Home » Viren, Trojaner & Malware Forum » Virus Bursters , die zweit(ausendeste:(e » Themenansicht

Virus Bursters , die zweit(ausendeste:(e

Thema ist geschlossen!
Thema ist geschlossen!
#0
10.11.2006, 17:10
Crossfire
...neu hier

Beiträge: 3
#1 Habe Virus Burster schon mit den Beschreibungen aus den anderen Beiträgen wegbekommen. Dann funktionierte mein Netwerk und etwaige Windowsprogramme nicht mehr. Habe also den letzten Wiederherstellungspunkt aktiviert und nun Virus Bursters wieder drauf.
Nun bekomme ich ihn allerdings nicht mehr weg. Ordner sowie Einträge unter Software sind nicht mehr vorhanden.

Logfiles habe ich angehängt.


PS: Sabina du einfach super!

Anhang: Logfiles.doc
Seitenanfang Seitenende
10.11.2006, 18:23
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 ich kann die doc nicht lesen ;)
bitte poste eine txt-datei
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.11.2006, 18:51
Crossfire
...neu hier

Themenstarter

Beiträge: 3
#3 Logfile of HijackThis v1.99.1
Scan saved at 16:57:41, on 10.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Kasperky\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
D:\Kasperky\avp.exe
D:\UniUploader\UniUploader.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
E:\Antiviren\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chello.at/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [kav] "D:\Kasperky\avp.exe"
O4 - HKLM\..\Run: [UniUploader] D:\UniUploader\UniUploader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kasperky\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C23D5D2-FAD5-41AF-A1B7-72B580FD839F}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C23D5D2-FAD5-41AF-A1B7-72B580FD839F}: NameServer = 192.168.178.1
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Kasperky\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe








Kevin - 06-11-10 17:00:31,70 Service Pack 2
ComboFix 06.11.9 - Running from: "E:\Antiviren"

((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


2006-11-10 13:33 106,496 --a------ C:\WINDOWS\system32\okkmtv.dll
2006-10-22 09:13 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-10-21 12:43 389,228 C:\WINDOWSFight Club.exe
2006-10-21 12:43 321,032 C:\WINDOWSFight Club.scr
2006-10-21 12:43 29,696 --a------ C:\WINDOWS\mickey32.dll
2006-10-13 12:40 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-10-13 12:40 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-10-13 12:37 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-10-13 12:37 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-10-11 17:03 98,304 -ra------ C:\WINDOWS\system32\cmudau.dll
2006-10-11 17:03 712,704 -ra------ C:\WINDOWS\system32\a3dpropu.dll
2006-10-11 17:03 16,384 -ra------ C:\WINDOWS\system32\cmpropu.dll
2006-10-11 17:03 1,383,104 -ra------ C:\WINDOWS\system32\drivers\cmudau.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-10 16:59 90907 --a------ C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\CleanUp!.log
2006-11-10 16:39 -------- d-------- C:\Programme\CleanUp!
2006-11-10 16:18 -------- d-------- C:\Programme\Random Joe
2006-11-10 16:18 -------- d-------- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\InstallShield
2006-11-10 16:18 -------- d-------- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\Help
2006-11-10 14:01 -------- d-------- C:\Programme\Zango
2006-11-05 23:53 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-11-04 23:00 -------- d-------- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\U3
2006-10-26 19:46 -------- d-------- C:\Programme\BearShare
2006-10-26 19:46 -------- d-------- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\BearShare
2006-10-23 16:54 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-23 16:54 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-21 12:43 389228 --a------ C:\WINDOWS\Fight Club.exe
2006-10-21 12:43 321032 --a------ C:\WINDOWS\Fight Club.scr
2006-10-16 20:48 -------- d-------- C:\Programme\WC3Banlist
2006-10-14 00:51 -------- d-------- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2006-10-14 00:51 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-13 12:41 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-10-13 12:40 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-10-12 16:20 -------- d-------- C:\Programme\Microsoft.NET
2006-10-12 16:20 -------- d-------- C:\Programme\Microsoft Office
2006-10-11 17:02 -------- d-------- C:\Programme\SPEED-LINK Medusa 5.1 USB
2006-10-09 16:10 -------- d-------- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\teamspeak2
2006-10-08 11:57 -------- d-------- C:\Programme\ICQLite
2006-09-26 20:08 -------- d-------- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\ICQLite
2006-09-23 20:29 -------- d-------- C:\Programme\WinPcap
2006-09-21 17:56 -------- d-------- C:\Programme\Lexmark_HostCD
2006-09-21 17:56 -------- d-------- C:\Programme\Lexmark
2006-09-15 17:52 -------- d-------- C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\Adobe
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 16:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 17:55 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-08-23 17:55 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"kav"="\"D:\\Kasperky\\avp.exe\""
"UniUploader"="D:\\UniUploader\\UniUploader.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\QualityCodec\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"bonspells"="{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VIA RAID TOOL.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\VIA RAID TOOL.lnk"
"backup"="C:\\WINDOWS\\pss\\VIA RAID TOOL.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VIA\\RAID\\RAID_T~1.EXE "
"item"="VIA RAID TOOL"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbSound]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmcnfgu"
"hkey"="HKLM"
"command"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EM_EXEC"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FRAPS"
"hkey"="HKCU"
"command"="C:\\FRAPS\\FRAPS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"command"="\"D:\\Kasperky\\avp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniUploader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UniUploader"
"hkey"="HKLM"
"command"="C:\\Programme\\UUploader\\UniUploader.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zango"
"hkey"="HKLM"
"command"="\"c:\\programme\\zango\\zango.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-10 17:01:14.90
C:\ComboFix.txt ... 06-11-10 17:01
C:\ComboFix2.txt ... 06-11-10 16:38
C:\ComboFix3.txt ... 06-11-10 15:23
Seitenanfang Seitenende
11.11.2006, 00:11
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|bonspells
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec

Files to delete:
C:\WINDOWS\system32\okkmtv.dll

Folders to delete:
C:\Programme\QualityCodec
C:\Programme\VirusBursters
C:\Programme\Zango
C:\Programme\BearShare
C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\BearShare


Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.11.2006, 13:22
Crossfire
...neu hier

Themenstarter

Beiträge: 3
#5 Jo vielen dank

Sabina du bist einfach genial!

Nun Funktioniert wieder alles.
hier noch die rapport vom avenger und vom smitfraudfix
Jetzt sollte mein PC doch eigentlich wieder komplett sauber sein oder?

SmitFraudFix v2.120

Scan done at 13:10:23,53, 11.11.2006
Run from E:\Antiviren\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\keyboard1.dat Deleted
C:\WINDOWS\newname.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ifwyyrhn

*******************

Script file located at: \??\C:\WINDOWS\uuubdben.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\okkmtv.dll deleted successfully.


Folder C:\Programme\QualityCodec not found!
Deletion of folder C:\Programme\QualityCodec failed!

Could not process line:
C:\Programme\QualityCodec
Status: 0xc0000034



Folder C:\Programme\VirusBursters not found!
Deletion of folder C:\Programme\VirusBursters failed!

Could not process line:
C:\Programme\VirusBursters
Status: 0xc0000034

Folder C:\Programme\Zango deleted successfully.
Folder C:\Programme\BearShare deleted successfully.
Folder C:\Dokumente und Einstellungen\Kevin\Anwendungsdaten\BearShare deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|bonspells deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1