Home » Spyware & Browser Hijacker Support Forum » VirustBurst und Critical System Error zum x-ten...:-( » Themenansicht
VirustBurst und Critical System Error zum x-ten...:-( |
||
|---|---|---|
| #0
| ||
|
20.11.2006, 19:50
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
21.11.2006, 01:01
Ehrenmitglied
 Beiträge: 29434 |
#2
Jozeph
LSPfix http://www.spychecker.com/program/lspfix.html - hake an: "I know what Im doing" -- Remove - und loesche die rlls.dll (eventuell musst du die dll von links nach rechts bringen) + Remove -------------------------------------------------------------------------------- Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html ----------- öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Perfect Codec\isaddon.dllPC neustarten ** scanne, stelle alles auf remove und poste hier den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.11.2006, 19:22
...neu hier
Themenstarter Beiträge: 4 |
#3
komme leider erst jetzt dazu mich zu bedanken...
vielen herzlichen dank sabina! :-) hier noch der scanrapport: Spyware Scan Details Start Date: 11/21/2006 7:48:00 AM End Date: 11/21/2006 8:23:37 AM Total Time: 35 mins 37 secs Detected spyware Hotbar Toolbar more information... Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer. Status: Quarantined Infected files detected c:\program files\hbtools_icons\jamster2.ico c:\windows\hotbarwp.bmp Zango.SearchAssistant Adware (General) more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Quarantined Infected files detected c:\program files\zango games\david vs. goliath\david.opt c:\program files\zango games\david vs. goliath\user.cfg Marketscore.RelevantKnowledge Adware (General) more information... Status: Quarantined Infected files detected c:\windows\system32\rlls.dll FunWebProducts Potentially Unwanted Program more information... Details: Fun Web Products bundles adware software in its products. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\SOFTWARE\FunWebProducts HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionCount 6 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionTimestamp 214453 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\Yahoo SessionCount 1 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\Yahoo SessionTimestamp 2199531 Warez P2P P2P Program more information... Details: Warez P2P is a file sharing program that allows the user to participate in online file sharing networks. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Warez P2P Client HKEY_CURRENT_USER\Software\Warez CasinoTropez Potentially Unwanted Program more information... Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Casino Tropez HKEY_CURRENT_USER\Software\Casino Tropez funaccount 1 HKEY_CURRENT_USER\Software\Casino Tropez funnickname HKEY_CURRENT_USER\Software\Casino Tropez funusername HKEY_CURRENT_USER\Software\Casino Tropez lobby_favouritegames HKEY_CURRENT_USER\Software\Casino Tropez nickname HKEY_CURRENT_USER\Software\Casino Tropez options-fullscreen 0 HKEY_CURRENT_USER\Software\Casino Tropez options-volume 255 HKEY_CURRENT_USER\Software\Casino Tropez options_autologinfun HKEY_CURRENT_USER\Software\Casino Tropez options_autologinreal HKEY_CURRENT_USER\Software\Casino Tropez options_dealervoices 1 HKEY_CURRENT_USER\Software\Casino Tropez options_dealervoiceset HKEY_CURRENT_USER\Software\Casino Tropez options_music HKEY_CURRENT_USER\Software\Casino Tropez options_sounds 1 HKEY_CURRENT_USER\Software\Casino Tropez options_xlslots HKEY_CURRENT_USER\Software\Casino Tropez username FullContext.EQAdvice Adware (General) more information... Details: FullContext.EQAdvice is an advertising program that displays ads and allows the installation of other adware. Status: Quarantined Infected registry entries detected HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html IE/Delphi MimeFilter Demo HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html CLSID {0EB00690-8FA1-11D3-96C7-829E3EA50C29} Cookie: DriveCleaner Cookie (General) more information... Status: Deleted Infected cookies detected c:\documents and settings\ccity.your-4105e587b6\cookies\ccity@drivecleaner[2].txt herzliche gruesse, Jo |
|
|
|
|
|
|
21.11.2006, 20:19
...neu hier
Beiträge: 2 |
#4
Hallo,
habe exakt das selbe problem wie Jozeph. Nur bei dem LSPfix Programm steht bei mir die rlls.dll datei nicht. Habe nur drei andere : mswsock.dll winrnr.dll rsvpsp.dll. Was kann ich jetzt machen ? Helft mir bitte Ev0lution |
|
|
|
|
|
|
22.11.2006, 00:41
Ehrenmitglied
Beiträge: 29434 |
#5
Ev0lution
1. Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" 2. poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.11.2006, 00:42
Ehrenmitglied
Beiträge: 29434 |
#6
Jozeph
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet. + poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.11.2006, 14:01
...neu hier
Beiträge: 4 |
#7
Hallo Sabrina! Kannst du mir vielleicht auch helfen? Ich habe im Tray ein kleines, hässliches, gelbes, blinkendes Warnschild was mir ständig die meldung gibt ich hätte einen Wurm oder aber n Trojaner drauf...wechselt sich gerne ab des weiteren öffnet sich ständig ein fenster dass mir Antyspyware software verkaufen will, abgesehn von den pop-ups die noch hinzukommen.
