K-Lite Codec pack, Dreve.com, Virusburst, drivecleaner.com,

#1 Hallo Forum,
habe einige Sorgen (habe nach Lesen im Forum einiges versucht (Vundofix, AV-CLS) aber ich habe den Eindruck, dass die Situation sich stÄndig Ändert
(und ja, ich habe W2K auf französisch/'Freeplayer ist zur INfo ein frz. ADSL - PRogramm)

SYMPTOME: Virusburst, öffnen von wilden Fenstern unter Firefox.
Alles passierte, nachdem ich einen Codec heruntergeladen hatte (K-Lite Codec Pack)

Hijackthis speichert keinen ganzen Logfile (Notepad öffnet sich nicht), und mit option save logfile ist das truncated:

Logfile of HijackThis v1.99.1
Scan saved at 20:38:26, on 30/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\winmgr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
F:\cleanmeup\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - C:\WINNT\winmgr.exe



Hier Combofix:
ooo - lun. 30/10/2006 19:58:24,18 Service Pack 4
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\ooo\Application Data\Dxcknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\dfndrff_e43.exe
C:\deskbar.exe
C:\deskbar_e42.exe
C:\kybrdff_e43.exe
C:\nwnmff_e43.exe
C:\Program Files\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-09-30 to 2006-10-30 ))))))))))))))))))))))))))))))))))


2006-10-30 18:10 492,211 ---hs---- C:\WINNT\system32\xycdd.bak1
2006-10-30 18:10 110,612 --a------ C:\WINNT\system32\cgeqgvtv.exe
2006-10-30 18:09 688,180 ---hs---- C:\WINNT\system32\ddcyx.dll
2006-10-30 17:38 24,576 --a------ C:\mc44a43.exe
2006-10-30 17:37 32,768 --a------ C:\DXC9.exe
2006-10-30 17:37 266,240 --a------ C:\yz02.exe
2006-10-30 17:36 175,900 --a------ C:\pro3_install.exe
2006-10-30 09:18 63,248 --a------ C:\WINNT\system32\SC.EXE
2006-10-29 12:10 94,720 -r-hs---- C:\WINNT\winmgr.exe
2006-10-29 08:51 2,414,360 --a------ C:\WINNT\system32\d3dx9_31.dll
2006-10-29 08:50 2,297,552 --a------ C:\WINNT\system32\d3dx9_26.dll
2006-10-29 08:46 83,968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2006-10-29 08:46 56,832 --a------ C:\WINNT\system32\drivers\msdv.sys
2006-10-29 08:46 480,256 --a------ C:\WINNT\system32\msvidctl.dll
2006-10-29 08:46 47,104 --a------ C:\WINNT\system32\wstdecod.dll
2006-10-29 08:46 354,816 --a------ C:\WINNT\system32\psisdecd.dll
2006-10-29 08:46 18,688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2006-10-29 08:46 16,896 --a------ C:\WINNT\system32\msyuv.dll
2006-10-29 08:46 16,384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2006-10-29 08:46 15,104 --a------ C:\WINNT\system32\drivers\mpe.sys
2006-10-29 08:46 14,976 --a------ C:\WINNT\system32\drivers\streamip.sys
2006-10-29 08:46 11,392 --a------ C:\WINNT\system32\drivers\bdasup.sys
2006-10-29 08:46 10,880 --a------ C:\WINNT\system32\drivers\slip.sys
2006-10-29 08:46 10,112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2006-10-29 08:45 69,120 --a------ C:\WINNT\system32\dsdmoprp.dll
2006-10-29 08:45 62,464 --a------ C:\WINNT\system32\gcdef.dll
2006-10-29 08:45 57,856 --a------ C:\WINNT\system32\dpwsockx.dll
2006-10-29 08:45 53,248 --a------ C:\WINNT\system32\devenum.dll
2006-10-29 08:45 525,824 --a------ C:\WINNT\system32\qedit.dll
2006-10-29 08:45 386,560 --a------ C:\WINNT\system32\diactfrm.dll
2006-10-29 08:45 383,488 --a------ C:\WINNT\system32\qdvd.dll
2006-10-29 08:45 381,952 --a------ C:\WINNT\system32\dpnet.dll
2006-10-29 08:45 363,520 --a------ C:\WINNT\system32\dsound.dll
2006-10-29 08:45 307,200 --a------ C:\WINNT\system32\dxdiag.exe
2006-10-29 08:45 276,480 --a------ C:\WINNT\system32\qdv.dll
2006-10-29 08:45 265,728 --a------ C:\WINNT\system32\ddraw.dll
2006-10-29 08:45 22,528 --a------ C:\WINNT\system32\dpmodemx.dll
2006-10-29 08:45 204,800 --a------ C:\WINNT\system32\dpvoice.dll
