Home » Viren, Trojaner & Malware Forum » Virusbursters (heimlich installiert und ich bekomme Critical Window Errors!) » Themenansicht
Virusbursters (heimlich installiert und ich bekomme Critical Window Errors!)Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
12.11.2006, 23:59
Member
Beiträge: 17 |
||
 
|
|
|
|
13.11.2006, 11:06
Ehrenmitglied
 Beiträge: 29434 |
#2
said504
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html _______________ öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =PC neustarten C:\Dokumente und Einstellungen\iT.aB1s\Lokale Einstellungen\Temp\bt3642.bat - loeschen C:\Dokumente und Einstellungen\ITBDCE~1.AB1\Lokale Einstellungen\Temp\bt3642.bat - loeschen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
13.11.2006, 16:57
Member
Themenstarter Beiträge: 17 |
#3
Ok, nochmals RIESEN DANK an dich!!!
Ich poste zur Sicherheit nochmal die Logs von Avenger, HijackThis und smitfraudfix: smitfraudfix: SmitFraudFix v2.110 Scan done at 16:44:18.65, 06-11-13 Run from C:\Dokumente und Einstellungen\iT.aB1s\Desktop\Neuer Ordner\Trojaner Progs\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kllpifsf ******************* Script file located at: \??\C:\utoepjvm.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\jbtazy.dll deleted successfully. Folder C:\Programme\VirusBursters not found! Deletion of folder C:\Programme\VirusBursters failed! Could not process line: C:\Programme\VirusBursters Status: 0xc0000034 Folder C:\Programme\QualityCodec not found! Deletion of folder C:\Programme\QualityCodec failed! Could not process line: C:\Programme\QualityCodec Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed! Status: 0xc0000034 Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{ab340860-fd81-4a65-b345-82eb77a66b5e} deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|featherweed deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 16:52, on 06-11-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\Symantec AntiVirus\DefWatch.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programme\Extensis\Suitcase 9.2\Suitcase.exe C:\Programme\Mozilla Firefox\firefox.exe C:\DOKUME~1\ITBDCE~1.AB1\LOKALE~1\Temp\Rar$EX00.750\HijackThis.exe O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Suitcase Startup.lnk = ? O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe Ich hoffe das alles gesäubert ist...bekomme mal keine Critical Errors Message mehr im Systemtray und es öffnen sich auch keine Internetfenster mehr. Kannst mir ja nochmal ein kurzes Feedback geben ob der PC nochmal sauber ist. Danke! |
|
|
|
|
|
|
13.11.2006, 18:03
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
13.11.2006, 20:31
Member
Themenstarter Beiträge: 17 |
#5
Nochmals vielen Dank Sabina!
|
|
|
|
|
|
-----------Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Bitte um Hilfe!!!
Hier ein Screenshot von dem Tray Icon (Wenn ich es anklicken würde, würde es mich zu der Homepage von Virusburster linken):
Combofix.log
iT.aB1s - 06-11-13 0:00:02.64 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Dokumente und Einstellungen\iT.aB1s\Desktop\Neuer Ordner\Trojaner Progs"
((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))
2006-11-12 23:47 77,824 --a------ C:\WINDOWS\system32\jbtazy.dll
2006-11-03 09:08 56,832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
2006-11-03 09:08 227,840 --------- C:\WINDOWS\system32\vx1000s.dll
2006-11-01 16:37 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-29 23:56 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-10-29 23:56 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-29 23:56 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-10-29 23:36 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-10-29 23:22 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9213.sys
2006-10-29 23:22 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-17 15:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-17 15:29 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-17 15:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-17 15:29 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-16 06:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-16 02:09 90,112 --a------ C:\WINDOWS\unvise32.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-12 23:52 -------- d-------- C:\Programme\Mozilla Firefox
2006-11-12 23:50 -------- d-------- C:\Programme\VirusBursters
2006-11-12 23:47 -------- d-------- C:\Programme\QualityCodec
2006-11-12 21:44 -------- d-------- C:\Programme\Trillian
2006-11-12 18:33 -------- d-------- C:\Programme\Symantec AntiVirus
2006-11-12 18:33 -------- d-------- C:\Programme\mIRC
2006-11-12 17:27 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-11-12 15:15 -------- d-------- C:\Programme\HLSW
2006-11-11 12:28 -------- d-------- C:\Programme\pk3s2pk3
2006-11-10 19:00 -------- d-------- C:\Programme\Yahoo!