HIJACKTHIS: Logfile of HijackThis v1.99.1 Scan saved at 14:01:20, on 22.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe c:\programme\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\Programme\FRITZ!DSL\Awatch.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe E:\MP3s\tutu\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\ich\LOKALE~1\Temp\Rar$EX00.281\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Programme\Super Codec\isaddon.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\MP3s\tutu\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Protection Bar - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - C:\Programme\Super Codec\iesplugin.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\MP3s\tutu\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/ O17 - HKLM\System\CCS\Services\Tcpip\..\{C5E32451-303D-40F6-B4FF-E0FCC761552E}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{C6645548-B35F-45C1-8EDA-7903330CA344}: NameServer = 217.237.151.205 217.237.150.205 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: amaranthaceous - {4fc003c3-87a0-489c-85cd-878246eb2d18} - C:\WINDOWS\system32\oebxpba.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe bitte hilf mir, es nervt tierisch |
|
|
|
|
|
|
22.11.2006, 14:15
Ehrenmitglied
Beiträge: 29434 |
#8
Curnel
das ist neu, deshalb muss ich erst "graben" Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Super Codec in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. 2. poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ dann reinige ich dir das in 2 Minuten  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.11.2006, 16:54
...neu hier
Beiträge: 4 |
#9
1) Hier den geposteten Text
REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 22.11.2006 16:54:28 for strings: ; 'super codec' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}\InprocServer32] @="C:\\Programme\\Super Codec\\isaddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6}\InprocServer32] @="C:\\Programme\\Super Codec\\iesplugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\Super Codec\\isamonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006] "UninstallString"="\"C:\\Programme\\Super Codec\\iesuninst.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03] "UninstallString"="\"C:\\Programme\\Super Codec\\pmuninst.exe\"" [HKEY_USERS\S-1-5-21-854245398-1547161642-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Programme\\Super Codec\\isamonitor.exe"="isamonitor" "C:\\Programme\\Super Codec\\pmsngr.exe"="pmsngr" ; End Of The Log... 2) Combofix... ich - 06-11-22 16:56:14,48 Service Pack 2 ComboFix 06.11.19 - Running from: "E:\MP3s\tutu" ((((((((((((((((((((((((((((((( Files Created from 2006-10-22 to 2006-11-22 )))))))))))))))))))))))))))))))))) 2006-11-20 22:21 493 --a------ C:\avexport.bat 2006-11-20 22:21 <DIR> d-------- C:\Avenger 2006-11-20 20:44 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2006-11-20 18:21 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2006-11-20 18:20 <DIR> d--hs---- C:\Config.Msi 2006-11-20 18:19 <DIR> d-------- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Google 2006-11-20 18:18 <DIR> d-------- C:\Programme\Mozilla Firefox 2006-11-20 18:18 <DIR> d-------- C:\Programme\Lavasoft 2006-11-20 18:18 <DIR> d-------- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla 2006-11-20 18:17 <DIR> d-------- C:\Programme\Picasa2 2006-11-20 17:56 <DIR> d-------- C:\Programme\Google 2006-11-20 17:56 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google 2006-11-19 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Lavasoft 2006-11-19 19:42 <DIR> d-------- C:\Programme\MalwareWiper 2006-11-19 18:22 77,824 --a------ C:\WINDOWS\system32\oebxpba.dll 2006-11-19 18:22 <DIR> d-------- C:\Programme\Virus-Bursters 2006-11-19 11:58 <DIR> d-------- C:\Programme\MSXML 4.0 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-22 16:53 -------- d-------- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Skype 2006-11-22 13:30 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-11-20 20:32 -------- d-------- C:\Programme\PartyGaming 2006-11-20 18:19 -------- d-------- C:\Programme\Adobe 2006-11-19 