Virusbusters -was mit dem Logfile des HijackThis anzufangen?

#0
05.11.2006, 22:21
...neu hier

Beiträge: 6
#1 Es tut mir leid, dass ich damit störe, aber ich weiß einfach nicht wie ich dem logfile des hijackthis entnehmen soll, was ich beim avenger einzugenen habe?!
kann mir da jemand helfen?
hier ist mein logfile:
Logfile of HijackThis v1.99.1
Scan saved at 22:11:49, on 05.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programme\NetLimiter 2 Pro\nlsvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Dell\Media Experience\DMXLauncher.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Dell\QuickSet\quickset.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Opera\Opera.exe
C:\Temp\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de/hws/sb/dell-row/de/side.html?channel=de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.web.de/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.de/hws/sb/dell-row/de/side.html?channel=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Programme\iVideoCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8A4375DC-9EB6-068E-24F1-A3F5CB3A1BF9} - C:\DOKUME~1\Eugen\ANWEND~1\EACHHE~1\lies copy.exe (file missing)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT7\PRMTIE\prmtie.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Programme\iVideoCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT7\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT7\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT7\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT7\PRMTIE\options.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll
O23 - Service: Web.de Browser Update (AdminSVC) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\adminsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programme\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
Seitenanfang Seitenende
05.11.2006, 22:48
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Neuvis

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|bonspells
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusBursters

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4375DC-9EB6-068E-24F1-A3F5CB3A1BF9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters

Files to delete:
C:\WINDOWS\system32\okkmtv.dll

Folders to delete:
C:\Programme\VirusBursters
C:\Programme\iVideoCodec
C:\Programme\NetPumper
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

**
scanne mit Nolop
http://virus-protect.org/artikel/tools/nolop.html

___________________________________________________________

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Programme\iVideoCodec\isaddon.dll (file missing)

O2 - BHO: (no name) - {8A4375DC-9EB6-068E-24F1-A3F5CB3A1BF9} - C:\DOKUME~1\Eugen\ANWEND~1\EACHHE~1\lies copy.exe (file missing)

O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)

O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm

__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 05.11.2006 um 22:56 Uhr von Sabina editiert.
Seitenanfang Seitenende
06.11.2006, 09:02
...neu hier

Themenstarter

Beiträge: 6
#3 danke,danke und nochmals danke...hab gestern 4 stunden lang mit einem guten kumpel von mir am pc rumexperementiert und konnte nichts fixen und du schaffst es in Bruchteil einer sekunde...
hier noch die logs:
avenger.txt:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ppdjlukh

*******************

Script file located at: \??\C:\Program Files\jsbmnoeh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\okkmtv.dll deleted successfully.


Folder C:\Programme\VirusBursters not found!
Deletion of folder C:\Programme\VirusBursters failed!

Could not process line:
C:\Programme\VirusBursters
Status: 0xc0000034



Folder C:\Programme\iVideoCodec not found!
Deletion of folder C:\Programme\iVideoCodec failed!

Could not process line:
C:\Programme\iVideoCodec
Status: 0xc0000034

Folder C:\Programme\NetPumper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|bonspells deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe failed!
Status: 0xc0000034



Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed!
Status: 0xc0000034



Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll failed!
Status: 0xc0000034



Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusBursters
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusBursters failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4375DC-9EB6-068E-24F1-A3F5CB3A1BF9} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4375DC-9EB6-068E-24F1-A3F5CB3A1BF9} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Rapport.txt:
SmitFraudFix v2.119

Scan done at 8:41:46,85, 06.11.2006
Run from C:\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Notlop.log:
NoLop! Log by Skate_Punk_21

Fix running from: C:\Temp
[06.11.2006]
[08:45:54]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Dokumente und Einstellungen\Eugen\Application Data\Microsoft



wenn da noch was schlimmes rumschwirrt, dann wäre ich dnkbar, darüber bescheid zu wissen...
nochmals tausenddank!;)
Seitenanfang Seitenende
06.11.2006, 10:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 ;)

ich wuerde gern noch nach dem Swizzor-Trojaner graben, den du zusammen mit dem netpumper geladen hast

look.zip laden - entpacken - look.bat - doppeltklicken - kopiere den Text ab, der erscheint
http://virus-protect.org/zip/look.zip
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.11.2006, 20:13
...neu hier

Themenstarter

Beiträge: 6
#5 hier ist es...
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8C4A-3DD9

