Home » Spyware & Browser Hijacker Support Forum » Virusbursters entfernen » Themenansicht

Virusbursters entfernen

Thema ist geschlossen!
Thema ist geschlossen!
#0
23.11.2006, 11:57
Oliver11
...neu hier

Themenstarter

Beiträge: 10
#16 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2CF5-643D

Verzeichnis von C:\Windows\System32\Com

18.07.2006 19:57 <DIR> .
18.07.2006 19:57 <DIR> ..
26.07.2005 05:39 195.072 comadmin.dll
04.08.2004 13:00 61.440 comempty.dat
04.08.2004 13:00 78.048 comexp.msc
04.08.2004 13:00 9.728 comrepl.exe
04.08.2004 13:00 5.120 comrereg.exe
04.08.2004 13:00 19.456 mtsadmin.tlb
6 Datei(en) 368.864 Bytes
2 Verzeichnis(se), 29.849.251.840 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2CF5-643D

Verzeichnis von C:\Windows\system32\config

18.07.2006 11:00 <DIR> .
18.07.2006 11:00 <DIR> ..
23.11.2006 11:42 458.752 ACEEvent.evt
23.11.2006 11:42 524.288 AppEvent.Evt
23.11.2006 11:42 524.288 default
20.01.2006 02:33 94.208 default.sav
23.11.2006 11:42 262.144 SAM
18.07.2006 10:41 65.536 SecEvent.Evt
23.11.2006 11:42 262.144 SECURITY
23.11.2006 11:42 17.301.504 software
20.01.2006 02:33 659.456 software.sav
23.11.2006 11:42 524.288 SysEvent.Evt
23.11.2006 11:45 21.757.952 system
20.01.2006 02:33 913.408 system.sav
24.01.2006 06:27 <DIR> systemprofile
20.01.2006 02:33 262.144 userdiff
13 Datei(en) 43.610.112 Bytes
3 Verzeichnis(se), 29.849.247.744 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2CF5-643D


edit (Sabina)
Seitenanfang Seitenende
23.11.2006, 12:01
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 Oliver11

poste noch mal das log vom hijackThis - das log von combofix
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.11.2006, 12:16
Oliver11
...neu hier

Themenstarter

Beiträge: 10
#18 Logfile of HijackThis v1.99.1
Scan saved at 12:14:30, on 23.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Sicherheit\OmniPass\Omniserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Sicherheit\OmniPass\scureapp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\LG Software\IP Operator\IP Operator.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\Sicherheit\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Kaltenreiner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.at
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [OmniPass] C:\Sicherheit\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O5 "LPT1:" /M "Stylus C66"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Sicherheit\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Sicherheit\SuperAntispyware\SASWINLO.dll
O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OPXPGina - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Sicherheit\OmniPass\Omniserv.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Kaltenreiner - 06-11-23 12:15:03,84 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Sicherheit"

((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))


2006-11-23 11:44 <DIR> d-------- C:\avenger
2006-11-23 09:20 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2006-11-23 09:15 <DIR> d-------- C:\Documents and Settings\Kaltenreiner\Application Data\SUPERAntiSpyware.com
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-23 08:52 4,328 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-21 13:02 42,920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2006-11-21 13:01 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2006-11-19 10:21 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-11-18 23:41 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-18 23:40 <DIR> d-------- C:\6dd1fc01a47a25376ec7b192f378
2006-11-17 22:02 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-17 22:02 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-17 20:00 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-11-17 19:45 <DIR> d--hs---- C:\WINDOWS\ftpcache
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 17:01 <DIR> d-------- C:\Documents and Settings\Kaltenreiner\Application Data\Azureus
2006-10-23 20:00 <DIR> d-------- C:\Program Files\Mozilla Firefox