12:15 -------- d-------- C:\Programme\Soulseek 2006-11-17 20:03 -------- d-------- C:\Programme\Internet Explorer 2006-11-11 16:23 -------- d-------- C:\Programme\PokerStars.NET 2006-11-08 14:49 -------- d-------- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\uTorrent 2006-11-08 14:45 -------- d-------- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\dvdcss 2006-11-05 15:04 -------- d-------- C:\Programme\ElsterFormular2005 2006-10-13 23:29 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic 2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-10-11 08:53 -------- d-------- C:\Programme\PartyGaming.Net 2006-09-24 16:17 -------- d-------- C:\Programme\ICQLite 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-08-25 16:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe" "SpybotSD TeaTimer"="E:\\MP3s\\tutu\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "AnyDVD"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "T-DSL SpeedMgr"="\"C:\\PROGRA~1\\T-DSLS~1\\SpeedMgr.exe\"" "AWatch"="C:\\Programme\\FRITZ!DSL\\Awatch.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "Google Desktop Search"="\"C:\\Programme\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,de,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,de,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{4fc003c3-87a0-489c-85cd-878246eb2d18}"="amaranthaceous" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\Super Codec\\isamonitor.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "amaranthaceous"="{4fc003c3-87a0-489c-85cd-878246eb2d18}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="atiptaxx" "hkey"="HKLM" "command"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="sstray" "hkey"="HKLM" "command"="sstray.exe /r" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=dword:00000002 "srservice"=dword:00000002 "SENS"=dword:00000002 "SamSs"=dword:00000002 "RSVP"=dword:00000003 "RemoteRegistry"=dword:00000002 "NtLmSsp"=dword:00000003 "mnmsrvc"=dword:00000003 "LmHosts"=dword:00000002 "helpsvc"=dword:00000002 "FastUserSwitchingCompatibility"=dword:00000003 "Eventlog"=dword:00000002 "ERSvc"=dword:00000002 "ATI Smart"=dword:00000002 "Ati HotKey Poller"=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1110388684.job C:\WINDOWS\tasks\WebReg 20050309182223.job Completion time: 06-11-22 16:56:59.87 C:\ComboFix.txt ... 06-11-22 16:56 C:\ComboFix2.txt ... 06-11-20 22:13 Dieser Beitrag wurde am 22.11.2006 um 16:59 Uhr von Curnel editiert.
|
|
|
|
|
|
|
22.11.2006, 17:04
...neu hier
Beiträge: 3 |
#10
Hi Sabin , also hatte den Schei... auch auf'm pc, hab das dann mit dem script (avenger) und dannach mit SmitfraudFix geamcht muss ich noch was machen???
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ipcgnxmy ******************* Script file located at: \??\C:\Program Files\hasefpgv.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\ouwininit.exe not found! Deletion of file C:\WINDOWS\ouwininit.exe failed! Could not process line: C:\WINDOWS\ouwininit.exe Status: 0xc0000034 edit (Sabina) Mit Freundlichen Grüßen BIll Gates^^ |
|
|
|
|
|
|
22.11.2006, 17:37
Ehrenmitglied
Beiträge: 29434 |
#11
Curnel
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint, damit ich weiss, ob das script funktioniert hat »» lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html ____________ öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.11.2006, 17:48
Ehrenmitglied
Beiträge: 29434 |
#12
bill_gates
ich weiss nicht, was das soll - ein x-beliebiges Avengerscript anwenden  keine Ahnung, wo du das aufgegabelt hast - aber fuer dich war es bestimmt nicht bestimmt. Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip Lade/entpacke HijackThis in einem Ordner Beim Erststart: klicke auf "Do a system scan and save a log file". ss öffnet sich der Text-Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.11.2006, 17:54
...neu hier
Beiträge: 4 |
#13
Hallo Sabrina... also nach dem neustart kam kein LOG den ich hier posten kann und das backup kann ich nich löschen weil es nich da is. der ornder Avenger is da, aber das backup nicht. was nu? aber die fehlermeldung ist weg. also sieht so aus, als wenn es geklappt hätte oder?
|
|
|
|
|
|
|
22.11.2006, 17:54
...neu hier
Themenstarter Beiträge: 4 |
#14
Sabina
counterspy hat soweit nichts mehr gefunden... hier noch das aktuelle hijackthis logfile: Logfile of HijackThis v1.99.1 Scan saved at 5:47:09 PM, on 11/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Documents and Settings\CCity.YOUR-4105E587B6\Desktop\LOGFILES\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - (no file) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c1440454a9a542159f6ef495b438120d O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c1440454a9a542159f6ef495b438120d O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4D706316-533F-444F-9791-BBF86995E91F}: NameServer = 62.65.128.10,62.65.128.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{61E7AB4C-3B9A-4C9B-9E33-669B67C71B10}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe herzliche gruesse, Jo |
|
|
|
|
|
|
22.11.2006, 18:11
...neu hier
Beiträge: 4 |
#15
also der erste schritt hat sehr gut geklappt. aber der rest funktioniert nicht. also die fehlermeldung is aber dennoch weg. reicht das dann oder sind die letzten schritte nicht mehr notwendihg??
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
leider bin auch ich resp. mein rechner ein virusburst-patient...
es sind die gleichen symptome wie die meisten die ich bis jetzt hier im forum gelesen habe... taskleiste symbol virusburst, pop-up critical system errors und dann melden sich noch andere pop-ups in der taskleiste mit warnungen ueber systemperformance, spyware etc. ein komplettscan mit karspersky hat nichts ergeben.
dass das unheimlich nervt muss ich glabe ich nicht mehr erwaehnen und hoffe sehr ihr findet zeit auch mir zu helfen.
ich habe versucht mich genau an sabinas anleitung zu halten:
1. hijack-logfile, 2. cleanup, 3. combofix, 4. datfind.bat
und nun zu den logfiles...
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 5:59:03 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Perfect Codec\pmsngr.exe
C:\Program Files\Perfect Codec\isamonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Perfect Codec\pmmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Perfect Codec\isamini.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\CCity.YOUR-4105E587B6\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Perfect Codec\isaddon.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - C:\Program Files\Perfect Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c1440454a9a542159f6ef495b438120d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c1440454a9a542159f6ef495b438120d
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D706316-533F-444F-9791-BBF86995E91F}: NameServer = 62.65.128.10,62.65.128.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{61E7AB4C-3B9A-4C9B-9E33-669B67C71B10}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {0EB00690-8FA1-11D3-96C7-829E3EA50C29} - C:\WINDOWS\ftpsconfig.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\system32\dcvwaah.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
COMBOFIX
CCity - 06-11-20 18:20:55.20 Service Pack 2
ComboFix 06.11.19 - Running from: "C:\Documents and Settings\CCity.YOUR-4105E587B6\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\components
((((((((((((((((((((((((((((((( Files Created from 2006-10-20 to 2006-11-20 ))))))))))))))))))))))))))))))))))
2006-11-20 17:50 <DIR> d-------- C:\Program Files\CleanUp!
2006-11-20 00:05 <DIR> dr-h----- C:\Documents and Settings\CCity.YOUR-4105E587B6\Recent
2006-11-19 22:57 77,824 --a------ C:\WINDOWS\system32\dcvwaah.dll
2006-11-19 22:57 <DIR> d-------- C:\Program Files\Perfect Codec
2006-11-19 22:34 <DIR> d-------- C:\Program Files\Shockwave.com
2006-11-19 21:27 <DIR> d--hs---- C:\WINDOWS\ftpcache
2006-11-15 23:58 <DIR> d-------- C:\a642cb42981cafb339738671a4ffa3
2006-11-07 23:28 <DIR> d-------- C:\Program Files\Charlie II
2006-11-07 21:37 <DIR> d-------- C:\Program Files\MosaicCreator
2006-11-05 01:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 13:38 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-04 13:38 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-04 11:34 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2006-11-04 11:34 <DIR> d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Real
2006-11-04 11:26 <DIR> d-------- C:\Program Files\Windows Live Favorites
2006-11-01 21:22 <DIR> d-------- C:\Program Files\VideoKeyCodec
2006-10-30 21:34 <DIR> d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\vmntoolbar
2006-10-30 08:09 <DIR> d-------- C:\Program Files\GalleryPlayer
2006-10-29 21:32 <DIR> d-------- C:\Program Files\SmartFTP Client 2.0
2006-10-29 21:32 <DIR> d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\SmartFTP
2006-10-29 21:31 <DIR> d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files
2006-10-29 11:36 <DIR> d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\CoffeeCup Software
2006-10-28 14:17 13 C:\Documents and Settings\All Users\Application Data\YUAŽ3113>.sys
2006-10-28 14:16 <DIR> d-------- C:\Program Files\CoffeeCup Software
