VirusBuster Critical System Errors

#0
08.12.2006, 13:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#46 soll heissen, beide scanner finden nichts mehr ?
poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.12.2006, 21:46
Member

Beiträge: 17
#47 C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120342323249
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Seitenanfang Seitenende
10.12.2006, 00:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#48 jürgen1972

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
PC neustarten

**
poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.12.2006, 15:30
Member

Beiträge: 17
#49 Hi,

ignorierliste und dann delete war das ok?

gruss
jürgen

Logfile of HijackThis v1.99.1
Scan saved at 15:39:17, on 10.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\DOKUME~1\JRGEN~1\LOKALE~1\Temp\Temporäres Verzeichnis 7 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120342323249
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Seitenanfang Seitenende
10.12.2006, 16:56
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#50 ««
scanne noch mal mit dr.web im abgesicherten modus
leider hast du mir nie einen scanreport gepostet....

ich denke, dass der Rechner wieder i.o. ist ;) - wenn es noch Probleme geben sollte - melde dich
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.12.2006, 22:34
...neu hier
Avatar mustang_sb

Beiträge: 7
#51 Hi,
ich habe mir auch virusbuster eingefangen hier ist meine Log. Danke schon im voraus.

Logfile of HijackThis v1.99.1
Scan saved at 22:33:07, on 14.12.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\avmwlanstick\WlanNetService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Programme\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Programme\Kill Window 2.0\Kill Window 2.0.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
C:\Programme\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Download Manager\IDMan.exe
C:\Dokumente und Einstellungen\Peter Pan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {90DDB9D8-A752-17E1-F7EA-8D366F7D007E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [CeEKey.exe] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download All Links with IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Download with IDM - C:\Programme\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{679D82D3-CF0C-4E00-9346-037D85384E69}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD453072-E347-4B7E-8061-2AA19D899734}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC6BCC9B-BAFD-4935-B499-9C8579105CC1}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
Seitenanfang Seitenende
15.12.2006, 00:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#52 mustang_sb

deine Internetverbindung geht nicht zu deinem provider, sondern in die Ukraine ;)

1.
scanne und poste den scanrepot hier
http://virus-protect.org/artikel/tools/fixwareout.html

2.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

3.
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

4.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.12.2006, 14:28
...neu hier
Avatar mustang_sb

Beiträge: 7
#53 Hi,
der Report von FixWareout.

Windows Script Host access is disabled on this machine.
Post this in the forum please.


Der Report von Datfindbut,


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1450-1102

Verzeichnis von C:\WINDOWS\system32

16.12.2006 14:18 1.136 wpa.dbl
13.12.2006 19:34 19.456 qrzsyr.dll
13.12.2006 15:48 2.953 CONFIG.NT
23.11.2006 16:45 24.072 uxtuneup.dll
01.11.2006 17:42 94.314 klogon.dll
30.10.2006 06:53 109.400 FNTCACHE.DAT
28.09.2006 10:53 13.312 BASSMOD.dll
29.08.2006 10:28 140.984 idmmbc.dll
25.08.2006 04:47 39.672 vxblock.dll
25.08.2006 04:47 67.240 pxhpinst.exe
25.08.2006 04:47 63.144 pxcpya64.exe
25.08.2006 04:47 115.880 pxinsi64.exe
25.08.2006 04:47 62.632 pxinsa64.exe
25.08.2006 04:47 477.944 pxdrv.dll
25.08.2006 04:47 514.808 px.dll
25.08.2006 04:47 183.032 pxmas.dll
25.08.2006 04:47 129.784 pxafs.dll
25.08.2006 04:47 1.309.432 pxsfs.dll
25.08.2006 04:47 379.640 pxwave.dll
14.08.2006 19:44 81.984 bdod.bin
08.08.2006 17:45 316.838 perfh007.dat
08.08.2006 17:45 48.354 perfc007.dat
08.08.2006 17:45 40.190 perfc009.dat
08.08.2006 17:45 311.802 perfh009.dat
08.08.2006 17:45 723.568 PerfStringBackup.INI
04.08.2006 17:37 196.608 dtu100.dll
04.08.2006 17:37 73.728 dpl100.dll
01.08.2006 18:14 38.432 SanCpl.cpl



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1450-1102

Verzeichnis von C:\DOKUME~1\PETERP~1\LOKALE~1\Temp

16.12.2006 14:18 49.152 ~DF32C7.tmp
1 Datei(en) 49.152 Bytes
0 Verzeichnis(se), 3.200.761.856 Bytes frei




