Home » Spyware & Browser Hijacker Support Forum » Blinkendes Fragezeichen in TaskL./System Alert! » Themenansicht
Blinkendes Fragezeichen in TaskL./System Alert!Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
17.12.2006, 11:06
Member
Beiträge: 23 |
||
 
|
|
|
|
17.12.2006, 12:31
Ehrenmitglied
 Beiträge: 29434 |
#2
Emie
1. Erstellen eines Hijackthis-Logfiles http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" 2. Folgen den Anweisungen unter http://virus-protect.org/cleanup.html und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht) 3. combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten http://virus-protect.org/artikel/tools/combofix.html __________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.12.2006, 14:02
Member
Themenstarter Beiträge: 23 |
#3
Okay habe ich alles gemacht...:
1.Schritt: Logfile of HijackThis v1.99.1 Scan saved at 12:39:30, on 17.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\ASUS\ASUS Live Update\ALU.exe C:\Programme\ASUS\Power4 Gear\BatteryLife.exe C:\Programme\Wireless Console 2\wcourier.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Valve\Steam\Steam.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Xfire\Xfire.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Windows Media Player\wmplayer.exe C:\Dokumente und Einstellungen\Fabi\Desktop\avenger.exe C:\Programme\eMule\emule.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe C:\Dokumente und Einstellungen\Fabi\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Steam] C:\Programme\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: .protected O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: .protected O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AB987680-A0D8-493F-8814-153768C12512}: NameServer = 192.168.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_77.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 2.Schritt: Fabi - 06-12-17 13:44:59,09 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\Fabi\Desktop\Downloads" ((((((((((((((((((((((((((((((( Files Created from 2006-11-17 to 2006-12-17 )))))))))))))))))))))))))))))))))) 2006-12-17 00:25 20,992 --a------ C:\WINDOWS\system32\hjpprpu.dll 2006-12-17 00:25 <DIR> d-------- C:\Programme\AntiVermins 2006-12-16 21:48 <DIR> d-------- C:\Programme\Video ActiveX Object 2006-12-16 18:19 <DIR> d--hs---- C:\FOUND.000 2006-12-15 20:34 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2006-12-12 14:30 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2006-12-12 14:30 <DIR> d-------- C:\Programme\Windows Media Connect 2 2006-12-12 14:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2006-11-26 10:36 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Office Genuine Advantage 2006-11-25 10:43 <DIR> d-------- C:\Garmin 2006-11-25 09:57 7,296 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys 2006-11-25 09:57 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys 2006-11-25 09:57 17,024 --a------ C:\WINDOWS\system32\drivers\grmngen.sys 2006-11-25 09:57 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys 2006-11-25 09:57 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys 2006-11-23 14:08 <DIR> d-------- C:\WINDOWS\WBEM 2006-11-23 14:08 <DIR> d-------- C:\WINDOWS\system32\de-de 2006-11-23 14:07 <DIR> d--h----- C:\WINDOWS\ie7 2006-11-23 14:06 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2006-11-23 14:05 <DIR> d-------- C:\WINDOWS\network diagnostic 2006-11-19 14:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-09 14:58 37752 --a------ C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2006-11-09 20:06 532480 --a------ C:\WINDOWS\system32\Coke Zero Screensaver.scr 2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-11-03 10:02 8282112 --a------ C:\WINDOWS\system32\wmploc.dll 2006-11-03 09:56 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-11-03 09:55 275968 --a------ C:\WINDOWS\system32\wmerror.dll 2006-11-03 09:54 8192 --a------ C:\WINDOWS\system32\asferror.dll 2006-11-02 11:51 43008 --------- C:\WINDOWS\system32\wpdshextres.dll 2006-10-28 14:06 41888 --a------ C:\WINDOWS\system32\drivers\Oreans.sys 2006-10-28 12:02 -------- d-------- C:\Dokumente und Einstellungen\Fabi\Anwendungsdaten\Real 2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll 2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe 2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe 2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll 2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll 2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll 2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll 2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll 2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll 2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll 2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll 2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll 2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll 2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll 2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\WMDRMdev.dll 2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll 2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll 2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll 2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll 2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\WMDRMNet.dll 2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll 2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll 2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll 2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll 2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll 2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll 2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\Audiodev.dll 2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\MsPMSNSv.dll 2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll 2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll 2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll 2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll 2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll 2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll 2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll 2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll 2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll 2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll 2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll 2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\MsPMSP.dll 2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll 2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll 2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll 2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll 2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll 2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll 2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll 2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll 2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll 2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll 2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll 2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll 2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll 2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll 2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe 2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys 2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe 2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe 2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-14 21:35 876844 --a------ C:\WINDOWS\JI-scrsaver02.exe 2006-10-14 21:35 61064 --a------ C:\WINDOWS\system32\Launchhk.dll 2006-10-14 21:35 274056 --a------ C:\WINDOWS\system32\Jana Ina Screensaver.scr 2006-10-14 21:35 180224 --a------ C:\WINDOWS\UnSc8682.exe 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-09 20:42 1433334 --a------ C:\WINDOWS\dh_screensaver2.exe 2006-10-09 20:42 104360 --a------ C:\WINDOWS\dh_screensaver2.scr 2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll 2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll 2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll 2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll 2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll 2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe 2006-09-26 21:00 28672 --a------ C:\WINDOWS\gscr.dll 2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-09-23 22:41 10037 -r-h----- C:\WINDOWS\system32\tmp_yjc.exe 2006-09-17 20:18 16 --a------ C:\WINDOWS\system32\oggtime.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "Steam"="C:\\Programme\\Valve\\Steam\\\\Steam.exe -silent" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "ASUS Live Update"="C:\\Programme\\ASUS\\ASUS Live Update\\ALU.exe" "Power_Gear"="C:\\Programme\\ASUS\\Power4 Gear\\BatteryLife.exe 1" "Wireless Console 2"="C:\\Programme\\Wireless Console 2\\wcourier.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe" "RemoteControl"="C:\\Programme\\ASUSTeK\\ASUSDVD\\PDVDServ.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "EOUApp"="\"C:\\Programme\\Intel\\Wireless\\Bin\\EOUWiz.exe\"" "DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "SMSERIAL"="sm56hlpr.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 06-12-17 13:45:51.79 C:\ComboFix.txt ... 06-12-17 13:45 Den 2.Schritt habe ich auch gemacht und danch neugestartet... Hammer wenn du aus diesem Text Wir-War rausfinden kannst wie ich diesen Mist loswerde.. Danke! Emie |
|
|
|
|
|
|
17.12.2006, 14:32
Ehrenmitglied
Beiträge: 29434 |
#4
Emie
1. ich brauche noch daten fuer das avengerscript: Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) AntiVermins in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) protected in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. ___________________________________________________________________ «« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html _______________________________________________________________- Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html __________________________________________________________ öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.comPC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.12.2006, 14:49
Member
Themenstarter Beiträge: 23 |
#5
Des wäre des erste:
REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 17.12.2006 14:47:38 for strings: ; 'antivermins' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006}\1.0\0\win32] @="C:\\Programme\\AntiVermins\\AntiVermins.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006}\1.0\HELPDIR] @="C:\\Programme\\AntiVermins\\" ; End Of The Log... Des des 2te: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 17.12.2006 14:46:22 for strings: ; 'protected' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}] @="ProtectedModeAPI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1fe9ff6d-3d95-4c1e-90f6-9f5c418c3791}] @="IProtectedModeAPI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{73C105EE-9DFF-4A07-B83C-7EFF290C266E}] @="IProtectedModeMenuServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio] "InfoTip"="prop:Artist;Album;Year;Track;Duration;Type;Bitrate;Protected;Size" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\video] "InfoTip"="prop:Type;DocTitle;EpisodeName;ProgramDescription;Duration;Bitrate;Dimensions;Protected;Size" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] "PMDisplayName"="Computer [Protected Mode]" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] "PMDisplayName"="Local intranet [Protected Mode]" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] "PMDisplayName"="Trusted sites [Protected Mode]" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] "PMDisplayName"="Internet [Protected Mode]" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] "PMDisplayName"="Restricted sites [Protected Mode]" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands] ; Contents of value: ; %systemroot%\system32\asr_pfu.exe /backup "ASR protected file utility"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,\ 79,73,74,65,6d,33,32,5c,61,73,72,5f,70,66,75,2e,65,78,65,20,2f,62,61,63,6b,\ 75,70,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\KeysNotToRestore] ; Contents of value: ; CurrentControlSet\Control\Session Manager\AllowProtectedRenames ; "Session Manager"=hex(7):43,75,72,72,65,6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,\ 43,6f,6e,74,72,6f,6c,5c,53,65,73,73,69,6f,6e,20,4d,61,6e,61,67,65,72,5c,41,\ 6c,6c,6f,77,50,72,6f,74,65,63,74,65,64,52,65,6e,61,6d,65,73,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDSTORAGE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000] "Service"="ProtectedStorage" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000\Control] "ActiveService"="ProtectedStorage" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs\Aliases] ; Contents of value: ; protected_storage ; netlogon lsarpc samr ; lsarpc samr ; samr ; "lsass"=hex(7):70,72,6f,74,65,63,74,65,64,5f,73,74,6f,72,61,67,65,00,6e,65,74,\ 6c,6f,67,6f,6e,00,6c,73,61,72,70,63,00,73,61,6d,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage\Enum] "0"="Root\\LEGACY_PROTECTEDSTORAGE\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\BackupRestore\KeysNotToRestore] ; Contents of value: ; CurrentControlSet\Control\Session Manager\AllowProtectedRenames ; "Session Manager"=hex(7):43,75,72,72,65,6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,\ 43,6f,6e,74,72,6f,6c,5c,53,65,73,73,69,6f,6e,20,4d,61,6e,61,67,65,72,5c,41,\ 6c,6c,6f,77,50,72,6f,74,65,63,74,65,64,52,65,6e,61,6d,65,73,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PROTECTEDSTORAGE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000] "Service"="ProtectedStorage" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Npfs\Aliases] ; Contents of value: ; protected_storage ; netlogon lsarpc samr ; lsarpc samr ; samr ; "lsass"=hex(7):70,72,6f,74,65,63,74,65,64,5f,73,74,6f,72,61,67,65,00,6e,65,74,\ 6c,6f,67,6f,6e,00,6c,73,61,72,70,63,00,73,61,6d,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ProtectedStorage\Security] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\KeysNotToRestore] ; Contents of value: ; CurrentControlSet\Control\Session Manager\AllowProtectedRenames ; "Session Manager"=hex(7):43,75,72,72,65,6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,\ 43,6f,6e,74,72,6f,6c,5c,53,65,73,73,69,6f,6e,20,4d,61,6e,61,67,65,72,5c,41,\ 6c,6c,6f,77,50,72,6f,74,65,63,74,65,64,52,65,6e,61,6d,65,73,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROTECTEDSTORAGE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000] "Service"="ProtectedStorage" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROTECTEDSTORAGE\0000\Control] "ActiveService"="ProtectedStorage" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs\Aliases] ; Contents of value: ; protected_storage ; netlogon lsarpc samr ; lsarpc samr ; samr ; "lsass"=hex(7):70,72,6f,74,65,63,74,65,64,5f,73,74,6f,72,61,67,65,00,6e,65,74,\ 6c,6f,67,6f,6e,00,6c,73,61,72,70,63,00,73,61,6d,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\Enum] "0"="Root\\LEGACY_PROTECTEDSTORAGE\\0000" [HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider] [HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots] [HKEY_USERS\S-1-5-19\Software\Microsoft\Protected Storage System Provider] [HKEY_USERS\S-1-5-19\Software\Microsoft\SystemCertificates\Root\ProtectedRoots] [HKEY_USERS\S-1-5-20\Software\Microsoft\Protected Storage System Provider] [HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Root\ProtectedRoots] [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Protected Storage System Provider] [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\SystemCertificates\Root\ProtectedRoots] [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0] "PMDisplayName"="My Computer [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1] "PMDisplayName"="Local intranet [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2] "PMDisplayName"="Trusted sites [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3] "PMDisplayName"="Internet [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4] "PMDisplayName"="Restricted sites [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] "PMDisplayName"="My Computer [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] "PMDisplayName"="Local intranet [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] "PMDisplayName"="Trusted sites [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] "PMDisplayName"="Internet [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] "PMDisplayName"="Restricted sites [Protected Mode]" [HKEY_USERS\S-1-5-21-3468256218-2188720373-3568345749-1005\Software\Skype\ProtectedStorage] [HKEY_USERS\S-1-5-18\Software\Microsoft\Protected Storage System Provider] [HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Root\ProtectedRoots] ; End Of The Log... «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html Da kapiere ich net was ich machen soll.... ich mach jetzt mal weiter was du gesagt hast emie OK mittlerweile is das fragezeichen weg!!!VIELEN HERZLICHEN DANK HIERFÜR!!! das kamm bei dem avenger raus: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\cnehbpkn ******************* Script file located at: \??\C:\WINDOWS\system32\olrivaxa.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\hjpprpu.dll deleted successfully. File C:\WINDOWS\system32\tmp_77.dll not found! Deletion of file C:\WINDOWS\system32\tmp_77.dll failed! Could not process line: C:\WINDOWS\system32\tmp_77.dll Status: 0xc0000034 File C:\WINDOWS\.protected not found! Deletion of file C:\WINDOWS\.protected failed! Could not process line: C:\WINDOWS\.protected Status: 0xc0000034 File C:\.protected deleted successfully. Folder C:\Programme\AntiVermins not found! Deletion of folder C:\Programme\AntiVermins failed! Could not process line: C:\Programme\AntiVermins Status: 0xc0000034 Folder C:\Programme\Video ActiveX Object not found! Deletion of folder C:\Programme\Video ActiveX Object failed! Could not process line: C:\Programme\Video ActiveX Object Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\Fabi\Lokale Einstellungen\Temp\~nsu.tmp not found! Deletion of folder C:\Dokumente und Einstellungen\Fabi\Lokale Einstellungen\Temp\~nsu.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Fabi\Lokale Einstellungen\Temp\~nsu.tmp Status: 0xc0000034 Could not delete registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|haematobia Deletion of registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|haematobia failed! Status: 0xc0000034 Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd} deleted successfully. Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVermins Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVermins failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjv32 deleted successfully. Registry key HKLM\SOFTWARE\AntiVermins not found! Deletion of registry key HKLM\SOFTWARE\AntiVermins failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D45FFA6D-FA2F-4C0F-A291-7B9DB5786D48} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D45FFA6D-FA2F-4C0F-A291-7B9DB5786D48} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVermins.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVermins.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AntiVermins.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AntiVermins.exe failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd} deleted successfully. Registry key HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not found! Deletion of registry key HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. is jetzt nur das zeichen weg oder auch das ganze spyware ding? Muss ich noch was machen? Wiklich absolute spitzenklasse was du da kannst!! emie Dieser Beitrag wurde am 17.12.2006 um 15:06 Uhr von Emie editiert.
|
|
|
|
|
|
|
17.12.2006, 15:10
Ehrenmitglied
Beiträge: 29434 |
#6
wende den avenger noch mal an mit:
Zitat registry keys to delete:»» dann scanne mit smitfraudfix und poste hier den report + das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.12.2006, 15:13
Member
Themenstarter Beiträge: 23 |
#7
wo soll ich HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006}
reinschreiben?da kommen fehlermeldungen! des is der eror log: #////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Fatal error: could not create new script file. Error code: 0 Error logged to errorlog.txt. Aborting now! |
|
|
|
|
|
|
17.12.2006, 15:18
Ehrenmitglied
Beiträge: 29434 |
#8
na, einfach noch mal den avenger anwenden, genauso, wie du es schon mal gemacht hast, also korrekt anwenden
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.12.2006, 18:03
Member
Themenstarter Beiträge: 23 |
#9
ok hab ich...dann ist der laptop neugestartet und das hier stand dann da:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\cubtbavm ******************* Script file located at: \??\C:\WINDOWS\system32\drcjciyo.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006} deleted successfully. Completed script processing. ******************* Finished! Terminate. also is alles jetzt normal? Echt super wie du das gemacht hast...noch dazu bist du ne frau,oder? |
|
|
|
|
|
|
17.12.2006, 18:05
Ehrenmitglied
Beiträge: 29434 |
#10
««
smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html poste hier die reporte + das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.12.2006, 18:18
Member
Themenstarter Beiträge: 23 |
#11
SmitFraudFix v2.58
Scan done at 13:54:40,82, 11.06.2006 Run from C:\Dokumente und Einstellungen\Fabi\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\hp???.tmp FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\simpole.tlb FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Fabi\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\FABI\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="antitragus" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Scan done at 13:49:03,00, 17.12.2006 Run from C:\Dokumente und Einstellungen\Fabi\Desktop\Downloads\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia" [HKEY_CLASSES_ROOT\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}\InProcServer32] @="C:\WINDOWS\system32\hjpprpu.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}\InProcServer32] @="C:\WINDOWS\system32\hjpprpu.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\.protected Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\1024\ Deleted C:\DOKUME~1\FABI\STARTM~1\PROGRA~1\AUTOST~1\.protected Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\.protected Deleted C:\Programme\AntiVermins\ Deleted C:\Programme\Video ActiveX Object\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia" [HKEY_CLASSES_ROOT\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}\InProcServer32] @="C:\WINDOWS\system32\hjpprpu.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}\InProcServer32] @="C:\WINDOWS\system32\hjpprpu.dll" »»»»»»»»»»»»»»»»»»»»»»»» End DES WAR JETZT OP2 CLEANEN Logfile of HijackThis v1.99.1 Scan saved at 18:17:38, on 17.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\ASUS\ASUS Live Update\ALU.exe C:\Programme\ASUS\Power4 Gear\BatteryLife.exe C:\Programme\Wireless Console 2\wcourier.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Valve\Steam\Steam.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Xfire\Xfire.exe C:\Programme\Mozilla Firefox\firefox.exe c:\programme\valve\steam\steamapps\ralfmeissner24\counter-strike source\hl2.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Fabi\Desktop\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Steam] C:\Programme\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AB987680-A0D8-493F-8814-153768C12512}: NameServer = 192.168.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_77.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe DES WAR HIJACK danke und jetzt? |
|
|
|
|
|
|
17.12.2006, 19:17
Ehrenmitglied
Beiträge: 29434 |
#12
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.comPC neustarten poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.12.2006, 20:13
Member
Themenstarter Beiträge: 23 |
#13
Logfile of HijackThis v1.99.1
Scan saved at 20:16:45, on 17.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\ASUS\ASUS Live Update\ALU.exe C:\Programme\ASUS\Power4 Gear\BatteryLife.exe C:\Programme\Wireless Console 2\wcourier.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Valve\Steam\Steam.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Xfire\Xfire.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe D:\Programme\TuneUp Utilities\Integrator.exe C:\Dokumente und Einstellungen\Fabi\Desktop\Downloads\VIRUS\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Steam] C:\Programme\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AB987680-A0D8-493F-8814-153768C12512}: NameServer = 192.168.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe des wärs! HABE ICH WAS VERGESSEN? danke emie Dieser Beitrag wurde am 17.12.2006 um 20:17 Uhr von Emie editiert.
|
|
|
|
|
|
|
17.12.2006, 21:56
Ehrenmitglied
Beiträge: 29434 |
#14
fixe mit dem HijacktHis:
Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank»» scanne, lasse alles loeschen, was gefunden wird und poste hier den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.12.2006, 23:18
Member
Themenstarter Beiträge: 23 |
#15
---------------------------------------------------------
AVG Anti-Spyware - Scan-Bericht --------------------------------------------------------- + Erstellt um: 23:15:40 17.12.2006 + Scan-Ergebnis: C:\WINDOWS\system32\tmp_yjc.exe -> Downloader.Small.del : Gesäubert. C:\WINDOWS\system32\systd.exe -> Downloader.Small.djv : Gesäubert. :mozilla.119:C:\System Volume Information\_restore{F1EBCA97-FD68-4EF3-9A56-5B4BE56CA927}\RP194\A0083629.old -> TrackingCookie.2o7 : Gesäubert. :mozilla.122:C:\System Volume Information\_restore{F1EBCA97-FD68-4EF3-9A56-5B4BE56CA927}\RP194\A0083629.old -> TrackingCookie.2o7 : Gesäubert. :mozilla.123:C:\System Volume Information\_restore{F1EBCA97-FD68-4EF3-9A56-5B4BE56CA927}\RP194\A0083629.old -> TrackingCookie.2o7 : Gesäubert. :mozilla.124:C:\System Volume Information\_restore{F1EBCA97-FD68-4EF3-9A56-5B4BE56CA927}\RP194\A0083629.old -> TrackingCookie.2o7 : Gesäubert. :mozilla.125:C:\System Volume Information\_restore{F1EBCA97-FD68-4EF3-9A56-5B4BE56CA927}\RP194\A0083629.old -> TrackingCookie.2o7 : Gesäubert. :mozilla.126:C:\System Volume Information\_restore{F1EBCA97-FD68-4EF3-9A56-5B4BE56CA927}\RP194\A0083629.old -> TrackingCookie.2o7 : Gesäubert. :mozilla.127: edit ::Berichtende Das ist der bericht...habe intensivprüfung gemacht und alles gelöscht! Mache über nacht das selbe nochmal plus spybot! DANK!É! |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich habe ein problem mit dem ich nicht alleine fertig werde.Ich habe unten in der Taskleiste ein bouton der wenn ich auf ihn draufklicke auf folgende seite verweist:
"http://www.antivermins.com/?aff=334"
Wie kann ich diesen nun entfernen?Habe bei euch in anderen Posts gelessen das dieses problemm wohl öfters vorkommt,die antworten waren aber zu speziel.
Vielen Dank
Emie