2006-10-27 19:07 <DIR> d--h----- C:\WINDOWS\Icons
2006-10-24 10:17 48,424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-10-21 20:10 <DIR> d-------- C:\Program Files\Wiering Software
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-20 18:18 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-20 14:46 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-11-19 23:24 -------- d-------- C:\Program Files\CONEXANT
2006-11-19 22:42 -------- d-------- C:\Program Files\MSN Games
2006-11-19 15:23 -------- d-------- C:\Program Files\Microsoft Digital Image 10
2006-11-16 21:48 -------- d-------- C:\Program Files\eMule
2006-11-15 23:57 -------- d-------- C:\Program Files\Internet Explorer
2006-11-11 11:27 -------- d-------- C:\Program Files\EPSON
2006-11-11 11:16 -------- d-------- C:\Program Files\Picasa2
2006-11-09 23:34 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-11-05 23:01 -------- d-------- C:\Program Files\Canon
2006-11-04 17:34 -------- d-------- C:\Program Files\Real
2006-11-04 11:35 -------- d-------- C:\Program Files\Common Files\Real
2006-11-04 11:27 -------- d---s---- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Microsoft
2006-11-04 11:26 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-04 11:22 -------- d-------- C:\Program Files\MSN Messenger
2006-10-30 21:29 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Adobe
2006-10-29 11:36 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-18 07:34 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Smart Panel
2006-10-18 07:31 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\EPSON
2006-10-18 06:44 -------- d-------- C:\Program Files\Google
2006-10-15 21:52 -------- d-------- C:\Program Files\Photo Pos Pro
2006-10-13 23:35 -------- d-------- C:\Program Files\Adobe
2006-10-13 23:16 152659 --a------ C:\WINDOWS\Photo Pos Pro Uninstaller.exe
2006-10-13 23:16 -------- d-------- C:\Program Files\Common Files\Thraex Software
2006-10-13 23:16 -------- d-------- C:\Program Files\Common Files
2006-10-13 18:54 -------- d-------- C:\Program Files\ArcSoft
2006-10-13 13:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 10:41 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\ArcSoft
2006-10-13 10:39 -------- d-------- C:\Program Files\Smart Panel
2006-10-13 10:20 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\ABBYY
2006-10-13 10:17 -------- d-------- C:\Program Files\Common Files\Python
2006-10-12 19:04 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-12 19:04 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-12 09:28 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\PlayFirst
2006-10-11 10:00 164352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-10-11 09:59 159744 --a------ C:\WINDOWS\Talking Time Keeper.scr
2006-10-09 21:52 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\AdobeAUM
2006-10-08 19:32 -------- d-------- C:\Program Files\Elaborate Bytes
2006-10-08 19:31 85 ---hs---- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\.zreglib
2006-10-05 15:22 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-10-02 19:18 -------- d-------- C:\Program Files\iTunes
2006-10-02 18:34 -------- d-------- C:\Program Files\iPod
2006-10-02 18:32 -------- d-------- C:\Program Files\QuickTime
2006-09-29 20:23 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Lavasoft
2006-09-27 23:05 -------- d-------- C:\Program Files\Common Files\Nikon
2006-09-27 23:05 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Nikon
2006-09-27 23:03 -------- d-------- C:\Program Files\Nikon
2006-09-26 21:50 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Mozilla
2006-09-26 21:49 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Thunderbird
2006-09-21 13:40 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Help
2006-09-20 13:15 -------- d-------- C:\Documents and Settings\CCity.YOUR-4105E587B6\Application Data\Google
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-07 23:57 450690 --a------ C:\WINDOWS\system32\PosIpLiB.dll
2006-08-30 15:35 737280 --a------ C:\WINDOWS\iun6002.exe
2006-08-29 12:42 53248 --a------ C:\WINDOWS\system32\PosTBsknLib.dll
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{40dcff6e-af8d-4183-8ebe-a82270ac449e}"="gimmicks"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSharedDocuments"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoSaveSettings"=dword:00000000
"NoSMConfigurePrograms"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"NoBandCustomize"=dword:00000000
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Program Files\\Perfect Codec\\isamonitor.exe"
"pmsngr.exe"="C:\\Program Files\\Perfect Codec\\pmsngr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"gimmicks"="{40dcff6e-af8d-4183-8ebe-a82270ac449e}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lsburnwatcher"
"hkey"="HKLM"
"command"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Completion time: 06-11-20 18:22:32.09
C:\ComboFix.txt ... 06-11-20 18:22
DATFIND
Volume in drive C has no label.