2006-10-29 08:45 195,584 --a------ C:\WINNT\system32\mswebdvd.dll
2006-10-29 08:45 177,152 --a------ C:\WINNT\system32\qcap.dll
2006-10-29 08:45 172,544 --a------ C:\WINNT\system32\dinput8.dll
2006-10-29 08:45 16,896 --a------ C:\WINNT\system32\dpnsvr.exe
2006-10-29 08:45 156,160 --a------ C:\WINNT\system32\dinput.dll
2006-10-29 08:45 153,600 --a------ C:\WINNT\system32\qasf.dll
2006-10-29 08:45 104,448 --a------ C:\WINNT\system32\dmusic.dll
2006-10-29 08:45 1,689,600 --a------ C:\WINNT\system32\d3d9.dll
2006-10-29 08:45 1,252,352 --a------ C:\WINNT\system32\quartz.dll
2006-10-29 08:45 1,180,160 --a------ C:\WINNT\system32\d3d8.dll
2006-10-29 08:45 1,134,592 --a------ C:\WINNT\system32\dxdiagn.dll
2006-10-29 08:44 98,816 --a------ C:\WINNT\system32\dmstyle.dll
2006-10-29 08:44 80,896 --a------ C:\WINNT\system32\dpvsetup.exe
2006-10-29 08:44 797,184 --a------ C:\WINNT\system32\d3dim700.dll
2006-10-29 08:44 76,800 --a------ C:\WINNT\system32\dmscript.dll
2006-10-29 08:44 733,184 --a------ C:\WINNT\system32\qedwipes.dll
2006-10-29 08:44 7,424 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2006-10-29 08:44 7,168 --a------ C:\WINNT\system32\d3d8thk.dll
2006-10-29 08:44 68,096 --a------ C:\WINNT\system32\dpnhupnp.dll
2006-10-29 08:44 64,512 --a------ C:\WINNT\system32\amstream.dll
2006-10-29 08:44 63,768 --a------ C:\WINNT\system32\dxdllreg.exe
2006-10-29 08:44 602,624 --a------ C:\WINNT\system32\dx7vb.dll
2006-10-29 08:44 58,368 --a------ C:\WINNT\system32\dmcompos.dll
2006-10-29 08:44 5,504 --a------ C:\WINNT\system32\drivers\mstee.sys
2006-10-29 08:44 5,248 --a------ C:\WINNT\system32\drivers\mspclock.sys
2006-10-29 08:44 48,512 --a------ C:\WINNT\system32\drivers\stream.sys
2006-10-29 08:44 44,032 --a------ C:\WINNT\system32\dimap.dll
2006-10-29 08:44 4,096 --a------ C:\WINNT\system32\ksuser.dll
2006-10-29 08:44 4,096 --a------ C:\WINNT\system32\drivers\swenum.sys
2006-10-29 08:44 34,304 --a------ C:\WINNT\system32\mciqtz32.dll
2006-10-29 08:44 33,280 --a------ C:\WINNT\system32\dmloader.dll
2006-10-29 08:44 32,768 --a------ C:\WINNT\system32\dpnhpast.dll
2006-10-29 08:44 31,744 --a------ C:\WINNT\system32\pid.dll
2006-10-29 08:44 3,072 --a------ C:\WINNT\system32\dpnlobby.dll
2006-10-29 08:44 3,072 --a------ C:\WINNT\system32\dpnaddr.dll
2006-10-29 08:44 28,160 --a------ C:\WINNT\system32\dplaysvr.exe
2006-10-29 08:44 27,136 --a------ C:\WINNT\system32\dmband.dll
2006-10-29 08:44 230,400 --a------ C:\WINNT\system32\dplayx.dll
2006-10-29 08:44 19,968 --a------ C:\WINNT\system32\dpvacm.dll
2006-10-29 08:44 186,880 --a------ C:\WINNT\system32\dsdmo.dll
2006-10-29 08:44 181,248 --a------ C:\WINNT\system32\dmime.dll
2006-10-29 08:44 18,944 --a------ C:\WINNT\system32\encapi.dll
2006-10-29 08:44 18,432 --a------ C:\WINNT\system32\dswave.dll
2006-10-29 08:44 130,304 --a------ C:\WINNT\system32\drivers\ks.sys
2006-10-29 08:44 13,312 --a------ C:\WINNT\system32\msdmo.dll
2006-10-29 08:44 112,128 --a------ C:\WINNT\system32\dpvvox.dll
2006-10-29 08:44 100,864 --a------ C:\WINNT\system32\dmsynth.dll
2006-10-29 08:44 1,294,336 --a------ C:\WINNT\system32\dsound3d.dll
2006-10-29 08:44 1,189,888 --a------ C:\WINNT\system32\dx8vb.dll
2006-10-29 08:33 856,064 --a------ C:\WINNT\system32\xvidcore.dll
2006-10-29 08:33 620,180 --a------ C:\WINNT\system32\divx.dll
2006-10-29 08:33 593,938 --a------ C:\WINNT\system32\x264vfw.dll
2006-10-29 08:33 217,088 --a------ C:\WINNT\system32\xvidvfw.dll
2006-10-29 08:33 1,415,680 --a------ C:\WINNT\system32\WMV9VCM.dll
2006-10-29 08:32 5,120 --a------ C:\WINNT\system32\ff_vfw.dll
2006-10-14 09:50 6,230,414 --a------ C:\WINNT\system32\scr.scr
2006-10-04 21:22 13,904 --a------ C:\WINNT\system32\drivers\hidusb.sys
2006-10-02 22:28 90,112 --a------ C:\WINNT\system32\AVASTSS.scr