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-23 09:20 -------- d-------- C:\Program Files\lg_swupdate
2006-11-23 09:14 -------- d-------- C:\Program Files\Common Files
2006-11-20 22:19 -------- d-------- C:\Documents and Settings\Kaltenreiner\Application Data\OpenOffice.org2
2006-11-18 01:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-17 21:03 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-12 18:58 -------- d-------- C:\Program Files\ICQLite
2006-10-24 18:05 -------- d-------- C:\Program Files\DOSBox-0.65
2006-10-23 19:22 -------- d-------- C:\Program Files\Firefox
2006-10-20 15:16 -------- d-------- C:\Program Files\Hex-Editor MX
2006-10-18 13:29 -------- d-------- C:\Program Files\LG Software
2006-10-16 15:14 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-16 15:10 -------- d-------- C:\Program Files\THQ
2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-10 08:19 -------- d-------- C:\Program Files\QuickTime
2006-10-10 08:18 -------- d-------- C:\Program Files\Apple Software Update
2006-10-09 22:04 -------- d-------- C:\Program Files\Google
2006-10-09 22:04 -------- d-------- C:\Documents and Settings\Kaltenreiner\Application Data\Google
2006-10-08 03:48 -------- d-------- C:\Documents and Settings\Kaltenreiner\Application Data\vlc
2006-10-08 01:27 -------- d-------- C:\Program Files\VideoLAN
2006-10-07 20:06 967 --a------ C:\WINDOWS\ScUnin.pif
2006-10-07 20:06 67584 --a------ C:\WINDOWS\ScUnin.exe
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-04 22:08 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 04:47 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-09 19:05 869 --a------ C:\Documents and Settings\Kaltenreiner\Application Data\AdobeDLM.log
2006-08-09 19:05 0 --a------ C:\Documents and Settings\Kaltenreiner\Application Data\dm.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SRSTrayApp"="C:\\Program Files\\SRS Labs\\WOWXT and TSXT Driver\\SRSTrayApp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"AGRSMMSG"="AGRSMMSG.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LG Direct Media Button Service"="LGDMEBTN.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"OmniPass"="C:\\Sicherheit\\OmniPass\\scureapp.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"IPO3"="\"C:\\Program Files\\LG Software\\IP Operator\\IP Operator.exe\" -aUtOsTaRtFrOmReG"
"KeybdUtility"="\"C:\\Program Files\\LG Software\\On Screen Display\\HotKey.exe\""
"EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0S2.EXE /P23 \"EPSON Stylus C66 Series\" /O5 \"LPT1:\" /M \"Stylus C66\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"batterymiser"="\"C:\\Program Files\\LG Software\\Battery Miser\\batterymiser.exe\""
"Zone Labs Client"="\"C:\\Sicherheit\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"="BatteryMiser Psap Shl Ext"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="\"C:\\Program Files\\CloneCD\\CloneCDTray.exe\" /s"
"LG Intelligent Update"="\"C:\\Program Files\\lg_swupdate\\autoupdate.exe\" Gilautouc"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Critical Battery Alarm Program.job
C:\WINDOWS\tasks\Low Battery Alarm Program.job
C:\WINDOWS\tasks\Security Platform Backup Schedule.job

Completion time: 06-11-23 12:15:47.98
C:\ComboFix.txt ... 06-11-23 12:15
C:\ComboFix2.txt ... 06-11-23 11:09
C:\ComboFix3.txt ... 06-11-23 08:39
Seitenanfang Seitenende
23.11.2006, 12:38
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 Oliver11

meiner Meinung nach muesste wieder alles o.k. sein, dennoch mache einen Onlinescan mit Panda oder ewido und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.11.2006, 13:47
Oliver11
...neu hier

Themenstarter

Beiträge: 10
#20 Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kaltenreiner\Application Data\Mozilla\Firefox\Profiles\lmnlbvsb.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kaltenreiner\Application Data\Mozilla\Firefox\Profiles\lmnlbvsb.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kaltenreiner\Application Data\Mozilla\Firefox\Profiles\lmnlbvsb.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kaltenreiner\Application Data\Mozilla\Firefox\Profiles\lmnlbvsb.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kaltenreiner\Application Data\Mozilla\Firefox\Profiles\lmnlbvsb.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kaltenreiner\Application Data\Mozilla\Firefox\Profiles\lmnlbvsb.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaltenreiner\Application Data\Mozilla\Firefox\Profiles\lmnlbvsb.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Kaltenreiner\Application Data\Mozilla\Firefox\Profiles\lmnlbvsb.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kaltenreiner\Cookies\kaltenreiner@atwola[1].txt
Seitenanfang Seitenende
23.11.2006, 13:49
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 Oliver11

nur Cookies....
bist also entlassen - bis zum nachsten Mal ;)
Alles Gute.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.11.2006, 13:56
Oliver11
...neu hier

Themenstarter

Beiträge: 10
#22 Vielen Dank.

mfg
Oliver Kaltenreiner
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12