Volume Serial Number is 09ED-71AC
Directory of C:\WINDOWS\system32
11/20/2006 06:09 PM 1,374 wpa.dbl
11/19/2006 10:57 PM 77,824 dcvwaah.dll
11/08/2006 02:38 AM 10,342,824 MRT.exe
11/04/2006 05:30 PM 870,128 mcs.rma
11/04/2006 05:30 PM 4 9C7B6F
11/04/2006 02:14 PM 1,245,696 msxml4.dll
11/01/2006 08:09 AM 385,256 perfh009.dat
11/01/2006 08:09 AM 54,850 perfc009.dat
11/01/2006 08:09 AM 445,886 PerfStringBackup.INI
10/24/2006 10:17 AM 48,424 sirenacm.dll
10/16/2006 11:21 AM 115,200 xpsp3res.dll
10/13/2006 01:35 PM 142,336 nwprovau.dll
10/11/2006 10:00 AM 164,352 SpoonUninstall.exe
10/10/2006 09:06 AM 333,072 FNTCACHE.DAT
10/05/2006 03:22 PM 24,072 uxtuneup.dll
09/29/2006 11:21 PM 1,409 tmp2DA7C.FOT
09/29/2006 11:21 PM 1,409 tmp3BA7C.FOT
09/29/2006 11:21 PM 1,409 tmp47A7C.FOT
09/29/2006 11:21 PM 1,409 tmp54A7C.FOT
09/29/2006 11:21 PM 1,409 tmp70A7C.FOT
09/29/2006 11:21 PM 1,409 tmp9B97C.FOT
09/24/2006 02:42 AM 65,536 QuickTimeVR.qtx
09/24/2006 02:42 AM 49,152 QuickTime.qts
09/19/2006 02:36 PM 229,376 PosFrmCap.ocx
09/19/2006 02:21 PM 1,335,296 PrjPrintTemplatesCtl.ocx
09/19/2006 02:19 PM 118,784 PosPicDlg.ocx
Volume in drive C has no label.
Volume Serial Number is 09ED-71AC
Directory of C:\WINDOWS\Temp
11/20/2006 07:00 PM 8,192 cch~2a23ffe89.htp
11/20/2006 07:00 PM 8,192 cch~2a24007f6.htp
11/20/2006 06:58 PM 8,192 cch~280c421c6.htp
11/20/2006 06:58 PM 8,192 cch~280c42ca0.htp
11/20/2006 06:58 PM 8,192 cch~2801acb2c.htp
11/20/2006 06:58 PM 8,192 cch~2801a7aff.htp
11/20/2006 06:58 PM 8,192 cch~2801764ef.htp
11/20/2006 06:58 PM 8,192 cch~28017d2e0.htp
11/20/2006 06:58 PM 8,192 cch~27d21cedd.htp
11/20/2006 06:58 PM 8,192 cch~27d21daf4.htp
11/20/2006 06:58 PM 8,192 cch~27d2196eb.htp
11/20/2006 06:58 PM 8,192 cch~27d21a20d.htp
11/20/2006 06:09 PM 16,384 ~DF1E9E.tmp
13 File(s) 114,688 bytes
0 Dir(s) 28,434,497,536 bytes free
Volume in drive C has no label.
Volume Serial Number is 09ED-71AC
Directory of C:\WINDOWS
11/20/2006 06:16 PM 1,324,299 WindowsUpdate.log
11/20/2006 06:09 PM 0 0.log
11/20/2006 06:09 PM 50 wiaservc.log
11/20/2006 06:09 PM 300 wiadebug.log
11/20/2006 06:08 PM 2,048 bootstat.dat
11/20/2006 06:08 PM 32,532 SchedLgU.Txt
11/20/2006 07:10 AM 254,964 ntbtlog.txt
11/18/2006 12:24 AM 116 NeroDigital.ini
11/17/2006 10:27 PM 54,156 QTFont.qfn
11/15/2006 10:53 PM 1,409 QTFont.for
11/04/2006 11:38 AM 316,640 WMSysPr9.prx
10/17/2006 06:22 PM 880 win.ini
10/13/2006 11:16 PM 152,659 Photo Pos Pro Uninstaller.exe
10/13/2006 10:34 AM 29 DEBUGSM.INI
10/13/2006 10:11 AM 130 EPSON Perfection 1670G.ini
10/11/2006 11:15 AM 3,003 SaintPaint.INI
10/11/2006 10:12 AM 58 Progs_.ini
10/11/2006 10:01 AM 809 TalkingTimeKeeper.INI
10/11/2006 09:59 AM 159,744 Talking Time Keeper.scr
10/02/2006 07:46 AM 6,609 mozver.dat
09/28/2006 08:07 PM 0 SwSys2.bmp
09/28/2006 08:07 PM 0 SwSys1.bmp
09/28/2006 12:53 AM 23 VI20.set
09/26/2006 10:39 AM 22 iexplore.ini
Volume in drive C has no label.
Volume Serial Number is 09ED-71AC
Directory of C:\DOCUME~1\CCITY~1.YOU\LOCALS~1\Temp
Volume in drive C has no label.
Volume Serial Number is 09ED-71AC
Directory of C:\WINDOWS\Downloaded Program Files
06/07/2006 10:09 AM 1,249 erma.inf
03/24/2006 07:40 PM 65 desktop.ini
12/13/2004 02:20 PM 310 HbTools.inf
10/08/2004 09:01 PM 372,736 MsnPUpld.dll
09/22/2004 08:59 PM 110,592 PURen-us.dll
5 File(s) 484,952 bytes
0 Dir(s) 28,434,505,728 bytes free
Volume in drive C has no label.
Volume Serial Number is 09ED-71AC
Directory of C:\
11/20/2006 07:02 PM 0 sys.txt
11/20/2006 07:01 PM 483 down.txt
11/20/2006 07:01 PM 952 tmp.txt
11/20/2006 07:00 PM 6,326 system.txt
11/20/2006 07:00 PM 127 systemtemp.txt
11/20/2006 06:59 PM 109,306 system32.txt
11/20/2006 06:57 PM 118,181 dirdat.txt
11/20/2006 06:08 PM 669,569,024 hiberfil.sys
11/20/2006 06:08 PM 603,979,776 pagefile.sys
11/19/2006 04:30 PM 268 sqmdata08.sqm
11/19/2006 04:30 PM 244 sqmnoopt08.sqm
11/17/2006 10:38 PM 268 sqmdata07.sqm
11/17/2006 10:38 PM 244 sqmnoopt07.sqm
11/14/2006 11:56 PM 22,252 debug.log
11/14/2006 11:53 PM 268 sqmdata06.sqm
11/14/2006 11:53 PM 244 sqmnoopt06.sqm
11/13/2006 11:15 PM 268 sqmdata05.sqm
11/13/2006 11:15 PM 244 sqmnoopt05.sqm
11/12/2006 12:09 PM 268 sqmdata04.sqm
11/12/2006 12:09 PM 244 sqmnoopt04.sqm
11/10/2006 10:30 AM 268 sqmdata03.sqm
11/10/2006 10:30 AM 244 sqmnoopt03.sqm
11/06/2006 12:34 PM 268 sqmdata02.sqm
11/06/2006 12:34 PM 244 sqmnoopt02.sqm
11/05/2006 11:20 PM 268 sqmdata01.sqm
11/05/2006 11:20 PM 244 sqmnoopt01.sqm
10/30/2006 08:10 AM 5,464,706 GPinstall.log
09/30/2006 12:24 AM 426 Expiration.Log
09/29/2006 09:04 PM 701 os070469.bin
09/25/2006 05:50 PM 244 sqmnoopt00.sqm
09/25/2006 05:50 PM 268 sqmdata00.sqm
ich hoffe die files sind soweit vollstaendig.
herzliche gruesse,
Jo