2006-11-01 20:28 -------- d-------- C:\Programme\Lx_cats
2006-10-18 18:01 -------- d-------- C:\Programme\Gemeinsame Dateien\stardock
2006-10-17 16:22 -------- d-------- C:\Programme\SUPERAntiSpyware
2006-10-17 16:22 -------- d-------- C:\Dokumente und Einstellungen\iT.aB1s\Anwendungsdaten\SUPERAntiSpyware.com
2006-10-17 16:21 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-10-17 16:21 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-16 22:48 -------- d-------- C:\Dokumente und Einstellungen\iT.aB1s\Anwendungsdaten\Adobe
2006-10-16 22:39 -------- d-------- C:\Dokumente und Einstellungen\iT.aB1s\Anwendungsdaten\Publish Providers
2006-10-16 22:39 -------- d-------- C:\Dokumente und Einstellungen\iT.aB1s\Anwendungsdaten\NetMedia Providers
2006-10-16 20:41 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-10-16 16:17 -------- d-------- C:\Programme\CleanUp!
2006-10-16 06:48 -------- d-------- C:\Programme\Grisoft
2006-10-16 01:12 -------- d-------- C:\Programme\Adobe
2006-10-15 23:39 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-10-13 15:59 -------- d-------- C:\Programme\MSN Messenger
2006-10-08 20:22 10856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-03 19:15 -------- d-------- C:\Dokumente und Einstellungen\iT.aB1s\Anwendungsdaten\SmartFTP
2006-10-03 18:58 -------- d-------- C:\Programme\SmartFTP Client 2.0 Setup Files
2006-10-03 18:58 -------- d-------- C:\Programme\SmartFTP Client 2.0
2006-09-24 12:46 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-09-22 21:22 -------- d-------- C:\Programme\ClearProg
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 16:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SetDefaultMIDI"="MIDIDef.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Programme\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
@=""
"!AVG Anti-Spyware"="\"C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"isamonitor.exe"="C:\\Programme\\QualityCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\QualityCodec\\pmsngr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"featherweed"="{ab340860-fd81-4a65-b345-82eb77a66b5e}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rundll32 CTMBHA"
"hkey"="HKLM"
"command"="Rundll32 CTMBHA.DLL,MBMon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-13 0:00:56.67
C:\ComboFix.txt ... 06-11-13 00:00
C:\ComboFix2.txt ... 06-10-16 16:49
HiJackthis
Logfile of HijackThis v1.99.1
Scan saved at 00:03:48, on 13.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Extensis\Suitcase 9.2\Suitcase.exe
C:\Programme\mIRC\mirc.exe
C:\Programme\Trillian\trillian.exe
C:\Programme\QualityCodec\isamonitor.exe
C:\Programme\QualityCodec\isamini.exe
C:\Programme\QualityCodec\pmsngr.exe
C:\Programme\QualityCodec\pmmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ITBDCE~1.AB1\LOKALE~1\Temp\Rar$EX00.860\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Programme\QualityCodec\isaddon.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - C:\Programme\QualityCodec\iesplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - C:\WINDOWS\system32\jbtazy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe
datfind.bat
sys:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54AA-E36C
Verzeichnis von C:\
06-11-13 00:12 0 sys.txt
06-11-13 00:12 438 down.txt
06-11-13 00:12 386 tmp.txt
06-11-13 00:12 10,054 system.txt
06-11-13 00:12 297 systemtemp.txt
06-11-13 00:12 93,680 system32.txt
06-11-13 00:10 1,071,812,608 hiberfil.sys
06-11-13 00:10 1,607,610,368 pagefile.sys
06-11-13 00:00 7,926 ComboFix.txt
06-11-10 19:01 146 YServer.txt
06-11-01 20:28 380 lxbs.log
06-10-17 16:20 2,084 avenger.txt
06-10-17 15:33 1,022 rapport.txt
06-10-16 18:41 553 VundoFix.txt
06-10-16 16:49 9,736 ComboFix2.txt
06-10-13 18:09 268 sqmdata00.sqm
06-10-13 18:09 244 sqmnoopt00.sqm
06-10-03 17:35 783,114 video.pass
06-09-23 15:52 192 BcBtRmv.log
06-09-20 06:14 3,943 EyeCandyLog.txt
06-07-26 02:32 211 boot.ini
06-05-14 20:18 2,444 divx.log
system32:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54AA-E36C
Verzeichnis von C:\WINDOWS\system32
06-11-13 00:11 39,472 nvapps.xml
06-11-13 00:10 2,206 wpa.dbl
06-11-12 23:47 77,824 jbtazy.dll
06-10-29 03:44 381,692 perfh009.dat
06-10-29 03:44 53,436 perfc009.dat
06-10-29 03:44 392,512 perfh007.dat
06-10-29 03:44 64,452 perfc007.dat
06-10-29 03:44 902,476 PerfStringBackup.INI
06-10-16 17:22 3,888 ikhcore.log
06-10-08 20:22 10,856 KGyGaAvL.sys
06-10-04 21:03 9,639,336 MRT.exe
06-09-25 00:45 14,336 Thumbs.db
06-09-13 06:02 1,084,416 msxml3.dll
06-09-04 07:13 1,497,088 shdocvw.dll
06-08-29 18:43 135,168 swreg.exe
06-08-25 16:46 617,472 comctl32.dll
06-08-21 13:26 16,896 fltlib.dll
Verzeichnis von C:\DOKUME~1\ITBDCE~1.AB1\LOKALE~1\Temp
06-11-13 00:12 107,444 bt3642.bat
1 Datei(en) 107,444 Bytes
0 Verzeichnis(se), 106,188,091,392 Bytes frei
system:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54AA-E36C
Verzeichnis von C:\WINDOWS
06-11-13 00:10 0 0.log
06-11-13 00:10 1,861,493 WindowsUpdate.log
06-11-13 00:10 2,048 bootstat.dat
06-11-13 00:09 32,552 SchedLgU.Txt
06-11-12 18:31 50 wiaservc.log
06-11-12 18:31 506 wiadebug.log
06-11-12 17:30 157,352 DirectX.log
06-11-11 18:38 116 NeroDigital.ini
06-11-01 20:29 1,037,162 setupapi.log
06-10-31 23:50 582 eReg.dat
06-10-30 00:53 9,241 hhdrvi.log
06-10-26 21:03 877 Qiii.INI
06-10-22 13:14 1,216 setupact.log
06-10-17 17:18 176,960 ntbtlog.txt
06-10-16 02:09 7,796 Cycore FX Demo-1.0.1-for-After Effects-Uninstall.log
06-10-15 23:51 573 win.ini
06-10-12 06:09 138,471 comsetup.log
06-10-12 06:09 60,191 iis6.log
tmp:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54AA-E36C
Verzeichnis von C:\WINDOWS\Temp
06-11-13 00:10 409 WGANotify.settings
06-11-13 00:10 255 WGAErrLog.txt
06-11-13 00:07 0 T30DebugLogFile.txt
3 Datei(en) 664 Bytes
0 Verzeichnis(se), 106,188,091,392 Bytes frei
down:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54AA-E36C
Verzeichnis von C:\WINDOWS\Downloaded Program Files
05-06-10 10:44 417,792 isusweb.dll
04-08-18 13:17 65 desktop.ini
02-07-25 18:13 24,576 dwusplay.dll
02-07-25 18:13 196,608 dwusplay.exe
4 Datei(en) 639,041 Bytes
0 Verzeichnis(se), 106,188,091,392 Bytes frei