Verzeichnis von C:\Dokumente und Einstellungen\Eugen\Anwendungsdaten

24.07.2006 16:06 <DIR> Adobe
16.09.2006 16:11 <DIR> Ahead
07.10.2006 11:00 <DIR> Ashampoo
12.09.2006 18:04 <DIR> Babylon
03.10.2006 20:40 <DIR> CONVER~1 ConvertTemp
24.07.2006 23:50 <DIR> CORELP~1 Corel Photo Album
11.08.2006 10:53 <DIR> CYBERL~1 CyberLink
03.10.2006 02:34 <DIR> EACHHE~1 EachHeckBin
03.11.2006 08:52 37.992 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
23.08.2006 16:17 <DIR> Help
07.08.2006 16:58 <DIR> ICQLite
18.08.2004 13:23 <DIR> IDENTI~1 Identities
18.07.2006 23:17 <DIR> Intel
24.07.2006 15:56 <DIR> LEADER~1 Leadertech
29.10.2006 17:05 <DIR> Locktime
07.08.2006 14:43 <DIR> MACROM~1 Macromedia
21.10.2006 23:11 <DIR> MAHJON~1 MahJong Suite
24.07.2006 23:09 <DIR> MCAFEE~1.COM McAfee.com Personal Firewall
24.07.2006 23:44 <DIR> MEDIAP~1 Media Player Classic
31.10.2006 17:44 <DIR> Mozilla
22.09.2006 15:27 <DIR> MYGAME~1 My Games
01.09.2006 02:00 <DIR> NETPUM~1 NetPumper
30.10.2006 10:59 <DIR> OPENOF~1.ORG OpenOffice.org2
07.08.2006 15:17 <DIR> Opera
03.10.2006 02:34 <DIR> PLUSCH~1 PlusChicWipe
03.10.2006 20:40 <DIR> Samsung
02.10.2006 21:48 <DIR> SolSuite
24.07.2006 23:51 <DIR> Sonic
18.07.2006 23:12 <DIR> Sun
24.07.2006 23:12 <DIR> Template
03.10.2006 20:40 <DIR> TEMPOR~1 Temporary
03.10.2006 20:40 <DIR> TRANSR~1 TransRender
05.11.2006 22:30 <DIR> uTorrent
1 Datei(en) 37.992 Bytes
32 Verzeichnis(se), 19.742.728.192 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8C4A-3DD9

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

07.08.2006 14:16 <DIR> ADISOF~1 adisoft AG
18.07.2006 23:21 <DIR> Adobe
07.10.2006 11:00 <DIR> ashampoo
11.08.2006 10:51 <DIR> CYBERL~1 CyberLink
18.07.2006 23:22 <DIR> INSTAL~1 InstallShield
18.07.2006 23:16 <DIR> Intel
03.10.2006 20:38 0 LAUNCH~1.DT LauncherAccess.dt
29.10.2006 17:00 <DIR> Locktime
18.07.2006 23:28 <DIR> McAfee
12.10.2006 05:48 <DIR> PROJEC~1 PROject MT
18.08.2004 13:27 <DIR> SBSI
18.07.2006 23:17 <DIR> Sonic
07.08.2006 16:16 <DIR> SPYBOT~1 Spybot - Search & Destroy
13.08.2006 18:07 <DIR> Trymedia
25.10.2006 13:13 <DIR> Web.de
25.10.2006 12:47 <DIR> WINDOW~1 Windows Genuine Advantage
1 Datei(en) 0 Bytes
15 Verzeichnis(se), 19.742.728.192 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8C4A-3DD9

Verzeichnis von C:\WINDOWS\tasks

04.08.2004 14:00 65 desktop.ini
06.11.2006 18:49 6 SA.DAT
2 Datei(en) 71 Bytes
0 Verzeichnis(se), 19.742.728.192 Bytes frei

und,ist was???(hab jetzt schon wieder angst;) )
Seitenanfang Seitenende
06.11.2006, 23:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 ist der Swizzor-Trojaner, zusammen mit Netpumper geladen..............

Avenger

Zitat

Folders to delete:
C:\Dokumente und Einstellungen\Eugen\Anwendungsdaten\EachHeckBin
C:\Dokumente und Einstellungen\Eugen\Anwendungsdaten\NetPumper
C:\Dokumente und Einstellungen\Eugen\Anwendungsdaten\PlusChicWipe
C:\Programme\NetPumper
C:\Programme\PlusChicWipe
C:\Programme\EachHeckBin
**
scanne, stelle nach dem scan alles auf "remove" und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: