Home » Viren, Trojaner & Malware Forum » Virusbuster/ Silver Codec- Problem! » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Virusbuster/ Silver Codec- Problem!

Thema ist geschlossen!

27.11.2006, 11:26

Permafrost

...neu hier

Beiträge: 5

#1 Habe Silver Codec instaliert und damit auch den Virusbaster. Werde das Zeug jetzt nicht wieder los. Hilfe!!!

Hier die logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:07:28, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Silver Codec\isamonitor.exe
C:\Programme\Silver Codec\pmsngr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\TOSHIBA\Power Management\CePMTray.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Silver Codec\pmmon.exe
C:\Programme\Silver Codec\isamini.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\ArcorOnline\Arcor.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\jakob\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Programme\Silver Codec\isaddon.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Programme\Silver Codec\iesplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CeEPOWER] C:\Programme\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{10322257-A27E-401B-ADDB-BB3ED55DE43D}: NameServer = 195.50.140.114 195.50.140.252
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: amaranthaceous - {4fc003c3-87a0-489c-85cd-878246eb2d18} - C:\WINDOWS\system32\oebxpba.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programme\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

27.11.2006, 12:33

Sabina

Ehrenmitglied

Beiträge: 29434

#2 Permafrost

1.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

2.
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Silver Codec

in edit und klicke "Ok".
Notepad wird sich öffnen - poste , was erscheint hier

3.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{4fc003c3-87a0-489c-85cd-878246eb2d18}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|amaranthaceous
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}
HKLM\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}
HKLM\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Silver Codec
HKLM\SOFTWARE\Classes\CLSID\{4fc003c3-87a0-489c-85cd-878246eb2d18}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C97C3B7C-E022-4FA8-B1A7-1C28270FFAFF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virus-bursters.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Virus-Bursters

Files to delete:
C:\WINDOWS\system32\oebxpba.dll

Folders to delete:
C:\Programme\Gemeinsame Dateien\Totem Shared
C:\Programme\Silver Codec
C:\Programme\Virus-Bursters
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\~nsu.tmp

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

27.11.2006, 12:56

Permafrost

...neu hier

Themenstarter

Beiträge: 5

#3 Hier der Combofix Log:

jakob - 06-11-27 12:42:21,76 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\jakob\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\taskmgr.com

((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 ))))))))))))))))))))))))))))))))))

2006-11-27 10:34 77,824 --a------ C:\WINDOWS\system32\oebxpba.dll
2006-11-27 10:34 <DIR> d-------- C:\Programme\Virus-Bursters
2006-11-27 10:33 <DIR> d-------- C:\Programme\Silver Codec
2006-11-26 19:27 <DIR> d-------- C:\Programme\Elaborate Bytes
2006-11-26 19:19 39,488 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-11-26 19:19 <DIR> d-------- C:\Programme\CloneDVD
2006-11-16 12:46 <DIR> d-------- C:\Programme\MSXML 4.0
2006-11-14 12:37 4 --a------ C:\WINDOWS\info147.sys
2006-11-14 12:37 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Totem Shared
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 14:53 <DIR> d-------- C:\Programme\EA SPORTS

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-27 10:44 -------- d-------- C:\Programme\DC++
2006-11-26 19:34 85 ---hs---- C:\Dokumente und Einstellungen\jakob\Anwendungsdaten\.zreglib
2006-11-21 11:58 33280 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-11-16 12:46 -------- d-------- C:\Programme\Internet Explorer
2006-11-14 12:37 -------- d-a------ C:\Programme\Gemeinsame Dateien
2006-11-08 12:47 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-11-07 16:39 -------- d-------- C:\Programme\Gemeinsame Dateien\Nikon
2006-11-01 09:46 -------- d-------- C:\Dokumente und Einstellungen\jakob\Anwendungsdaten\Apple Computer
2006-10-24 18:10 -------- d-------- C:\Programme\Electronic Arts
2006-10-24 17:49 -------- d-------- C:\Programme\arniWORX
2006-10-24 17:47 -------- d-------- C:\Programme\DaemonScript
2006-10-24 17:47 -------- d-------- C:\Programme\D-Tools
2006-10-23 15:59 -------- d-------- C:\Programme\Spybot - Search & Destroy
2006-10-23 15:35 -------- d-------- C:\Programme\ArcorOnline
2006-10-22 14:06 -------- d-------- C:\Programme\RegCleaner
2006-10-22 14:02 -------- d-------- C:\Programme\Gemeinsame Dateien\Lexware
2006-10-16 20:26 -------- d-------- C:\Dokumente und Einstellungen\jakob\Anwendungsdaten\AdobeUM
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-15 15:39 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TuneUp MemOptimizer"="\"C:\\Programme\\TuneUp Utilities 2006\\MemOptimizer.exe\" autostart"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"CeEPOWER"="C:\\Programme\\TOSHIBA\\Power Management\\CePMTray.exe"
@=""
"DAEMON Tools-1033"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{4fc003c3-87a0-489c-85cd-878246eb2d18}"="amaranthaceous"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:ff,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Silver Codec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Silver Codec\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"amaranthaceous"="{4fc003c3-87a0-489c-85cd-878246eb2d18}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"CmUsbAudio"="RunDll32 cmcnfg2.cpl,CMICtrlWnd"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Cisco Systems VPN Client.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Cisco Systems VPN Client.lnk"
"backup"="C:\\WINDOWS\\pss\\Cisco Systems VPN Client.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CISCOS~1\\VPNCLI~1\\vpngui.exe \"-user_logon\""
"item"="Cisco Systems VPN Client"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GStartup.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Programme\\Gemeinsame Dateien\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MA521 Configuration Utility.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\MA521 Configuration Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\MA521 Configuration Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~2\\NETGEAR\\MA521C~1\\wlancfg5.exe "
"item"="MA521 Configuration Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^RAMASST.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\RAMASST.lnk"
"backup"="C:\\WINDOWS\\pss\\RAMASST.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\RAMASST.exe "
"item"="RAMASST"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Programme\\Apoint2K\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AVGNT"
"hkey"="HKLM"
"command"="\"C:\\Programme\\AVPersonal\\AVGNT.EXE\" /min"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CeEKey"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\E-KEY\\CeEKey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CePMTray"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\Power Management\\CePMTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbAudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmcnfg2"
"hkey"="HKLM"
"command"="RunDll32 cmcnfg2.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CplBTQ00]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CplBTQ00"
"hkey"="HKLM"
"command"="C:\\Programme\\EzButton\\CplBTQ00.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NDSTray"
"hkey"="HKLM"
"command"="NDSTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPTray"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\TouchPad\\TPTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whSurvey"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\webHancer\\Programs\\whSurvey.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 06-11-27 12:44:04.89
C:\ComboFix.txt ... 06-11-27 12:44

...und der von RegSearch:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 27.11.2006 12:51:45 for strings:
; 'silver codec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}\InprocServer32]
@="C:\\Programme\\Silver Codec\\iesplugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}\InprocServer32]
@="C:\\Programme\\Silver Codec\\isaddon.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Silver Codec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Silver Codec\\pmsngr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006]
"UninstallString"="\"C:\\Programme\\Silver Codec\\iesuninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On]
"UninstallString"="\"C:\\Programme\\Silver Codec\\isauninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03]
"UninstallString"="\"C:\\Programme\\Silver Codec\\pmuninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Silver Codec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Silver Codec]
"DisplayName"="Silver Codec 6.0"
"UninstallString"="C:\\Programme\\Silver Codec\\uninst.exe"
"DisplayIcon"="C:\\Programme\\Silver Codec\\uninst.exe"
"Publisher"="Silver Codec Software"

[HKEY_USERS\S-1-5-21-3539639957-1223570015-4233147273-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\Silver Codec\\pmsngr.exe"="pmsngr"

; End Of The Log...

Danke schoneinmal!!!

27.11.2006, 13:23

Sabina

Ehrenmitglied

Beiträge: 29434

#4 du kannst nun dein Avengerscript anwenden, poste dann das log, was nach neustart erscheint, sowie die logs von smitfraudfix

Silver Codec - Info
http://virus-protect.org/artikel/spyware/silvercodec_remove.html
__________
MfG Sabina

rund um die PC-Sicherheit

27.11.2006, 13:35

Permafrost

...neu hier

Themenstarter

Beiträge: 5

#5 Die Avenger Logfile:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vwyikamp

*******************

Script file located at: \??\C:\Program Files\fpbukuah.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\oebxpba.dll not found!
Deletion of file C:\WINDOWS\system32\oebxpba.dll failed!

Could not process line:
C:\WINDOWS\system32\oebxpba.dll
Status: 0xc0000034

Folder C:\Programme\Silver Codec not found!
Deletion of folder C:\Programme\Silver Codec failed!

Could not process line:
C:\Programme\Silver Codec
Status: 0xc0000034

Folder C:\Programme\Virus-Bursters not found!
Deletion of folder C:\Programme\Virus-Bursters failed!

Could not process line:
C:\Programme\Virus-Bursters
Status: 0xc0000034

Folder C:\Dokumente und Einstellungen\jakob\Lokale Einstellungen\Temp\~nsu.tmp not found!
Deletion of folder C:\Dokumente und Einstellungen\jakob\Lokale Einstellungen\Temp\~nsu.tmp failed!

Could not process line:
C:\Dokumente und Einstellungen\jakob\Lokale Einstellungen\Temp\~nsu.tmp
Status: 0xc0000034

Could not delete registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{4fc003c3-87a0-489c-85cd-878246eb2d18}
Deletion of registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{4fc003c3-87a0-489c-85cd-878246eb2d18} failed!
Status: 0xc0000034

Could not delete registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|amaranthaceous
Deletion of registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|amaranthaceous failed!
Status: 0xc0000034

Could not delete registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
Deletion of registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe failed!
Status: 0xc0000034

Could not delete registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
Deletion of registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200} not found!
Deletion of registry key HKLM\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5} not found!
Deletion of registry key HKLM\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Silver Codec not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Silver Codec failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Classes\CLSID\{4fc003c3-87a0-489c-85cd-878246eb2d18} not found!
Deletion of registry key HKLM\SOFTWARE\Classes\CLSID\{4fc003c3-87a0-489c-85cd-878246eb2d18} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C97C3B7C-E022-4FA8-B1A7-1C28270FFAFF} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C97C3B7C-E022-4FA8-B1A7-1C28270FFAFF} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Virus-Bursters not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Virus-Bursters failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virus-bursters.exe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virus-bursters.exe failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Bursters not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Bursters failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Bursters not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Bursters failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Virus-Bursters not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Virus-Bursters failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

....und der rest:

1:

SmitFraudFix v2.124

Scan done at 13:36:24,89, 27.11.2006
Run from C:\Dokumente und Einstellungen\jakob\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\jakob

»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\jakob\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\jakob\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

2:

SmitFraudFix v2.124

Scan done at 13:40:37,65, 27.11.2006
Run from C:\Dokumente und Einstellungen\jakob\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Ich glaube jetzt ist alles wieder ok! Danke sehr!!!

Dieser Beitrag wurde am 27.11.2006 um 13:44 Uhr von Permafrost editiert.

27.11.2006, 14:00

Akimobo

...neu hier

Beiträge: 1

#6 Ich habe mir das auch eingefangen....

hoffe mir wird auch geholfen.Danke im Vorraus

hier meine log files

Logfile of HijackThis v1.99.1
Scan saved at 13:57:26, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOKUME~1\Karpfen\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Dokumente und Einstellungen\Karpfen\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aceradvantage.com/stdreg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: amaranthaceous - {4fc003c3-87a0-489c-85cd-878246eb2d18} - C:\WINDOWS\system32\oebxpba.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

ich habs jetzt mal genauso gemacht wie permafrost und bei mir ist jetz auch alles weg! danke trotzdem

Dieser Beitrag wurde am 27.11.2006 um 14:48 Uhr von Akimobo editiert.

27.11.2006, 15:19

Sabina

Ehrenmitglied

Beiträge: 29434

#7 Permafrost

wende das avenger script noch eimal an (siehe oben) - es gab noch andere malware, als der Codec... ), denn ich hatte editiert, dann sollte wieder alles i.o. sein

__________
MfG Sabina

rund um die PC-Sicherheit

27.11.2006, 20:18

Permafrost

...neu hier

Themenstarter

Beiträge: 5

#8 Habe nun avanger mit den oben von Dir geposteten Angaben nochmal laufen lassen und es kam eine fehlermeldung:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error: could not create new script file.
Error code: 1813
Error logged to errorlog.txt. Aborting now!

Hab ich vieleicht was falsch gemacht???

27.11.2006, 23:40

Sabina

Ehrenmitglied

Beiträge: 29434

#9 ja, wahrscheinlich hast du "Zitat" oder irgendwas anderes mit reinkopiert

Lies es auf der seite noch mal genau durch, wie man es korrekt macht.
__________
MfG Sabina

rund um die PC-Sicherheit

28.11.2006, 10:13

Permafrost

...neu hier

Themenstarter

Beiträge: 5

#10 Ok, jetzt hat es funktioniert! War mein fehler!
Vielen dank für den Einsatz!!!

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1