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1450-1102

Verzeichnis von C:\WINDOWS

16.12.2006 14:24 68 IDMan.INI
16.12.2006 14:19 159 wiadebug.log
16.12.2006 14:18 0 0.log
16.12.2006 14:18 2.048 bootstat.dat
14.12.2006 21:58 206.048 setupact.log
14.12.2006 09:38 50 wiaservc.log
13.12.2006 14:56 162.996 setupapi.log
02.12.2006 20:41 19.138 wmsetup.log
02.12.2006 20:40 316.640 WMSysPr9.prx
02.12.2006 20:33 192 winamp.ini
01.12.2006 17:36 116 NeroDigital.ini
18.11.2006 17:45 58.472 tsoc.log
18.11.2006 17:45 6.822 msgsocm.log
18.11.2006 17:45 1.943 imsins.log
18.11.2006 17:45 31.825 ntdtcsetup.log
18.11.2006 17:45 51.424 comsetup.log
18.11.2006 17:45 16.351 iis6.log
18.11.2006 17:45 119.038 FaxSetup.log
18.11.2006 17:45 6.546 ocmsn.log
18.11.2006 17:45 78.368 ocgen.log
18.11.2006 17:44 0 Q307274Uninst.log
16.11.2006 15:38 32.218 SchedLgU.Txt
19.10.2006 15:44 248 system.ini
17.10.2006 15:11 335 nsreg.dat
21.09.2006 16:05 2.518 Microsoft.MIF
21.09.2006 16:00 2.464 $_hpcst$.hpc
21.09.2006 15:57 18.132 Windows Update.log
20.09.2006 18:15 151 PhotoSnapViewer.INI
04.09.2006 18:49 79.945 DirectX.log
31.08.2006 19:03 9.120 MSI30-KB884016.log
31.08.2006 19:03 1.374 imsins.BAK
21.08.2006 19:14 821 win.ini
19.08.2006 12:16 2.904 mozver.dat
07.08.2006 15:36 522 ODBC.INI



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1450-1102

Verzeichnis von C:\WINDOWS\Temp




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1450-1102

Verzeichnis von C:\WINDOWS\Downloaded Program Files

27.03.2006 13:00 5.019 swflash.inf
29.01.2002 10:14 65 desktop.ini
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
3 Datei(en) 6.246 Bytes
0 Verzeichnis(se), 3.200.811.008 Bytes frei




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1450-1102

Verzeichnis von C:\

16.12.2006 14:37 0 sys.txt
16.12.2006 14:37 416 down.txt
16.12.2006 14:36 117 tmp.txt
16.12.2006 14:36 7.513 system.txt
16.12.2006 14:34 295 systemtemp.txt
16.12.2006 14:31 102.667 system32.txt
16.12.2006 14:18 535.875.584 hiberfil.sys
16.12.2006 14:18 183.500.800 pagefile.sys
08.08.2006 17:44 0 mcaf.log



hier ist der Cobofix Report,


ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Peter Pan\Eigene Dateien\Downloads\Programs"

((((((((((((((((((((((((((((((( Files Created from 2006-11-16 to 2006-12-16 ))))))))))))))))))))))))))))))))))


2006-12-16 14:28 <DIR> dr-h----- C:\Dokumente und Einstellungen\Peter Pan\Recent
2006-12-16 14:24 <DIR> d-------- C:\fixwareout
2006-12-14 22:11 <DIR> d-------- C:\Programme\ClearProg
2006-12-14 20:52 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2006-12-14 20:39 <DIR> d-------- C:\Programme\VirusBurster
2006-12-14 18:02 <DIR> d--hs---- C:\Config.Msi
2006-12-13 19:34 19,456 --a------ C:\WINDOWS\system32\qrzsyr.dll
2006-12-13 19:34 <DIR> d-------- C:\Programme\Video ActiveX Object
2006-12-13 16:17 61,584 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-12-13 16:17 59,536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-12-13 16:17 <DIR> d-------- C:\Programme\Kaspersky Lab
2006-12-13 16:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2006-12-11 08:38 <DIR> d--hs---- C:\FOUND.017
2006-12-02 20:41 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-02 20:41 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-02 20:41 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-12-01 18:12 <DIR> d--hs---- C:\FOUND.016
2006-11-28 15:14 <DIR> d--hs---- C:\FOUND.015
2006-11-18 17:55 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-11-16 15:36 <DIR> d-------- C:\Programme\xp-AntiSpy


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-15 15:44 18273 --a------ C:\WINDOWS\system32\drivers\klop.sys
2006-11-03 20:35 -------- d-------- C:\Programme\LINGVO~1
2006-11-01 17:42 94314 --a------ C:\WINDOWS\system32\klogon.dll
2006-10-29 18:33 -------- d-------- C:\Programme\HumaxSmartSuite
2006-10-29 18:14 16848 --a------ C:\Dokumente und Einstellungen\Peter Pan\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-10-27 21:10 -------- d-------- C:\Programme\Falk Navigator Premium Edition
2006-10-18 22:31 -------- d-------- C:\Programme\z-defrag
2006-09-28 10:53 13312 --a------ C:\WINDOWS\system32\BASSMOD.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TuneUp MemOptimizer"="\"C:\\Programme\\TuneUp Utilities 2006\\MemOptimizer.exe\" autostart"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"AtiPTA"="atiptaxx.exe"
"SoundFusion"="RunDll32 cwaprops.cpl,CrystalControlWnd"
"Apoint"="C:\\Programme\\Apoint2K\\Apoint.exe"
"CeEPOWER"="C:\\WINDOWS\\System32\\CePMTray.exe"
"CPATR10"="C:\\PROGRA~1\\EzButton\\CPATR10.EXE"
"CeEKey.exe"="C:\\Programme\\TOSHIBA\\E-KEY\\CeEKey.exe"
"eBayToolbar"="C:\\Programme\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"AVP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,cb,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"1&1 EasyLogin"="\"C:\\Programme\\1&1\\1&1 EasyLogin\\EasyLogin.exe\" HIDE"
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"IDMan"="C:\\Programme\\Internet Download Manager\\IDMan.exe /onboot"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"AVMWlanClient"="C:\\Programme\\avmwlanstick\\wlangui.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"OpwareSE2"="\"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"Kill Window"="\"C:\\Programme\\Kill Window 2.0\\Kill Window 2.0.exe\""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee - Virenscan - Mein Computer (LAPTOP-Peter Pan).job
C:\WINDOWS\tasks\AC52012693A1B2FA.job
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 06-12-16 14:52:05.45
C:\ComboFix.txt ... 06-12-16 14:52
Dieser Beitrag wurde am 16.12.2006 um 14:55 Uhr von mustang_sb editiert.
Seitenanfang Seitenende
16.12.2006, 14:39
...neu hier

Beiträge: 1
#54 Hallo,

habe mir leider auch den Virusbuster eingefangen.

Hier meine Log:

Logfile of HijackThis v1.99.1
Scan saved at 14:30:36, on 16.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\LG Software\IP Operator\IP Operator.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\lg_swupdate\Gilautouc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\test\Desktop\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - C:\WINDOWS\system32\xqpauzx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe


test - 06-12-16 14:51:27,00 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\test\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-16 to 2006-12-16 ))))))))))))))))))))))))))))))))))


2006-12-16 14:41 <DIR> d-------- C:\Program Files\CleanUp!
2006-12-16 13:20 <DIR> d-------- C:\Program Files\SopCast
2006-12-16 13:20 <DIR> d-------- C:\Documents and Settings\test\Application Data\SopCast
2006-12-16 11:42 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-14 20:24 <DIR> d-------- C:\Program Files\CDex_170b2
2006-12-13 21:21 61,584 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-12-13 21:21 59,536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-12-13 21:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2006-12-13 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2006-12-13 21:04 <DIR> d-------- C:\KAV
2006-12-11 13:19 18,432 --a------ C:\WINDOWS\system32\xqpauzx.dll
2006-12-11 13:19 <DIR> d-------- C:\Program Files\Virus-Bursters
2006-12-11 13:19 <DIR> d-------- C:\Program Files\Video ActiveX Object
2006-11-30 23:29 <DIR> d-------- C:\Program Files\ICQLite
2006-11-30 23:29 <DIR> d-------- C:\Documents and Settings\test\Application Data\ICQLite
2006-11-28 21:08 <DIR> d-------- C:\Documents and Settings\test\Application Data\Roxio
2006-11-25 11:55 <DIR> d-------- C:\Program Files\Napster
2006-11-25 11:55 <DIR> d-------- C:\Program Files\Common Files\Napster Shared
2006-11-25 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster
2006-11-18 08:39 <DIR> d-------- C:\Documents and Settings\test\Application Data\vlc
2006-11-18 08:37 <DIR> d-------- C:\Program Files\Real
2006-11-18 08:37 <DIR> d-------- C:\Program Files\Common Files\Real
2006-11-18 08:36 <DIR> d-------- C:\Documents and Settings\test\Application Data\Real
2006-11-18 08:35 <DIR> d-------- C:\Meine Downloads
2006-11-18 08:32 <DIR> d-------- C:\Program Files\VideoLAN
2006-11-17 20:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\Ahead
2006-11-17 20:50 <DIR> d-------- C:\Program Files\Nero
2006-11-17 20:50 <DIR> d-------- C:\Program Files\Common Files\Ahead
2006-11-17 06:40 <DIR> d-------- C:\Program Files\PokerStars.NET


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-16 14:49 -------- d-------- C:\Program Files\lg_swupdate
2006-12-16 14:48 -------- d-------- C:\Documents and Settings\test\Application Data\OpenOffice.org2
2006-12-16 14:44 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-12-16 12:41 -------- d-------- C:\Program Files\eMule
2006-12-13 21:15 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-13 21:12 -------- d-------- C:\Program Files\Symantec
2006-12-13 21:10 -------- d-------- C:\Program Files\Common Files
2006-11-25 11:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-20 06:26 -------- d-------- C:\Program Files\Internet Explorer
2006-11-15 15:44 18273 --a------ C:\WINDOWS\system32\drivers\klop.sys
2006-11-09 16:21 -------- d-------- C:\Documents and Settings\test\Application Data\Thunderbird
2006-11-09 16:21 -------- d-------- C:\Documents and Settings\test\Application Data\Talkback
2006-11-09 16:21 -------- d-------- C:\Documents and Settings\test\Application Data\Mozilla
2006-11-09 16:19 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-11-09 15:00 -------- d-------- C:\Program Files\MusicForMasses
2006-11-09 12:38 -------- d-------- C:\Program Files\WinRAR
2006-11-06 16:20 -------- d-------- C:\Documents and Settings\test\Application Data\AdobeUM
2006-11-06 16:19 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-06 16:18 -------- d-------- C:\Program Files\WinZip
2006-11-06 08:34 -------- d-------- C:\Program Files\Messenger
2006-11-06 08:09 -------- d-------- C:\Program Files\Windows Media Player
2006-11-06 08:01 -------- d-------- C:\Program Files\Outlook Express
2006-11-06 08:01 -------- d-------- C:\Program Files\Common Files\System
2006-11-05 21:39 -------- d-------- C:\Documents and Settings\test\Application Data\Apple Computer
2006-11-05 21:37 -------- d-------- C:\Program Files\QuickTime
2006-11-05 21:36 -------- d-------- C:\Program Files\Apple Software Update
2006-11-03 20:26 -------- d-------- C:\Program Files\DVD Shrink
2006-11-02 20:07 -------- d-------- C:\Program Files\Yahoo!
2006-11-01 17:42 94314 --a------ C:\WINDOWS\system32\klogon.dll
2006-11-01 09:45 -------- d-------- C:\Program Files\Microsoft Office
2006-11-01 09:45 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-01 09:17 -------- d-------- C:\Program Files\Adobe
2006-10-24 19:03 -------- d-------- C:\Documents and Settings\test\Application Data\Adobe
2006-10-20 11:30 -------- d-------- C:\Documents and Settings\test\Application Data\Propellerhead Software
2006-10-20 10:13 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2006-10-20 10:13 225280 --a------ C:\WINDOWS\system32\ReWire.dll
2006-10-17 20:38 -------- d-------- C:\Documents and Settings\test\Application Data\Corel
2006-10-17 20:34 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SRSTrayApp"="C:\\Program Files\\SRS Labs\\WOWXT and TSXT Driver\\SRSTrayApp.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"IPO3"="\"C:\\Program Files\\LG Software\\IP Operator\\IP Operator.exe\" -aUtOsTaRtFrOmReG"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"batterymiser"="\"C:\\Program Files\\LG Software\\Battery Miser\\batterymiser.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"KeybdUtility"="\"C:\\Program Files\\LG Software\\On Screen Display\\HotKey.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"LG Intelligent Update"="\"C:\\Program Files\\lg_swupdate\\autoupdate.exe\" Gilautouc"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"OmniPass"="C:\\Program Files\\Softex\\OmniPass\\scureapp.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"LG Direct Media Button Service"="LGDMEBTN.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"MsgCenterExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
"ICQ Lite"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{f2efa195-4785-4db1-9316-b48c64bb71da}"="blippers"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"="BatteryMiser Psap Shl Ext"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"blippers"="{f2efa195-4785-4db1-9316-b48c64bb71da}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis entries set to ignore ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

O2 - BH
Completion time: 06-12-16 14:52:12.06
C:\ComboFix.txt ... 06-12-16 14:52


Vielen Dank schon mal
Dieser Beitrag wurde am 16.12.2006 um 14:54 Uhr von Kalla79 editiert.
Seitenanfang Seitenende
16.12.2006, 15:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#55 mustang_sb

««
Problem: Windows Script Host
Variante 1: falls xpantispy installiert ist, dort den Windows Script Host freischalten

Hosts freischalten - mit dem xp-antispy
Starten ==> unter "Diverse Einstellungen"
[ ] Windows Scripting Host deaktivieren
Davor den Haken wegnehmen und unten auf "Einstellungen Uebernehmen" klicken.

Variante 2: Schau mal, ob es in der Registry (Start -> Ausführen -> regedit) bei dir unter: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings einen Eintrag mit dem Namen Enabled gibt. Wenn ja, dann weise diesem den Wert 1 zu, dann ist der Scripting Host wieder aktiviert. (dann den PC neustarten)

««
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|boob
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{01b55afa-f451-474b-9e91-c35b24d02641}

registry keys to delete:
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKLM\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKLM\SOFTWARE\Classes\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6470B552-2B54-4AAB-BFA2-9376A5328AEC}
HKLM\SOFTWARE\VirusBurster
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurster

Files to delete:
C:\WINDOWS\system32\qrzsyr.dll
C:\WINDOWS\tasks\AC52012693A1B2FA.job
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\VirusBurster 6.3.lnk

Folders to delete:
C:\Programme\VirusBurster
C:\Programme\Video ActiveX Object
C:\Programme\Kill Window 2.0
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

--------------------------------------------------------------------

»»
scanne und poste hier den scanrpeort
http://virus-protect.org/artikel/tools/fixwareout.html

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)

O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll

O2 - BHO: (no name) - {90DDB9D8-A752-17E1-F7EA-8D366F7D007E} - (no file)

O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{679D82D3-CF0C-4E00-9346-037D85384E69}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD453072-E347-4B7E-8061-2AA19D899734}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC6BCC9B-BAFD-4935-B499-9C8579105CC1}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
PC neustarten


»»
poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.12.2006, 15:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#56 Kalla79

arbeite das avengerscript ab (videoactive.zip laden - entpacken und den videoactive.txt anwenden) - danach scanne mit smitfraudfix
http://virus-protect.org/artikel/spyware/videoactivexobject.html

p.s. was ich nicht in englisch im script habe - loescht der smitfraudfix ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.12.2006, 17:12
...neu hier
Avatar mustang_sb

Beiträge: 7
#57 Hi,

hier ist das Logfile von Avenger,


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qxowlgyo

*******************

Script file located at: \??\C:\WINDOWS\System32\fyhjjcvg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\qrzsyr.dll deleted successfully.
File C:\WINDOWS\tasks\AC52012693A1B2FA.job deleted successfully.
Folder C:\Programme\VirusBurster deleted successfully.
Folder C:\Programme\Video ActiveX Object deleted successfully.
Folder C:\Programme\Kill Window 2.0 deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully.
Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{01b55afa-f451-474b-9e91-c35b24d02641} deleted successfully.
Registry key HKLM\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6470B552-2B54-4AAB-BFA2-9376A5328AEC} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
16.12.2006, 17:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#58 mustang_sb

nun arbeite alles weitere genaustens ab ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.12.2006, 17:45
...neu hier
Avatar mustang_sb

Beiträge: 7
#59 Hi,

hier der Report von Fixwareout,

Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

...
...
Reg Entries that were deleted


Das Log von Hijackthis,


Logfile of HijackThis v1.99.1
Scan saved at 17:46:39, on 16.12.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Programme\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\Programme\Apoint2K\Apntex.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Peter Pan\Desktop\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {90DDB9D8-A752-17E1-F7EA-8D366F7D007E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [CeEKey.exe] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download All Links with IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Download with IDM - C:\Programme\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{679D82D3-CF0C-4E00-9346-037D85384E69}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD453072-E347-4B7E-8061-2AA19D899734}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC6BCC9B-BAFD-4935-B499-9C8579105CC1}: NameServer = 85.255.116.136,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.136 85.255.112.13
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe


...

Random Runs removed from HKLM
...
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

...
Dieser Beitrag wurde am 16.12.2006 um 17:55 Uhr von mustang_sb editiert.
Seitenanfang Seitenende
16.12.2006, 17:49
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#60 o.k.
nun fixe die angegebenen Dateien mit hijackThis, nach neustart poste das neue log vom HijacktHis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende