VirusBuster eingefangen |
||
---|---|---|
#0
| ||
06.12.2006, 17:31
...neu hier
Beiträge: 6 |
||
|
||
06.12.2006, 19:12
Ehrenmitglied
Beiträge: 29434 |
#2
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.12.2006, 16:27
...neu hier
Themenstarter Beiträge: 6 |
#3
hallo nochmal !
ich war auf der seite http://virus-protect.org/artikel/tools/combofix.html und habe combofix heruntergeladen. beim doppelklick war für eine millisekunde das schwarze eingabefenster zu sehen und sonst nix. MfG japeli |
|
|
||
07.12.2006, 16:31
Ehrenmitglied
Beiträge: 29434 |
#4
japeli
arbeite das avenger script und smitfraudfix ab http://virus-protect.org/artikel/spyware/videoactivexobject.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.12.2006, 11:49
...neu hier
Beiträge: 8 |
#5
Grüße Sabina,
ich hätte da auch dieses ärgerliche Prob mit dem dämlichen Icon. Vielleicht kannst Du auch mir helfen? Bitte, bitte! Logfile of HijackThis v1.99.1 Scan saved at 11:15:37, on 08.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\Explorer.EXE I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Distillr\Acrotray.exe I:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\Programme\HP Software Update\HPWuSchd2.exe C:\Programme\LGDCore.exe I:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\LCDMon.exe I:\Programme\Alwil Software\Avast4\ashServ.exe I:\WINDOWS\system32\nvsvc32.exe C:\Programme\Applets\LCDPop3\LCDPOP3.exe C:\Programme\Applets\LCDCountdown\LCDCountdown.exe I:\WINDOWS\system32\svchost.exe C:\Programme\Applets\LCDMedia.exe C:\Programme\Applets\LCDClock.exe C:\Programme\Digital Imaging\bin\hpqtra08.exe I:\Programme\Logitech\SetPoint\SetPoint.exe I:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Digital Imaging\bin\hpqSTE08.exe I:\Programme\Alwil Software\Avast4\ashMaiSv.exe I:\Programme\Alwil Software\Avast4\ashWebSv.exe I:\WINDOWS\system32\wscntfy.exe I:\Programme\Internet Explorer\iexplore.exe C:\Software downloads\Hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.Aon.at R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.de.netscape.com/de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.de.netscape.com/de/home/winsearch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.de.netscape.com/de/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.de.netscape.com/de/home/winsearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.de.netscape.com/de/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.de.netscape.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.at/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "I:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Xfire] Xfire.exe /minimize O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\LCDMon.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\Software downloads\Hijack\HijackThis.exe /startupscan O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = I:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart17.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = I:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Office\OSA9.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{7B874008-B015-4B3C-9701-371168C7B232}: NameServer = 195.3.96.67 195.3.96.68 O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - I:\WINDOWS\system32\vcehaeb.dll O23 - Service: Adobe LM Service - Adobe Systems - I:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - I:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - I:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - I:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - I:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - I:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - I:\Programme\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe ComboFix Veritas - 06-12-08 11:44:58,71 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Software downloads" ((((((((((((((((((((((((((((((( Files Created from 2006-11-08 to 2006-12-08 )))))))))))))))))))))))))))))))))) 2006-12-08 03:42 <DIR> dr-h----- I:\Dokumente und Einstellungen\Veritas\Recent 2006-12-07 19:52 17,920 --a------ I:\WINDOWS\system32\vcehaeb.dll 2006-12-07 19:51 <DIR> d-------- I:\Programme\Video ActiveX Object 2006-12-07 19:37 221,184 --a------ I:\WINDOWS\system32\wmpns.dll 2006-12-07 01:24 <DIR> d-------- I:\Programme\Gemeinsame Dateien\Blizzard Entertainment 2006-11-23 16:09 <DIR> d-------- I:\Dokumente und Einstellungen\Veritas\Anwendungsdaten\Sony 2006-11-08 01:21 <DIR> d-------- I:\Programme\Microsoft Office 2006-11-08 01:20 <DIR> d-------- I:\Programme\AnswerWorks 4.0 2006-11-08 01:11 <DIR> d-------- I:\Dokumente und Einstellungen\Veritas\Anwendungsdaten\Autodesk 2006-11-08 01:11 <DIR> d-------- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk 2006-11-08 01:09 <DIR> d-------- I:\Programme\Gemeinsame Dateien\Autodesk Shared 2006-11-08 01:09 <DIR> d-------- I:\Programme\Autodesk 2006-11-08 00:44 <DIR> dr--s---- I:\WINDOWS\assembly 2006-11-08 00:44 <DIR> d-------- I:\WINDOWS\Microsoft.NET (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-28 19:02 -------- d-------- I:\Dokumente und Einstellungen\Veritas\Anwendungsdaten\teamspeak2 2006-11-26 20:00 -------- d--h----- I:\Programme\InstallShield Installation Information 2006-11-08 01:19 -------- d-------- I:\Programme\Gemeinsame Dateien\Microsoft Shared 2006-11-08 01:19 -------- d-------- I:\Programme\Gemeinsame Dateien\Designer 2006-11-08 01:09 -------- d-------- I:\Programme\Gemeinsame Dateien 2006-11-08 00:44 -------- d-------- I:\Programme\Internet Explorer 2006-11-04 16:32 -------- d-------- I:\Programme\Java 2006-10-16 15:45 -------- d-------- I:\Dokumente und Einstellungen\Veritas\Anwendungsdaten\DivX 2006-10-16 15:39 -------- d-------- I:\Programme\DivX 2006-10-02 20:04 806912 --a--c--- I:\WINDOWS\system32\divx_xx0c.dll 2006-10-02 20:04 806912 --a------ I:\WINDOWS\system32\divx_xx07.dll 2006-10-02 20:04 790528 --a--c--- I:\WINDOWS\system32\divx_xx11.dll 2006-10-02 20:04 635486 --a------ I:\WINDOWS\system32\DivX.dll 2006-09-25 16:45 666240 --a------ I:\WINDOWS\system32\aswBoot.exe 2006-09-25 16:37 90112 --a------ I:\WINDOWS\system32\AVASTSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "HijackThis startup scan"="C:\\Software downloads\\Hijack\\HijackThis.exe /startupscan" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "avast!"="I:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "QuickTime Task"="\"I:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "Xfire"="Xfire.exe /minimize" "Acrobat Assistant 7.0"="\"C:\\Programme\\Distillr\\Acrotray.exe\"" @="" "NvCplDaemon"="RUNDLL32.EXE I:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE I:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "SunJavaUpdateSched"="\"I:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "HP Software Update"="C:\\Programme\\HP Software Update\\HPWuSchd2.exe" "Launch LGDCore"="\"C:\\Programme\\LGDCore.exe\" /SHOWHIDE" "Launch LCDMon"="\"C:\\Programme\\LCDMon.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "Flag"=dword:00000084 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,cb,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="I:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="I:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=hex:91,00,00,00 "CDRAutoRun"=dword:00000000 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=hex:91,00,00,00 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "flammei"="{9d635a36-6b3c-4146-8625-f3aaf507bbf8}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Programme\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-12-08 11:45:38.09 I:\ComboFix.txt ... 06-12-08 11:45 I:\ComboFix2.txt ... 06-12-08 11:03 I:\ComboFix3.txt ... 06-12-08 10:49 Vielen Dank im voraus! |
|
|
||
08.12.2006, 13:17
Ehrenmitglied
Beiträge: 29434 |
#6
Divus
«« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html poste hier den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.12.2006, 11:08
...neu hier
Beiträge: 8 |
#7
Danke für die rasche Hilfe!
SmitFraudFix v2.128 Scan done at 11:01:24,04, 09.12.2006 Run from C:\Software downloads\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» I:\ »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32 I:\WINDOWS\system32\vcehaeb.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» I:\Dokumente und Einstellungen\Veritas »»»»»»»»»»»»»»»»»»»»»»»» I:\Dokumente und Einstellungen\Veritas\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» I:\DOKUME~1\Veritas\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» I:\Programme I:\Programme\Video ActiveX Object\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei" [HKEY_CLASSES_ROOT\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32] @="I:\WINDOWS\system32\vcehaeb.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32] @="I:\WINDOWS\system32\vcehaeb.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Ich starte mal neu und folge den Anweisungen! ----------------------------------------------------- Leider komm ich nicht in den abgesicherten Modus, hab die Option 2 von Clean UP trotzdem mal probiert... Clean UP konnte zwar nicht alles löschen, aber das Bursters-Ding war anscheinend nicht dabei. Icon ist weg! Vielen herzlichen Dank Sabina! Dieser Beitrag wurde am 09.12.2006 um 11:42 Uhr von Divus editiert.
|
|
|
||
09.12.2006, 15:16
Ehrenmitglied
Beiträge: 29434 |
#8
Divus
Zum Ueberpruefen: Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste hier das log vom avenger, was nach neustart erscheint __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.12.2006, 15:33
...neu hier
Beiträge: 8 |
#9
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mesgnjcg ******************* Script file located at: \??\I:\WINDOWS\system32\hjgagplb.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at I:\Avenger ******************* Beginning to process script file: File I:\WINDOWS\system32\vcehaeb.dll not found! Deletion of file I:\WINDOWS\system32\vcehaeb.dll failed! Could not process line: I:\WINDOWS\system32\vcehaeb.dll Status: 0xc0000034 Folder I:\Programme\Video ActiveX Object not found! Deletion of folder I:\Programme\Video ActiveX Object failed! Could not process line: I:\Programme\Video ActiveX Object Status: 0xc0000034 Could not delete registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|flammei Deletion of registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|flammei failed! Status: 0xc0000034 Could not delete registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{9d635a36-6b3c-4146-8625-f3aaf507bbf8} Deletion of registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{9d635a36-6b3c-4146-8625-f3aaf507bbf8} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8} not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 17:01:46, on 06.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe
C:\Programme\Medion\MEDIONbox\Program\GCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\SMSC\SetIcon.exe
C:\Programme\Home Cinema\TV Enhance\TVEService.exe
C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\laufwerk y\setups\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Programme\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SetIcon] \Programme\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TVEService] "C:\Programme\Home Cinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [GnabTray] C:\Programme\Gemeinsame Dateien\Gnab\Service\GnabTray.exe -checkstart
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160402350437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161001832152
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll
O23 - Service: GnabService - Empolis GmbH - c:\programme\gemeinsame dateien\gnab\service\servicecontroller.exe
O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Ich habe versucht combfix.exe zu starten und habe folgende Meldung erhalten: combofix exe hat eine problem festgestellt und muß beendet werden
Danke