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-30 19:49 -------- d-------- C:\Program Files\CleanUp!
2006-10-30 19:34 -------- d-------- C:\Program Files\Zone Labs
2006-10-30 17:37 -------- d-a-s---- C:\Program Files\NewDotNet
2006-10-29 08:57 -------- d-------- C:\Documents and Settings\ooo\Application Data\Media Player Classic
2006-10-29 08:32 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-28 12:57 -------- d-------- C:\Program Files\WinDirStat
2006-10-22 18:11 -------- d-------- C:\Program Files\Executive Software
2006-10-22 12:48 -------- d-------- C:\Program Files\EasyBox
2006-10-08 15:43 -------- d-------- C:\Documents and Settings\ooo\Application Data\PC Suite
2006-10-08 14:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-08 14:13 -------- d-------- C:\Program Files\Nokia
2006-10-08 14:13 -------- d-------- C:\Program Files\Fichiers communs\PCSuite
2006-10-08 14:13 -------- d-------- C:\Program Files\Fichiers communs\Nokia
2006-10-07 22:56 -------- d-------- C:\Program Files\AC3Filter
2006-10-01 21:25 -------- d-------- C:\Program Files\HomePlayer1.3
2006-09-28 15:18 -------- d-------- C:\Documents and Settings\ooo\Application Data\vlc
2006-09-27 21:32 -------- d-------- C:\Program Files\amphetadesk-win-v0.93.1
2006-09-27 15:13 -------- d-------- C:\Program Files\DivX
2006-09-27 14:00 -------- d-------- C:\Program Files\news
2006-09-27 13:58 -------- d-------- C:\Program Files\TUGZip
2006-09-27 09:11 778656 --a------ C:\WINNT\system32\drivers\avg7core.sys
2006-09-25 17:45 666240 --a------ C:\WINNT\system32\aswBoot.exe
2006-09-25 17:40 87424 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a------ C:\WINNT\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2006-09-25 17:39 16352 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2006-09-25 17:37 24560 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2006-09-24 22:37 -------- d-------- C:\Documents and Settings\ooo\Application Data\AdobeUM
2006-09-23 18:25 -------- d-------- C:\Program Files\IrfanView
2006-09-23 18:25 -------- d-------- C:\Documents and Settings\ooo\Application Data\Help
2006-09-23 17:30 869 --------- C:\Documents and Settings\ooo\Application Data\AdobeDLM.log
2006-09-23 17:30 0 --------- C:\Documents and Settings\ooo\Application Data\dm.ini
2006-09-23 17:30 -------- d-------- C:\Program Files\Adobe
2006-09-23 17:27 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-09-23 17:27 -------- d-------- C:\Documents and Settings\ooo\Application Data\Adobe
2006-09-23 17:20 -------- d-------- C:\Program Files\Freeplayer
2006-09-23 17:11 2508 --------- C:\Documents and Settings\ooo\Application Data\$_hpcst$.hpc
2006-09-23 16:11 -------- d-------- C:\Documents and Settings\ooo\Application Data\DeepBurner
2006-09-23 16:10 -------- d-------- C:\Program Files\Astonsoft
2006-09-23 15:26 -------- d-------- C:\Documents and Settings\ooo\Application Data\Apple Computer
2006-09-23 15:25 -------- d-------- C:\Program Files\iTunes
2006-09-23 15:25 -------- d-------- C:\Program Files\iPod
2006-09-23 15:23 -------- d-------- C:\Program Files\QuickTime
2006-09-23 15:23 -------- d-------- C:\Program Files\Apple Software Update
2006-09-23 15:21 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-23 15:07 -------- d-------- C:\Program Files\Fichiers communs\Designer
2006-09-23 15:06 -------- d-------- C:\Program Files\Microsoft Office
2006-09-23 14:25 -------- d-------- C:\Program Files\Sunbelt Software
2006-09-23 14:14 -------- d-------- C:\Program Files\MSN Messenger
2006-09-23 14:14 -------- d-------- C:\Program Files\Messenger
2006-09-23 13:48 -------- d-------- C:\Program Files\Fichiers communs\Dienste
2006-09-23 13:46 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-23 04:50 -------- d-------- C:\Documents and Settings\ooo\Application Data\Nvu
2006-09-23 03:59 -------- d-------- C:\Program Files\FileZilla
2006-09-23 03:56 -------- d-------- C:\Program Files\Nvu
2006-09-23 03:55 -------- d-------- C:\Documents and Settings\ooo\Application Data\Talkback
2006-09-23 03:54 -------- d-------- C:\Documents and Settings\ooo\Application Data\Thunderbird
2006-09-23 03:53 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-09-23 03:52 -------- d-------- C:\Documents and Settings\ooo\Application Data\Macromedia
2006-09-23 03:06 -------- d-------- C:\Program Files\Lavasoft
2006-09-23 03:06 -------- d-------- C:\Documents and Settings\ooo\Application Data\Lavasoft
2006-09-23 03:03 4992 --------- C:\WINNT\system32\drivers\avgtdi.sys
2006-09-23 03:03 4288 --------- C:\WINNT\system32\drivers\avg7rsw.sys
2006-09-23 03:03 27904 --------- C:\WINNT\system32\drivers\avg7rsxp.sys
2006-09-23 03:03 26912 --------- C:\WINNT\system32\drivers\avg7rsnt.sys
2006-09-23 03:03 23424 --------- C:\WINNT\system32\drivers\avgmfrs.sys
2006-09-23 03:03 -------- d-------- C:\Program Files\Grisoft
2006-09-23 03:03 -------- d-------- C:\Documents and Settings\ooo\Application Data\AVG7
2006-09-23 02:49 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-09-23 02:15 -------- d-------- C:\Program Files\Alwil Software
2006-09-23 02:07 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-23 01:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-23 01:58 -------- d-------- C:\Documents and Settings\ooo\Application Data\Mozilla
2006-09-23 01:55 -------- d-------- C:\Program Files\Free.fr
2006-09-23 01:50 -------- d-------- C:\Documents and Settings\ooo\Application Data\Identities
2006-09-23 01:46 0 -r-hs---- C:\MSDOS.SYS
2006-09-23 01:46 0 -r-hs---- C:\IO.SYS
2006-09-23 01:46 0 ---h----- C:\CONFIG.SYS
2006-09-23 01:46 0 ---h----- C:\AUTOEXEC.BAT
2006-09-23 01:46 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-23 01:45 271 ---h----- C:\Program Files\desktop.ini
2006-09-23 01:45 22115 ---h----- C:\Program Files\folder.htt
2006-09-23 01:45 -------- d---s---- C:\Documents and Settings\ooo\Application Data\Microsoft
2006-09-23 01:45 -------- d-------- C:\Program Files\Windows Media Player
2006-09-23 01:45 -------- d-------- C:\Program Files\Outlook Express
2006-09-23 01:45 -------- d-------- C:\Program Files\NetMeeting
2006-09-23 01:45 -------- d-------- C:\Program Files\Internet Explorer
2006-09-23 01:45 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-23 01:45 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-09-23 01:45 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-23 01:44 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-23 01:44 -------- d-------- C:\Program Files\Windows NT
2006-09-23 01:44 -------- d-------- C:\Program Files\Lecteur Windows Media
2006-09-23 01:44 -------- d-------- C:\Program Files\Accessoires
2006-09-23 01:38 -------- d-------- C:\Program Files\Fichiers communs\ODBC
2006-09-23 01:38 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-23 01:38 -------- d-------- C:\Program Files\Fichiers communs
2006-09-13 08:31 1717056 --a------ C:\WINNT\system32\NTKRNLPA.EXE
2006-09-13 08:31 1694400 --a------ C:\WINNT\system32\NTOSKRNL.EXE
2006-09-06 06:58 1110528 --a------ C:\WINNT\system32\msxml3.dll
2006-08-28 10:44 530192 --a------ C:\WINNT\system32\comctl32.dll
2006-08-11 19:35 109568 --------- C:\WINNT\system32\pxinsi64.exe
2006-08-11 19:35 108544 --------- C:\WINNT\system32\pxcpyi64.exe
2006-08-11 19:31 593920 --a------ C:\WINNT\system32\dpuGUI11.dll
2006-08-11 19:31 57344 --a------ C:\WINNT\system32\dpv11.dll
2006-08-11 19:31 53248 --a------ C:\WINNT\system32\dpuGUI10.dll
2006-08-11 19:31 344064 --a------ C:\WINNT\system32\dpus11.dll
2006-08-11 19:31 294912 --a------ C:\WINNT\system32\dpu11.dll
2006-08-11 19:31 294912 --a------ C:\WINNT\system32\dpu10.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray"
"DataLayer"="C:\\PROGRA~1\\FICHIE~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061030-121353-564
O2 - BHO: (no name) - {41E70B9E-ECD0-4D92-A974-EE89FBC67D6B} - C:\WINNT\system32\mljgd.dll (file missing)
backup-20061030-121353-481
O2 - BHO: (no name) - {641CDFCA-9F58-4776-AAAD-807E14E2C781} - C:\WINNT\system32\pmkhi.dll (file missing)

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job

Completion time: Mon 2006-10-30 20:02:48.04
C:\ComboFix.txt ... 06-10-30 20:02

Datfindbat:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT\system32

30/10/2006 20:27 505ÿ967 xycdd.ini
30/10/2006 20:21 16ÿ384 Perflib_Perfdata_b98.dat
30/10/2006 20:04 40ÿ973 iifdbyv.dll
30/10/2006 20:01 16ÿ384 Perflib_Perfdata_25c.dat
30/10/2006 20:01 48ÿ882 vsconfig.xml
30/10/2006 19:39 16ÿ384 Perflib_Perfdata_254.dat
30/10/2006 19:36 4ÿ212 zllictbl.dat
30/10/2006 18:10 110ÿ612 cgeqgvtv.exe
30/10/2006 18:10 492ÿ211 xycdd.bak1
30/10/2006 18:10 16ÿ384 Perflib_Perfdata_eec.dat
30/10/2006 18:09 16ÿ384 Perflib_Perfdata_3fc.dat
30/10/2006 18:09 688ÿ180 ddcyx.dll
30/10/2006 17:36 16ÿ384 Perflib_Perfdata_1f4.dat
30/10/2006 09:11 16ÿ384 Perflib_Perfdata_3c8.dat
29/10/2006 08:53 85ÿ520 FNTCACHE.DAT
14/10/2006 14:40 14ÿ560 spmsg.dll
14/10/2006 09:50 6ÿ230ÿ414 scr.scr
07/10/2006 17:18 16ÿ384 Perflib_Perfdata_42c.dat
04/10/2006 22:03 9ÿ639ÿ336 MRT.exe
02/10/2006 22:28 3ÿ121 config.bak
28/09/2006 16:05 2ÿ414ÿ360 d3dx9_31.dll
28/09/2006 16:03 63ÿ768 dxdllreg.exe
27/09/2006 08:55 16ÿ384 Perflib_Perfdata_1f8.dat
25/09/2006 17:45 666ÿ240 aswBoot.exe

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\DOCUME~1\ooo\LOCALS~1\Temp

30/10/2006 20:20 16ÿ384 ~DFF343.tmp
30/10/2006 20:18 16ÿ384 ~DF9A23.tmp
30/10/2006 20:14 48 WcesView.log
30/10/2006 20:12 16ÿ384 ~DF5281.tmp
30/10/2006 20:11 16ÿ384 ~DFAB5D.tmp
30/10/2006 20:11 16ÿ384 ~DF460A.tmp
30/10/2006 20:10 16ÿ384 ~DFA043.tmp
30/10/2006 20:09 16ÿ384 ~DFCED.tmp
30/10/2006 20:03 468 WCESCOMM.LOG
30/10/2006 20:03 286 WCESLog.log
10 fichier(s) 115ÿ490 octets
0 R‚p(s) 6ÿ228ÿ336ÿ640 octets libres

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT

30/10/2006 19:37 1ÿ376ÿ455 WindowsUpdate.log
30/10/2006 19:37 24ÿ348 SchedLgU.Txt
30/10/2006 19:29 465ÿ114 ShellIconCache
30/10/2006 18:18 96ÿ622 ntbtlog.txt
29/10/2006 19:03 300ÿ199 setupapi.log
29/10/2006 10:08 54ÿ156 QTFont.qfn
29/10/2006 08:59 13ÿ943 dahotfix.log
29/10/2006 08:55 168ÿ756 DirectX.log
24/10/2006 16:53 94ÿ720 winmgr.exe
21/10/2006 09:53 23ÿ157 KB924191.log
19/10/2006 07:57 0 A
15/10/2006 20:26 1ÿ409 QTFont.for
13/10/2006 19:34 13ÿ777 KB923414.log
13/10/2006 19:34 178ÿ499 comsetup.log
13/10/2006 19:34 1ÿ448 imsins.log
13/10/2006 19:34 11ÿ671 ockodak.log
13/10/2006 19:34 390ÿ924 iis5.log
13/10/2006 19:34 153ÿ140 ocgen.log
13/10/2006 19:34 1ÿ448 imsins.BAK
13/10/2006 19:34 14ÿ290 KB923191.log
13/10/2006 19:34 59ÿ167 updspapi.log
04/10/2006 07:56 989 install.log
27/09/2006 15:56 58ÿ260 KB920958.log
27/09/2006 15:39 4ÿ255 KB925486-IE6SP1-20060918.120000.log
23/09/2006 17:15 742 ODBC.INI
23/09/2006 15:35 8ÿ192 REGLOCS.OLD
23/09/2006 15:28 542 GEARInstall.log
23/09/2006 15:07 417 win.ini
23/09/2006 14:03 5ÿ832 spupdsvc.log
23/09/2006 14:01 11ÿ225 KB918899-IE6SP1-20060725.123917.log
23/09/2006 14:00 7ÿ149 KB911567-OE6SP1-20060316.165634.log
23/09/2006 14:00 4ÿ064 KB905495-IE6SP1-20050805.184113.log
23/09/2006 14:00 104ÿ141 UpdateRollupPack.log
23/09/2006 14:00 5ÿ688 updcustom.dll.log
23/09/2006 14:00 2ÿ901 KB329115.log
23/09/2006 13:53 1ÿ173 OEWABLog.txt
23/09/2006 13:50 18ÿ989 Active Setup Log.txt
23/09/2006 04:38 5ÿ408 KB922582.log
23/09/2006 03:54 5ÿ890 mozver.dat
23/09/2006 03:54 69ÿ704 KB921398.log
23/09/2006 03:53 69ÿ412 KB922616.log
23/09/2006 03:53 70ÿ196 KB917953.log
23/09/2006 03:52 69ÿ715 KB893756.log
23/09/2006 03:52 69ÿ633 KB905414.log
23/09/2006 03:52 68ÿ805 KB904706.log
23/09/2006 03:51 68ÿ476 KB905749.log
23/09/2006 03:51 68ÿ094 KB901214.log
23/09/2006 03:49 34ÿ840 KB918899-IE501SP4-20060725.072042.log
23/09/2006 03:49 40ÿ637 KB914389.log
23/09/2006 03:48 56ÿ269 MDAC25SP3-KB911562-x86-FRA.log
23/09/2006 03:48 39ÿ317 KB896358.log
23/09/2006 03:48 39ÿ438 KB896423.log
23/09/2006 03:47 37ÿ794 KB917422.log
23/09/2006 03:47 36ÿ053 KB920670.log
23/09/2006 03:47 29ÿ017 Q828026.log


Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT\Temp

30/10/2006 20:05 43 removalfile.bat
30/10/2006 20:01 256 ZLT04045.TMP
30/10/2006 20:01 256 ZLT04042.TMP
3 fichier(s) 555 octets
0 R‚p(s) 6ÿ228ÿ320ÿ256 octets libres

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT\Downloaded Program Files

23/09/2006 13:53 65 desktop.ini
08/08/2006 11:45 576 kavwebscan.inf
27/07/2006 13:52 367 LegitCheckControl.inf
22/06/2006 11:41 5ÿ032 swflash.inf
4 fichier(s) 6ÿ040 octets
0 R‚p(s) 6ÿ228ÿ303ÿ872 octets libres

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\

30/10/2006 20:32 0 sys.txt
30/10/2006 20:31 474 down.txt
30/10/2006 20:31 395 tmp.txt
30/10/2006 20:30 7ÿ370 system.txt
30/10/2006 20:30 770 systemtemp.txt
30/10/2006 20:27 89ÿ289 system32.txt
30/10/2006 20:04 175ÿ900 pro3_install.exe
30/10/2006 20:02 19ÿ438 ComboFix.txt
30/10/2006 20:00 1ÿ572ÿ864ÿ000 PAGEFILE.SYS
30/10/2006 18:52 1ÿ404 rapport.txt
30/10/2006 17:38 24ÿ576 mc44a43.exe
30/10/2006 17:37 266ÿ240 yz02.exe
30/10/2006 17:37 32ÿ768 DXC9.exe
30/10/2006 12:29 2ÿ146 VundoFix.txt
29/10/2006 20:16 4ÿ033 smitfiles.txt
27/09/2006 15:20 120 drmHeader.bin
23/09/2006 03:09 5ÿ427ÿ223 AVG7QT.DAT
23/09/2006 01:46 0 CONFIG.SYS
23/09/2006 01:46 0 AUTOEXEC.BAT
23/09/2006 01:46 0 MSDOS.SYS
23/09/2006 01:46 0 IO.SYS
23/09/2006 01:43 193 boot.ini
23/06/2003 12:00 150ÿ528 arcldr.exe
23/06/2003 12:00 4ÿ438 Bootfont.bin
23/06/2003 12:00 163ÿ840 arcsetup.exe
23/06/2003 12:00 216ÿ112 ntldr
23/06/2003 12:00 34ÿ724 NTDETECT.COM
27 fichier(s) 1ÿ579ÿ485ÿ981 octets
0 R‚p(s) 6ÿ228ÿ295ÿ680 octets libres

So, hier noch der Rest:

SmitFraudFix v2.116

Rapport fait à 20:53:32,37, lun. 30/10/2006
Executé à partir de F:\cleanmeup\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ooo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ooo\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ooo\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin





Ewide findet Adware.virtumonde (mehrmals, Quarantäne und Delete aber kommt wieder) & dreve.com.

Ich hoffe, jemand kann mit meinem etwas konfusem Post etwas anfangen, ich wäre Euch jedenfalls sehr dankbar.

Viele liebe Grüsse,

Anna_Nonyma

#2 0.
wende das an, um den Winsock zu reparieren
WinsockFix (Fuer alle Betriebssysteme)
http://www.winsockfix.nl/

1.
scanne mit vundofix
http://virus-protect.org/artikel/tools/vundofixx.html

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
reinkopieren

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx

Files to delete:
C:\WINNT\system32\xycdd.ini
C:\WINNT\system32\iifdbyv.dll
C:\WINNT\system32\cgeqgvtv.exe
C:\WINNT\system32\xycdd.bak1
C:\WINNT\system32\ddcyx.dll
C:\WINNT\system32\SC.EXE
C:\WINNT\winmgr.exe
C:\pro3_install.exe
C:\mc44a43.exe
C:\yz02.exe
C:\DXC9.exe
C:\WINNT\Temp\removalfile.bat
C:\WINNT\Temp\ZLT04045.TMP
C:\WINNT\Temp\ZLT04042.TMP

Folders to delete:
C:\Program Files\K-Lite Codec Pack
C:\Program Files\NewDotNet

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

poste das log vom avenger, was nach neustart erscheint

««
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Microsoft Windows Man Service

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hallo Sabina,
Vielen Dank für Deine nächtliche Intervention !:)

Winsock gefixt.
Vundo auch gefixt.

Hier Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hopebsyl

*******************

Script file located at: \??\C:\Documents and Settings\groakcuv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINNT\system32\xycdd.ini not found!
Deletion of file C:\WINNT\system32\xycdd.ini failed!

Could not process line:
C:\WINNT\system32\xycdd.ini
Status: 0xc0000034



File C:\WINNT\system32\iifdbyv.dll not found!
Deletion of file C:\WINNT\system32\iifdbyv.dll failed!

Could not process line:
C:\WINNT\system32\iifdbyv.dll
Status: 0xc0000034

File C:\WINNT\system32\cgeqgvtv.exe deleted successfully.


File C:\WINNT\system32\xycdd.bak1 not found!
Deletion of file C:\WINNT\system32\xycdd.bak1 failed!

Could not process line:
C:\WINNT\system32\xycdd.bak1
Status: 0xc0000034



File C:\WINNT\system32\ddcyx.dll not found!
Deletion of file C:\WINNT\system32\ddcyx.dll failed!

Could not process line:
C:\WINNT\system32\ddcyx.dll
Status: 0xc0000034

File C:\WINNT\system32\SC.EXE deleted successfully.
File C:\WINNT\winmgr.exe deleted successfully.
File C:\pro3_install.exe deleted successfully.
File C:\mc44a43.exe deleted successfully.
File C:\yz02.exe deleted successfully.
File C:\DXC9.exe deleted successfully.
File C:\WINNT\Temp\removalfile.bat deleted successfully.


File C:\WINNT\Temp\ZLT04045.TMP not found!
Deletion of file C:\WINNT\Temp\ZLT04045.TMP failed!

Could not process line:
C:\WINNT\Temp\ZLT04045.TMP
Status: 0xc0000034



File C:\WINNT\Temp\ZLT04042.TMP not found!
Deletion of file C:\WINNT\Temp\ZLT04042.TMP failed!

Could not process line:
C:\WINNT\Temp\ZLT04042.TMP
Status: 0xc0000034

Folder C:\Program Files\K-Lite Codec Pack deleted successfully.
Folder C:\Program Files\NewDotNet deleted successfully.


Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Registry Search:
REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 31/10/2006 09:09:49 for strings:
; 'microsoft windows man service
microsoft windows man service
'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

* * * * * *
und dann habe ich Counterspy laufen lassen, danach und er hat Folgendes gefunden:
DP Trojan (RAT)
Virtumonde
Cookies: Weborama, ATDMT.com, Mediaplex.com.
Gewählte Aktion: 'Remove'.

und weil ich gerade dabei war :
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Reliablestats
Path: C:\Documents and Settings\ooo\Cookies\ooo@stats1.reliablestats[1].txt
Risk: Medium

Name: Downloader.Adload.fu
Path: C:\WINNT\system32\Com\dreve.exe
Risk: High

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\ooo\Cookies\ooo@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\ooo\Cookies\ooo@weborama[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\ooo\Cookies\ooo@serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.10:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.11:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.12:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.13:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.14:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.20:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.21:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.22:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.23:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.24:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: :mozilla.25:C:\Documents and Settings\ooo\Application Data\Mozilla\Firefox\Profiles\mppha7r3.default\cookies.txt
Risk: Medium

Name: Adware.NewDotNet
Path: C:\avenger\backup.zip/avenger/yz02.exe
Risk: Medium

Name: Adware.SurfSide
Path: C:\avenger\backup.zip/avenger/DXC9.exe
Risk: Medium

Alle Removed.


Viele liebe Grüsse & Danke nochmal
Anna_Nonyma

#4 Hey Sabina,

vielen Dank.
Ich habe den gewünschten Text (hoffentlich richtig) an die Folder-Bezeichnungen meines PCs wie folgt angepasst:

cd\
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\Windows\system32\config" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Program Files\Common Files" >>files.txt
dir "C:\Documents and Settings\ooo" >>files.txt
dir "C:\Documents and Settings\ooo\Application Data" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Documents and Settings\ooo\Local Settings\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Documents and Settings\ooo\Local Settings\Application Data" >>files.txt
dir "C:\Documents and Settings\ooo\Application Data" >>files.txt
dir "C:\Documents and Settings\All Users\Application Data" >>files.txt
dir "C:\Program Files\Fichiers communs" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt

und hier das Ergebnis:


Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\Program Files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\Documents and Settings\ooo

23/09/2006 01:50 <DIR> .
23/09/2006 01:50 <DIR> ..
23/09/2006 01:38 <DIR> Menu D‚marrer
23/09/2006 01:38 <DIR> Mes documents
23/09/2006 01:38 <DIR> Favoris
23/09/2006 01:38 <DIR> Bureau
01/10/2006 21:29 <DIR> .homeplayer
08/10/2006 14:19 <DIR> Phone Browser
0 fichier(s) 0 octets
8 R‚p(s) 6ÿ195ÿ044ÿ352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\Documents and Settings\ooo\Application Data

23/09/2006 01:50 <DIR> .
23/09/2006 01:50 <DIR> ..
23/09/2006 01:50 <DIR> Identities
23/09/2006 01:58 <DIR> Mozilla
23/09/2006 03:03 <DIR> AVG7
23/09/2006 03:06 <DIR> Lavasoft
23/09/2006 03:52 <DIR> Macromedia
23/09/2006 03:54 <DIR> Thunderbird
23/09/2006 03:55 <DIR> Talkback
23/09/2006 04:50 <DIR> Nvu
23/09/2006 15:26 <DIR> Apple Computer
23/09/2006 17:11 2ÿ508 $_hpcst$.hpc
23/09/2006 16:11 <DIR> DeepBurner
23/09/2006 17:30 0 dm.ini
23/09/2006 17:27 <DIR> Adobe
23/09/2006 17:30 869 AdobeDLM.log
23/09/2006 18:25 <DIR> Help
24/09/2006 22:37 <DIR> AdobeUM
28/09/2006 15:18 <DIR> vlc
08/10/2006 15:43 <DIR> PC Suite
29/10/2006 08:57 <DIR> Media Player Classic
3 fichier(s) 3ÿ377 octets
18 R‚p(s) 6ÿ195ÿ044ÿ352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\Program Files

23/09/2006 01:38 <DIR> .
23/09/2006 01:38 <DIR> ..
23/09/2006 01:38 <DIR> Fichiers communs
23/09/2006 01:44 <DIR> Windows NT
23/09/2006 01:44 <DIR> Accessoires
23/09/2006 01:44 <DIR> Lecteur Windows Media
23/09/2006 01:45 <DIR> Internet Explorer
23/09/2006 01:45 <DIR> Outlook Express
23/09/2006 01:45 <DIR> NetMeeting
23/09/2006 01:45 <DIR> Windows Media Player
23/09/2006 01:46 <DIR> microsoft frontpage
23/09/2006 01:55 <DIR> Free.fr
23/09/2006 01:58 <DIR> Mozilla Firefox
23/09/2006 15:23 <DIR> QuickTime
23/09/2006 02:07 <DIR> ewido anti-spyware 4.0
23/09/2006 02:15 <DIR> Alwil Software
23/09/2006 03:03 <DIR> Grisoft
23/09/2006 03:06 <DIR> Lavasoft
23/09/2006 03:53 <DIR> Mozilla Thunderbird
23/09/2006 03:56 <DIR> Nvu
23/09/2006 03:59 <DIR> FileZilla
23/09/2006 14:14 <DIR> Messenger
23/09/2006 14:14 <DIR> MSN Messenger
23/09/2006 14:25 <DIR> Sunbelt Software
23/09/2006 15:06 <DIR> Microsoft Office
23/09/2006 15:21 <DIR> Microsoft ActiveSync
23/09/2006 15:23 <DIR> Apple Software Update
23/09/2006 15:25 <DIR> iTunes
23/09/2006 15:25 <DIR> iPod
23/09/2006 16:10 <DIR> Astonsoft
23/09/2006 17:20 <DIR> Freeplayer
23/09/2006 17:30 <DIR> Adobe
23/09/2006 18:25 <DIR> IrfanView
27/09/2006 13:58 <DIR> TUGZip
27/09/2006 14:00 <DIR> news
27/09/2006 15:13 <DIR> DivX
27/09/2006 21:32 <DIR> amphetadesk-win-v0.93.1
01/10/2006 21:25 <DIR> HomePlayer1.3
07/10/2006 22:56 <DIR> AC3Filter
08/10/2006 14:13 <DIR> Nokia
30/10/2006 19:34 <DIR> Zone Labs
22/10/2006 18:11 <DIR> Executive Software
30/10/2006 19:49 <DIR> CleanUp!
29/10/2006 18:53 88ÿ576 VundoFix.exe
28/10/2006 12:57 <DIR> WinDirStat
1 fichier(s) 88ÿ576 octets
45 R‚p(s) 6ÿ195ÿ044ÿ352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\Documents and Settings\ooo\Local Settings\Temp

23/09/2006 01:50 <DIR> .
23/09/2006 01:50 <DIR> ..
31/10/2006 11:04 48 WcesView.log
31/10/2006 09:00 1ÿ700 WCESLog.log
31/10/2006 09:45 16ÿ384 ~DFA8D8.tmp
31/10/2006 09:45 32ÿ768 ~DFC46F.tmp
31/10/2006 09:45 49ÿ152 ~DFCC75.tmp
5 fichier(s) 100ÿ052 octets
2 R‚p(s) 6ÿ195ÿ044ÿ352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\Program Files

23/09/2006 01:38 <DIR> .
23/09/2006 01:38 <DIR> ..
23/09/2006 01:38 <DIR> Fichiers communs
23/09/2006 01:44 <DIR> Windows NT
23/09/2006 01:44 <DIR> Accessoires
23/09/2006 01:44 <DIR> Lecteur Windows Media
23/09/2006 01:45 <DIR> Internet Explorer
23/09/2006 01:45 <DIR> Outlook Express
23/09/2006 01:45 <DIR> NetMeeting
23/09/2006 01:45 <DIR> Windows Media Player
23/09/2006 01:46 <DIR> microsoft frontpage
23/09/2006 01:55 <DIR> Free.fr
23/09/2006 01:58 <DIR> Mozilla Firefox
23/09/2006 15:23 <DIR> QuickTime
23/09/2006 02:07 <DIR> ewido anti-spyware 4.0
23/09/2006 02:15 <DIR> Alwil Software
23/09/2006 03:03 <DIR> Grisoft
23/09/2006 03:06 <DIR> Lavasoft
23/09/2006 03:53 <DIR> Mozilla Thunderbird
23/09/2006 03:56 <DIR> Nvu
23/09/2006 03:59 <DIR> FileZilla
23/09/2006 14:14 <DIR> Messenger
23/09/2006 14:14 <DIR> MSN Messenger
23/09/2006 14:25 <DIR> Sunbelt Software
23/09/2006 15:06 <DIR> Microsoft Office
23/09/2006 15:21 <DIR> Microsoft ActiveSync
23/09/2006 15:23 <DIR> Apple Software Update
23/09/2006 15:25 <DIR> iTunes
23/09/2006 15:25 <DIR> iPod
23/09/2006 16:10 <DIR> Astonsoft
23/09/2006 17:20 <DIR> Freeplayer
23/09/2006 17:30 <DIR> Adobe
23/09/2006 18:25 <DIR> IrfanView
27/09/2006 13:58 <DIR> TUGZip
27/09/2006 14:00 <DIR> news
27/09/2006 15:13 <DIR> DivX
27/09/2006 21:32 <DIR> amphetadesk-win-v0.93.1
01/10/2006 21:25 <DIR> HomePlayer1.3
07/10/2006 22:56 <DIR> AC3Filter
08/10/2006 14:13 <DIR> Nokia
30/10/2006 19:34 <DIR> Zone Labs
22/10/2006 18:11 <DIR> Executive Software
30/10/2006 19:49 <DIR> CleanUp!
29/10/2006 18:53 88ÿ576 VundoFix.exe
28/10/2006 12:57 <DIR> WinDirStat
1 fichier(s) 88ÿ576 octets
45 R‚p(s) 6ÿ195ÿ044ÿ352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

edit (Sabina)


Habe ich was Schlimmes, Frau Doktor?
Wer seid Ihr eigentlich von Protecus? Ist das hier Euer Job?
Liebe Grüsse
Anna_Nonyma

#5 erstelle eine neu.bat und poste nur diesen teil (denn es wird alles andere wieder erscheinen)

Zitat

cd\
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\Windows\system32\config" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#6 Sabina:

R‚pertoire de C:\WINNT\System32\Com

23/09/2006 01:44 <DIR> .
23/09/2006 01:44 <DIR> ..
23/06/2003 14:00 61ÿ440 comempty.dat
23/06/2003 14:00 29ÿ184 comexp.msc
23/06/2003 14:00 10ÿ512 comrepl.exe
23/06/2003 14:00 5ÿ392 comrereg.exe
23/06/2003 14:00 19ÿ968 mtsadmin.tlb
05/09/2005 10:19 197ÿ904 comadmin.dll
12/07/2006 23:59 94 install.bat
7 fichier(s) 324ÿ494 octets
2 R‚p(s) 6ÿ194ÿ962ÿ432 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81

R‚pertoire de C:\WINNT\system32\config

23/09/2006 01:35 <DIR> .
23/09/2006 01:35 <DIR> ..
23/09/2006 01:37 143ÿ360 userdiff
23/09/2006 01:37 368ÿ640 system.sav
23/09/2006 01:37 544ÿ768 software.sav
23/09/2006 01:37 81ÿ920 default.sav
31/10/2006 09:04 24ÿ576 SECURITY
31/10/2006 10:50 2ÿ744ÿ320 SYSTEM.ALT
31/10/2006 09:03 24ÿ576 SAM
31/10/2006 10:50 2ÿ744ÿ320 SYSTEM
31/10/2006 11:26 13ÿ733ÿ888 SOFTWARE
31/10/2006 09:06 151ÿ552 DEFAULT
31/10/2006 09:01 327ÿ680 AppEvent.Evt
23/09/2006 01:54 65ÿ536 SecEvent.Evt
31/10/2006 09:01 393ÿ216 SysEvent.Evt
23/09/2006 02:34 65ÿ536 Antiviru.evt
30/10/2006 21:15 65ÿ536 Antivirus.Evt
15 fichier(s) 21ÿ479ÿ424 octets
2 R‚p(s) 6ÿ194ÿ962ÿ432 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6488-7B81


lg
AN

#7 ««
C:\WINNT\System32\Com\install.bat - loeschen

««
scanne mit smitfraudfix
http://virus-protect.org/artikel/tools/smitfrautfix.html

»»
loesche das backup vom Avenger unter c:\Avenger\backup.zip + leere den Papierkorb
__________
MfG Sabina

rund um die PC-Sicherheit

#8 Sabina,

vielen Dank und
liebe Grüsse

Anna_Nonyma

#9 ups...den Backdoor vergessen

Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Microsoft Windows Man Service

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit

#10 Sabina,
hier bitte.
Und liebe Grüsse aus Fronkraïsch
Anna_Nonyma


REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 01/11/2006 10:43:00 for strings:
; 'microsoft windows man service'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000]
"DeviceDesc"="Microsoft Windows Man Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Man Service]
"DisplayName"="Microsoft Windows Man Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000]
"DeviceDesc"="Microsoft Windows Man Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Man Service]
"DisplayName"="Microsoft Windows Man Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000]
"DeviceDesc"="Microsoft Windows Man Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Man Service]
"DisplayName"="Microsoft Windows Man Service"

; End Of The Log...

#11 ««
ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren

««
Avenger

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Man Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Man Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Man Service

poste das log vom avenger,
__________
MfG Sabina

rund um die PC-Sicherheit

#12 (moment hab zu schnell gelesen)

#13 ja, ich habe editiert
__________
MfG Sabina

rund um die PC-Sicherheit

#14 war mir doch so...

hier Servicefilter:

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows 2000 Professionnel
Version: 5.0.2195 Service Pack 4
nov. 1, 2006 12:54:54


---> Begin Service Listing <---

Unknown Service # 1
Service Name: aswUpdSv
Display Name: avast! iAVS4 Control Service
Start Mode: Auto
Start Name: LocalSystem
Description: avast! iAVS4 Control ...
Service Type: Own Process
Path: "c:\program files\alwil software\avast4\aswupdsv.exe"
State: Running
Process ID: 588
Started: Vrai
Exit Code: 0
Accept Pause: Faux
Accept Stop: Vrai

Unknown Service # 2
Service Name: avast! Antivirus
Display Name: avast! Antivirus
Start Mode: Auto
Start Name: LocalSystem
Description: avast! ...
Service Type: Own Process
Path: "c:\program files\alwil software\avast4\ashserv.exe"
State: Running
Process ID: 604
Started: Vrai
Exit Code: 0
Accept Pause: Faux
Accept Stop: Vrai

Unknown Service # 3
Service Name: avast! Mail Scanner
Display Name: avast! Mail Scanner
Start Mode: Manual
Start Name: LocalSystem
Description: avast! Mail ...
Service Type: Own Process
Path: "c:\program files\alwil software\avast4\ashmaisv.exe" /service
State: Running
Process ID: 1208
Started: Vrai
Exit Code: 0
Accept Pause: Faux
Accept Stop: Vrai

Unknown Service # 4
Service Name: avast! Web Scanner
Display Name: avast! Web Scanner
Start Mode: Manual
Start Name: LocalSystem
Description: avast! Web ...
Service Type: Own Process
Path: "c:\program files\alwil software\avast4\ashwebsv.exe" /service
State: Running
Process ID: 1252
Started: Vrai
Exit Code: 0
Accept Pause: Faux
Accept Stop: Vrai

Unknown Service #5
Service Name: Avg7Alrt
Display Name: AVG7 Alert Manager Server
Start Mode: Auto
Start Name: LocalSystem
Description: AVG7 Alert Manager ...
Service Type: Own Process
Path: c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
State: Running
Process ID: 628
Started: Vrai
Exit Code: 0
Accept Pause: Faux
Accept Stop: Vrai

Unknown Service #6
Service Name: Avg7UpdSvc
Display Name: AVG7 Update Service
Start Mode: Auto
Start Name: LocalSystem
Description: AVG7 Update ...
Service Type: Own Process
Path: c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
State: Running
Process ID: 652
Started: Vrai
Exit Code: 0
Accept Pause: Faux
Accept Stop: Vrai

Unknown Service # 7
Service Name: AVGEMS
Display Name: AVG E-mail Scanner
Start Mode: Auto
Start Name: LocalSystem
Description: AVG E-mail ...
Service Type: Own Process
Path: c:\progra~1\grisoft\avgfre~1\avgemc.exe
State: Running
Process ID: 676
Started: Vrai
Exit Code: 0
Accept Pause: Faux
Accept Stop: Vrai

Unknown Service # 8
Service Name: ewido anti-spyware 4.0 guard
Display Name: ewido anti-spyware 4.0 guard
Start Mode: Manual
Start Name: LocalSystem
Description: ewido anti-spyware 4.0 ...
Service Type: Own Process
Path: c:\program files\ewido anti-spyware 4.0\guard.exe
State: Stopped
Process ID: 0
Started: Faux
Exit Code: 1077
Accept Pause: Faux
Accept Stop: Faux

Unknown Service # 9
Service Name: iPod Service
Display Name: iPod Service
Start Mode: Manual
Start Name: LocalSystem
Description: iPod ...
Service Type: Own Process
Path: "c:\program files\ipod\bin\ipodservice.exe"
State: Running
Process ID: 1700
Started: Vrai
Exit Code: 0
Accept Pause: Faux
Accept Stop: Vrai

Unknown Service # 10
Service Name: ose
Display Name: Office Source Engine
Start Mode: Manual
Start Name: LocalSystem
Description: Office Source ...
Service Type: Own Process
Path: "c:\program files\fichiers communs\microsoft shared\source engine\ose.exe"
State: Stopped
Process ID: 0
Started: Faux
Exit Code: 1077
Accept Pause: Faux
Accept Stop: Faux

Unknown Service # 11
Service Name: Windows Man Service
Display Name: Microsoft Windows Man Service
Start Mode: Auto
Start Name: LocalSystem
Description: Microsoft Windows Man ...
Service Type: Own Process
Path: "c:\winnt\winmgr.exe"
State: Stopped
Process ID: 0
Started: Faux
Exit Code: 0
Accept Pause: Faux
Accept Stop: Faux

---> End Service Listing <---

There are 68 Win32 services on this machine.
11 were unrecognized.

Script Execution Time: 3,4375 seconds.
**************************************************
habe avenger 2 mal gemacht wg error :


/////////////////////////////////////////

/
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ahikechj

*******************

Script file located at: \??\C:\Documents and Settings\grlyljom.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Man Service deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Man Service deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_MAN_SERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Man Service not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Man Service failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Man Service
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
***************************************************

lg
AN

PS
und guten Appetit, mach's nicht wie ich, meine Nudeln waren alles andere als 'al dente'

#15 hier in Portugal isst man nicht viel Nudeln

scanne mit Kaspersky (online) und poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit