacht, auch wenn meine Einträge im HijackThis etwas anders waren, bzw die oben genannten nicht alle vorhanden waren..... Reicht das aus, oder muss ich noch was machen? Muss ich den Panda unbedingt laufen lassen, oder gibts noch Alternativen? Danke schonmal... |
|
|
|
|
|
|
12.11.2006, 17:01
Ehrenmitglied
Beiträge: 29434 |
#36
xern
scanne mit ewido , hoffe das funktioniert - und poste den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
12.11.2006, 19:33
...neu hier
Beiträge: 3 |
#37
Hallo ihr lieben Helferlein,
wieder ein neues Opfer. Unten der Logfile von HiJackthis: Logfile of HijackThis v1.99.1 Scan saved at 19:26:57, on 12.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\QualityCodec\isamonitor.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\PowerKey.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSDCtrl.exe C:\Programme\Launch Manager\Wbutton.exe C:\Program Files\Arcade\PCMService.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Network Associates\Common Framework\UpdaterUI.exe C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\QualityCodec\isamini.exe C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe C:\Programme\Gemeinsame Dateien\PCSuite\Services\NclBTHandler.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\DOKUME~1\ACERAS~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orf.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Programme\QualityCodec\isaddon.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - C:\Programme\QualityCodec\iesplugin.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Programme\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Programme\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.raiffeisenlearning.at/ibt/login/acso/main/de/site/acso/login/downloads/ webplayer_download/ player/ie_automatisch/aw_plugin_complete/awswax70.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Schon mal danke für die Hilfe. |
|
|
|
|
|
|
12.11.2006, 19:35
Ehrenmitglied
Beiträge: 29434 |
#38
Andi888
"Helferlein zur Stelle "  poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
12.11.2006, 19:46
...neu hier
Beiträge: 3 |
#39
Hallo Sabina,
das ging ja prompt! ;-) Hier das log: acer Aspire 5025WLMi - 06-11-12 19:43:59,98 Service Pack 2 ComboFix 06.11.9 - Running from: "C:\Programme\Mozilla Firefox" ((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 )))))))))))))))))))))))))))))))))) 2006-11-12 17:44 106,496 --a------ C:\WINDOWS\system32\okkmtv.dll 2006-10-22 10:44 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL 2006-10-22 10:44 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL 2006-10-14 11:02 50,688 --a------ C:\WINDOWS\CJCClasses.dll 2006-10-14 11:02 46,592 --a------ C:\WINDOWS\CJPCSCCServer.dll 2006-10-14 11:02 173,568 --a------ C:\WINDOWS\CJCServer.exe 2006-10-14 11:02 128,736 --a------ C:\WINDOWS\CCjClasses.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-12 17:44 -------- d-------- C:\Programme\QualityCodec 2006-11-04 15:03 3152 --a------ C:\Dokumente und Einstellungen\acer Aspire 5025WLMi\Anwendungsdaten\wklnhst.dat 2006-10-28 12:54 229229 --a------ C:\Dokumente und Einstellungen\acer Aspire 5025WLMi\Anwendungsdaten\NMM-MetaData.db 2006-10-24 22:02 -------- d-------- C:\Programme\Anti-Leech 2006-10-23 20:52 -------- d-------- C:\Programme\FLVPlayer 2006-09-23 23:32 1024 -r-h----- C:\WINDOWS\system32\NTIMP3.dll 2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe 2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "preload"="C:\\Windows\\RUNXMLPL.exe" "SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\"" "PowerKey"="\"C:\\Programme\\Launch Manager\\PowerKey.exe\"" "LManager"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\"" "CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\"" "LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSDCtrl.exe\"" "Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\"" "PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\"" "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "ShStatEXE"="\"C:\\Programme\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE" "McAfeeUpdaterUI"="\"C:\\Programme\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey" "Network Associates Error Reporting Service"="\"C:\\Programme\\Gemeinsame Dateien\\Network Associates\\TalkBack\\TBMon.exe\"" "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\QualityCodec\\isamonitor.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ChkMail" "hkey"="HKCU" "command"="\"C:\\Programme\\Launch Manager\\ChkMail.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpcmpmgr" "hkey"="HKLM" "command"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\voip phone] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="voip phone" "hkey"="HKLM" "command"="\"C:\\Programme\\Acer Bluetooth VoIP Phone\\voip phone.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-11-12 19:44:36.65 C:\ComboFix.txt ... 06-11-12 19:44 [img][/img] |
|
|
|
|
|
|
12.11.2006, 20:49
...neu hier
Beiträge: 4 |
#40
__________________________________________________
ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Mediaplex Path: C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@mediaplex[1].txt Risk: Medium Name: TrackingCookie.Reliablestats Path: C:\Dokumente und Einstellungen\Dominik\Cookies\dominik@stats1.reliablestats[1].txt Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3 Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3\GbSet Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3\Installed Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3\Installed\741 Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3\Media Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3\Media\131073 Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3\Media\196609 Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3\Proxy Risk: Medium Name: Adware.Aureate Path: HKLM\SOFTWARE\Aureate\V3\Servers Risk: Medium Name: Dialer.Generic Path: HKLM\SOFTWARE\IntexusDial Risk: High Name: Adware.Aureate Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Radiate Advertising Risk: Medium Name: Adware.Aureate Path: HKU\S-1-5-21-1409082233-179605362-682003330-1003\Software\Aureate Risk: Medium Name: Adware.Aureate Path: HKU\S-1-5-21-1409082233-179605362-682003330-1003\Software\Aureate\Advertising Risk: Medium Name: Adware.Aureate Path: HKU\S-1-5-21-1409082233-179605362-682003330-1003\Software\Aureate\Advertising\Demographics Risk: Medium Name: Adware.Aureate Path: HKU\S-1-5-21-1409082233-179605362-682003330-1003\Software\Aureate\V3 Risk: Medium Name: Adware.Aureate Path: HKU\S-1-5-21-1409082233-179605362-682003330-1003\Software\Aureate\V3\Cookies Risk: Medium Name: Adware.NavExcel Path: HKU\S-1-5-21-1409082233-179605362-682003330-1003\Software\NavExcel Ltd Risk: Medium Name: Adware.NavExcel Path: HKU\S-1-5-21-1409082233-179605362-682003330-1003\Software\NavExcel Ltd\NavExcel Search Toolbar Risk: Medium Name: Adware.NavExcel Path: HKU\S-1-5-21-1409082233-179605362-682003330-1003\Software\NavExcel Ltd\NavExcel Search Toolbar\History Risk: Medium Name: TrackingCookie.Ivwbox Path: :mozilla.11:C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Mozilla\Firefox\Profiles\m31j9yc7.default\cookies.txt Risk: Medium Name: Adware.Aureate Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0082637.dll Risk: Medium Name: Adware.Aureate Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0082638.exe Risk: Medium Name: Downloader.Zlob.akn Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0082682.dll Risk: High Name: Downloader.Zlob.akn Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0083322.dll Risk: High Name: Downloader.Zlob.akn Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0083347.dll Risk: High Name: Adware.Aureate Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0083376.exe Risk: Medium Name: Adware.NavExcel Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0083377.dll Risk: Medium Name: Trojan.BHO.b Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0083379.dll Risk: High Name: Downloader.Zlob.akn Path: C:\System Volume Information\_restore{237A3293-6EC7-433E-B71A-B7D73F026D17}\RP329\A0083382.dll Risk: High Name: Adware.NavExcel Path: C:\WINDOWS\nxstinst.exe Risk: Medium Name: Adware.NavExcel Path: C:\WINDOWS\remover.dll Risk: Medium |
|
|
|
|
|
|
12.11.2006, 21:14
Ehrenmitglied
Beiträge: 29434 |
#41
xern
1. avenger Zitat registry keys to delete:2. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
12.11.2006, 21:46
...neu hier
Beiträge: 4 |
#42
ok hab ich gemacht. das System scheint jetzt wieder virenfrei zu sein =D
Vielen Dank! Echt genial, eure Hilfe! |
|
|
|
|
|
|
13.11.2006, 10:02
Ehrenmitglied
Beiträge: 29434 |
#43
Andi888
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html ____________ öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Programme\QualityCodec\isaddon.dll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
14.11.2006, 21:24
...neu hier
Beiträge: 3 |
||
|
|
|
|
|
21.11.2006, 17:39
...neu hier
Beiträge: 1 |
#45
Hallo Sabine,
mich hat es leider auch erwischt. Würdest du mir auch helfen? Wäre ganz toll!!! Logfile of HijackThis v1.99.1 Scan saved at 17:30, on 06-11-21 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\isnotify.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\pctspk.exe C:\Programme\Dell\AccessDirect\dadapp.exe C:\Programme\Dell\QuickSet\quickset.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\DSentry.exe C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe C:\Programme\Java\jre1.5.0\bin\jusched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\ICQLite\ICQLite.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programme\Gemeinsame Dateien\{F401DA7D-0890-1031-0819-030502200031}\Update.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Programme\Java\jre1.5.0\bin\jucheck.exe C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lexmark 3100 Series\lxbrbmon.exe C:\Program Files\Virgin Radio Player\VRPlayer.EXE C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Matt\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\System32\ixt0.dll O2 - BHO: (no name) - {81EDAD03-3150-4ED5-B1DF-88DD67733A8F} - C:\WINDOWS\System32\xxwur.dll (file missing) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\tkkdaruq.dll (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [DadApp] C:\Programme\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvgab.dll,startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - Startup: Virgin Radio Player Tray Icon.lnk = C:\Program Files\Virgin Radio Player\TrayLoad.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DT 11Mbps WLAN PC Card Station.lnk = C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.moviegroup.tv/activex/DownloadMgr.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: winaxf32 - C:\WINDOWS\SYSTEM32\winaxf32.dll O20 - Winlogon Notify: xxwur - C:\WINDOWS\System32\xxwur.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Hab jetzt den Clean up durchgeführt. Mach nen Neustart und lass dann combofix drüberluafen. :-) Hoffe du kannst mir wieterhelfen. Bis gleich. Matt - 06-11-21 17:48:07.35 Service Pack 1 ComboFix 06.11.19 - Running from: "C:\Dokumente und Einstellungen\Matt\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\isnotify.exe C:\WINDOWS\system32\issearch.exe C:\WINDOWS\system32\ixt0.dll C:\Programme\Inetget2 C:\WINDOWS\system32\components C:\Programme\Gemeinsame Dateien\{3401DA7D-0891-1031-0819-030502200031} C:\Programme\Gemeinsame Dateien\{F401DA7D-0891-1031-0819-030502200031} C:\Programme\Gemeinsame Dateien\{F401DA7D-0890-1031-0819-030502200031} ((((((((((((((((((((((((((((((( Files Created from 2006-10-20 to 2006-11-20 )))))))))))))))))))))))))))))))))) 2006-11-21 17:32 <DIR> d-------- C:\Programme\CleanUp! 2006-11-20 22:53 <DIR> d-------- C:\avenger 2006-11-20 19:49 <DIR> d-------- C:\Programme\Notepad++ 2006-11-20 19:49 <DIR> d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\Notepad++ 2006-11-19 14:24 <DIR> d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\Lavasoft 2006-11-19 14:22 <DIR> d-------- C:\Programme\Lavasoft 2006-11-19 14:10 <DIR> dr-h----- C:\$VAULT$.AVG 2006-11-19 14:07 816,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys 2006-11-19 14:07 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll 2006-11-19 14:07 4,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys 2006-11-19 14:07 348,160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll 2006-11-19 14:07 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys 2006-11-19 14:07 28,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys 2006-11-19 14:07 18,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys 2006-11-19 14:07 <DIR> d-------- C:\Programme\Grisoft 2006-11-19 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\AVG7 2006-11-19 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft 2006-11-19 14:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg7 2006-11-19 12:24 <DIR> d-------- C:\!KillBox 2006-11-19 03:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\AdCache 2006-11-18 20:52 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared 2006-11-18 20:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision 2006-11-18 20:38 <DIR> d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\SearchToolbarCorp 2006-11-18 20:37 611,718 ---hs---- C:\WINDOWS\SYSTEM32\ruwxx.bak1 2006-11-18 20:37 110,612 --a------ C:\WINDOWS\SYSTEM32\arjdlngh.exe 2006-11-18 20:31 59,392 --a------ C:\WINDOWS\SYSTEM32\drvgab.dll 2006-11-18 20:31 40,973 ---hs---- C:\WINDOWS\SYSTEM32\ssqqpol.dll 2006-11-18 20:30 15,872 --a------ C:\WINDOWS\SYSTEM32\winaxf32.dll 2006-11-09 21:43 <DIR> d-------- C:\Programme\Avery Dennison 2006-11-09 21:43 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery 2006-11-07 11:07 848 --ahs---- C:\WINDOWS\SYSTEM32\KGyGaAvL.sys 2006-11-07 10:30 <DIR> d-------- C:\Programme\Corel 2006-11-05 15:51 5,632 --a------ C:\WINDOWS\SYSTEM32\pxc25pm.dll 2006-11-05 15:51 258,352 --a------ C:\WINDOWS\SYSTEM32\unicows.dll 2006-11-05 15:49 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK 2006-11-05 15:44 <DIR> d-------- C:\Programme\ABBYY PDF Transformer 2.0 2006-11-05 15:37 <DIR> d-------- C:\Temp 2006-11-05 15:16 64,512 --a------ C:\WINDOWS\SYSTEM32\MSCC2DE.DLL 2006-11-05 15:16 23,552 --a------ C:\WINDOWS\SYSTEM32\MSMPIDE.DLL 2006-11-05 15:16 158,208 --a------ C:\WINDOWS\SYSTEM32\MSCMCDE.DLL 2006-11-05 15:16 125,712 --a------ C:\WINDOWS\SYSTEM32\VB6DE.DLL 2006-11-05 15:16 116,224 --a------ C:\WINDOWS\SYSTEM32\pdfcmnnt.dll 2006-11-05 15:16 <DIR> d-------- C:\Programme\PDFCreator 2006-10-29 12:55 <DIR> d-------- C:\Programme\IrfanView 2006-10-28 09:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google 2006-10-24 21:39 <DIR> d-------- C:\Dokumente und Einstellungen\Matt\Contacts 2006-10-24 21:37 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE 2006-10-24 21:37 <DIR> d-------- C:\Programme\MSN Messenger (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-21 17:50 -------- d-a------ C:\Programme\Gemeinsame Dateien 2006-11-21 17:20 -------- d-------- C:\Programme\Mozilla Firefox 2006-11-20 22:07 -------- d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\Adobe 2006-11-19 15:12 -------- d-------- C:\Programme\BlubsterSupport 2006-11-19 14:06 44288 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys 2006-11-19 03:31 -------- d-------- C:\Programme\FlashGet 2006-11-19 03:26 -------- d-------- C:\Programme\Ubaya 2006-11-19 03:20 -------- d-------- C:\Programme\Google 2006-11-18 20:46 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe 2006-11-18 20:37 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-11-18 20:37 -------- d-------- C:\Programme\Adobe 2006-11-07 23:50 -------- d-------- C:\Programme\ICQLite 2006-11-07 10:30 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield 2006-11-07 00:30 -------- d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\ICQLite 2006-11-06 14:15 -------- d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\AdobeUM 2006-10-24 21:38 -------- d---s---- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\Microsoft 2006-10-24 21:37 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2006-10-19 00:58 -------- d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\Real 2006-10-19 00:55 -------- d-------- C:\Programme\Gemeinsame Dateien\xing shared 2006-10-19 00:54 -------- d-------- C:\Programme\Gemeinsame Dateien\Real 2006-09-28 12:37 -------- d-------- C:\Dokumente und Einstellungen\Matt\Anwendungsdaten\vlc (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "PCTVOICE"="pctspk.exe" "DadApp"="C:\\Programme\\Dell\\AccessDirect\\dadapp.exe" "Dell QuickSet"="C:\\Programme\\Dell\\QuickSet\\quickset.exe" "SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe" "AdaptecDirectCD"="\"C:\\Programme\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN" "WinampAgent"="\"C:\\Programme\\Winamp3\\winampa.exe\"" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "Lexmark 3100 Series"="\"C:\\Programme\\Lexmark 3100 Series\\lxbrbmgr.exe\"" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0\\bin\\jusched.exe" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "CTDrive"="rundll32.exe C:\\WINDOWS\\System32\\drvgab.dll,startup" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoLowDiskSpaceChecks"=dword:00000001 "NoDriveAutoRun"=hex:00,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winaxf32 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxwur [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 06-11-21 17:51:01.74 C:\ComboFix.txt ... 06-11-21 17:51 C:\ComboFix2.txt ... 06-11-20 23:03 Dieser Beitrag wurde am 21.11.2006 um 18:04 Uhr von MatthiasKN editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten