Home » Spyware & Browser Hijacker Support Forum » Blinkendes Zeichen unten rechts - System Alert! - Antivermins Werbung » Themenansicht

Blinkendes Zeichen unten rechts - System Alert! - Antivermins Werbung

Thema ist geschlossen!
Thema ist geschlossen!
#0
17.12.2006, 15:37
don romeo
...neu hier

Beiträge: 3
#1 Hallo,

ich habe folgenedes Problem und zwar blinkt ein Symbol unten rechts in der Taskleiste bei mir mit der Aufschrift "System Alerts! System detected virus activities..." und wenn man drauf klickt kommt man auf die Seite von Antivermins.
Ich habe versucht dies mit Spybot, Smitfraudfix, Bitdefender und Xilisoft wegzubekommen und das auchnoch im abgesicherten Modus aber nichts hat geholfen.
Kann mir eine bitte helfen ich wäre sehr dankbar.
Hier mein Hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 15:33, on 06-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\Programme\OO Software\CleverCache\ooccag.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\Programme\phonostar\ps_radio.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\phonostar\ps_olect.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\Romeo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Xilokit Deskloops BHO - {B0CD151E-D4F1-4474-9BED-7D0173050EAD} - C:\Programme\Deskloops\DLIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKCU\..\Run: [jump mpeg] C:\DOKUME~1\Romeo\ANWEND~1\4bash\bin web cdrom.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Programme\OO Software\CleverCache\ooccag.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\PasSrv.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\PavFnSvr.exe (file missing)
O23 - Service: Panda PavProt (PavProt) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\PavProt.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\pavsrv51.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\psimsvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Seitenanfang Seitenende
17.12.2006, 16:41
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 don romeo

poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.12.2006, 16:53
don romeo
...neu hier

Themenstarter

Beiträge: 3
#3 Bitteschön:

Romeo - 06-12-17 16:51:36.04 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\Romeo\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-17 to 2006-12-17 ))))))))))))))))))))))))))))))))))


2006-12-17 15:16 <DIR> d-------- C:\Programme\Enigma Software Group
2006-12-17 14:39 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-17 14:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-17 14:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-17 14:39 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-17 14:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-17 14:39 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-17 14:39 1,756 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-17 13:35 20,992 --a------ C:\WINDOWS\system32\hjpprpu.dll
2006-12-17 13:32 <DIR> d-------- C:\Programme\Streamee
2006-12-17 13:13 77,824 --a------ C:\WINDOWS\system32\MSBIND.DLL
2006-12-17 13:13 51,712 --a------ C:\WINDOWS\system32\MSHFGDE.DLL
2006-12-17 13:13 4,608 --a------ C:\WINDOWS\system32\W95INF32.DLL
2006-12-17 13:13 372,736 --a------ C:\WINDOWS\system32\ijl15.dll
2006-12-17 13:13 22,528 --a------ C:\WINDOWS\system32\TABCTDE.DLL
2006-12-17 13:13 2,272 --a------ C:\WINDOWS\system32\W95INF16.DLL
2006-12-17 13:13 16,896 --a------ C:\WINDOWS\system32\WINSKDE.DLL
2006-12-17 13:13 16,384 --a------ C:\WINDOWS\system32\INETDE.DLL
2006-12-17 13:13 158,208 --a------ C:\WINDOWS\system32\MSCMCDE.DLL
2006-12-17 13:13 143,872 --a------ C:\WINDOWS\system32\Unzip32.dll
2006-12-17 13:13 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2006-12-17 13:13 <DIR> d-------- C:\Programme\liveconnectdemo
2006-12-17 00:25 <DIR> d-------- C:\Programme\Deskloops
2006-12-17 00:04 <DIR> d-------- C:\Programme\MSDP-Software
2006-12-16 23:58 <DIR> d-------- C:\Programme\Nattyware
2006-12-16 23:45 <DIR> d-------- C:\Programme\8BallClub
2006-12-16 23:39 <DIR> d-------- C:\Programme\ABC-Ware
2006-12-16 01:07 <DIR> d-------- C:\Programme\DIFX
2006-12-13 19:56 <DIR> d-------- C:\Programme\mobile PhoneTools
2006-12-13 19:56 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
2006-12-13 05:57 <DIR> d-------- C:\audiograbber
2006-12-10 21:19 <DIR> d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\Atari
2006-12-10 21:16 197,120 --a------ C:\WINDOWS\patchw32.dll
2006-12-10 21:16 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PocketSoft
2006-12-10 21:12 <DIR> d-------- C:\Programme\Atari
2006-12-09 14:48 <DIR> d--hs---- C:\Config.Msi
2006-12-09 14:48 <DIR> d-------- C:\Programme\Softwin
2006-12-09 12:49 <DIR> d-------- C:\Programme\Macromedia
2006-12-09 12:49 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macromedia
2006-12-09 12:49 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macromedia
2006-12-09 00:51 <DIR> dr-h----- C:\Dokumente und Einstellungen\Romeo\Recent
2006-12-09 00:31 99,480 --a-s---- C:\WINDOWS\system32\FwsVpn.dll
2006-12-09 00:15 95,744 --a------ C:\WINDOWS\system32\SYSTOOLS.dll
2006-12-09 00:15 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2006-12-09 00:15 60,160 --a------ C:\WINDOWS\system32\drivers\PAVDRV51.SYS
2006-12-09 00:15 55,888 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2006-12-09 00:15 39,199 --a------ C:\WINDOWS\system32\drivers\Prevnd.sys
2006-12-09 00:15 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-12-09 00:15 159,744 --a------ C:\WINDOWS\system32\PavIpc.dll
2006-12-09 00:15 131,072 --a------ C:\WINDOWS\system32\PavWait.dll
2006-12-09 00:15 12,928 --a------ C:\WINDOWS\system32\drivers\pcontnt.sys
2006-12-09 00:15 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2006-12-09 00:15 <DIR> d-------- C:\WINDOWS\system32\PAV
2006-12-09 00:15 <DIR> d-------- C:\spoolerlogs
2006-12-09 00:15 <DIR> d-------- C:\Programme\Panda Software
2006-12-08 23:34 <DIR> d-------- C:\KAV
2006-12-08 20:05 55,552 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys
2006-12-08 20:05 41,856 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys
2006-12-08 20:05 <DIR> d-------- C:\WINDOWS\Drivers
2006-12-08 19:58 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2006-12-08 19:58 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2006-12-08 19:58 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2006-12-08 18:40 126,976 --------- C:\WINDOWS\system32\NVNFINST.DLL
2006-12-08 18:36 <DIR> d-------- C:\ABIT
2006-12-05 19:48 <DIR> d-------- C:\Programme\Little Fighter 2.5 - v2.0
2006-12-03 11:04 48,424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-11-28 17:06 <DIR> d-------- C:\Programme\CDex_150
2006-11-26 12:27 <DIR> d-------- C:\Programme\Zehnfingersystem
2006-11-20 06:21 <DIR> d-------- C:\EBFP
2006-11-20 06:06 <DIR> d-------- C:\Bid for Power
2006-11-19 20:01 <DIR> d-------- C:\Programme\Maschinenschreiben Deluxe
2006-11-19 15:46 <DIR> d-------- C:\Programme\Tippmaster
2006-11-18 01:39 <DIR> d-------- C:\Programme\Flock
2006-11-18 01:39 <DIR> d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\Flock


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-17 15:35 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-12-17 14:51 -------- d-------- C:\Programme\Mozilla Firefox
2006-12-17 14:08 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\uTorrent
2006-12-17 14:04 -------- d-------- C:\Programme\XoftSpy
2006-12-17 12:12 -------- d-------- C:\Programme\eMule
2006-12-17 12:08 -------- d-------- C:\Programme\phonostar
2006-12-17 12:08 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\phonostar-Player
2006-12-16 22:50 -------- d-------- C:\Programme\Teamspeak2_RC2
2006-12-16 20:57 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\Roxio
2006-12-16 01:10 -------- d-------- C:\Programme\MSN Messenger
2006-12-14 06:08 -------- d-------- C:\Programme\dBpowerAMP
2006-12-13 19:56 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-12-13 19:46 -------- d-------- C:\Programme\Motorola
2006-12-10 21:16 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-10 10:40 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\teamspeak2
2006-12-09 14:59 -------- d-------- C:\Programme\Eset
2006-12-09 14:57 73728 --a------ C:\WINDOWS\system32\sockspy.dll
2006-12-09 14:57 1052 --a------ C:\Programme\INSTALL.LOG
2006-12-09 14:56 77824 --a------ C:\WINDOWS\system32\xcomm.dll
2006-12-09 14:49 -------- d-------- C:\Programme\Gemeinsame Dateien\Softwin
2006-12-09 12:53 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\Macromedia
2006-12-08 20:56 -------- d-------- C:\Programme\Eraser
2006-12-08 19:07 -------- d-------- C:\Programme\Internet Explorer
2006-12-04 23:54 -------- d-------- C:\Programme\Messenger Plus! Live
2006-11-30 16:10 -------- d---s---- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\Microsoft
2006-11-28 20:34 -------- d-------- C:\Programme\Photonplayer
2006-11-25 12:07 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\Skype
2006-11-22 17:52 -------- d-------- C:\Programme\phase5
2006-11-18 16:21 -------- d-------- C:\Programme\Skype
2006-11-18 11:22 -------- d-------- C:\Programme\Microsoft Bootvis
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 16:37 -------- d-------- C:\Programme\Electronic Arts
2006-11-02 19:40 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-11-02 19:40 -------- d-------- C:\Programme\Alcohol Soft
2006-11-02 19:06 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-10-26 15:23 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\DivX
2006-10-26 14:21 -------- d-------- C:\Programme\DivX
2006-10-21 12:48 -------- d-------- C:\Programme\Anti-Blaxx 1.18
2006-10-21 09:53 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-10-19 14:44 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\4bash
2006-10-18 17:03 -------- d-------- C:\Programme\Miranda IM
2006-10-18 11:35 -------- d-------- C:\Dokumente und Einstellungen\Romeo\Anwendungsdaten\Real
2006-10-18 11:33 -------- d-------- C:\Programme\Gemeinsame Dateien\xing shared
2006-10-18 11:33 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2006-10-18 11:31 -------- d-------- C:\Programme\Real
2006-10-17 11:16 -------- d-------- C:\Programme\Adobe
2006-10-17 11:13 -------- d-------- C:\Programme\Microsoft Lernen und Wissen
2006-10-17 11:13 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-10-17 11:06 -------- d-------- C:\Programme\eBay
2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-24 14:28 5248 --a------ C:\WINDOWS\system32\speedfan.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"jump mpeg"="C:\\DOKUME~1\\Romeo\\ANWEND~1\\4bash\\bin web cdrom.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"BDMCon"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe"
"BDOESRV"="\"C:\\Programme\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdnagent.exe\""
"BDSwitchAgent"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdswitch.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Anti-Blaxx"
"hkey"="HKLM"
"command"="C:\\Programme\\Anti-Blaxx 1.18\\Anti-Blaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMWInfoAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bmw_agent"
"hkey"="HKCU"
"command"="C:\\Programme\\BMWInfoRadio\\bmw_agent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cFosSpeed"
"hkey"="HKLM"
"command"="C:\\Programme\\cFosSpeed\\cFosSpeed.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CursorXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033 -noicon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eraser"
"hkey"="HKCU"
"command"="C:\\Programme\\Eraser\\eraser.exe -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="C:\\Programme\\Free Download Manager\\fdm.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Generic Host Process]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="scvhost"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\scvhost.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cledx"
"hkey"="HKLM"
"command"="C:\\Programme\\SyncroSoft\\Pos\\H2O\\cledx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="type32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jump mpeg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bin web cdrom"
"hkey"="HKCU"
"command"="C:\\DOKUME~1\\Romeo\\ANWEND~1\\4bash\\bin web cdrom.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="scvhost"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\scvhost.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Webcam Recorder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ml20gui"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Webcam Recorder\\ml20gui.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nod32kui"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Eset\\nod32kui.exe\" /WAITSERVICE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ooccctrl"
"hkey"="HKLM"
"command"="C:\\Programme\\OO Software\\CleverCache\\ooccctrl.exe /tasktray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps_timer"
"hkey"="HKCU"
"command"="C:\\Programme\\phonostar\\ps_timer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="printray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Programme\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="scvhost"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\scvhost.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFE8]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SAFE8"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Steganos Safe 8\\SAFE8.exe\" -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="c:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundClips]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SoundClips"
"hkey"="HKLM"
"command"="C:\\Programme\\Sound Clips for Messenger\\SoundClips.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Steam\\Steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC8Player]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VC8Play"
"hkey"="HKLM"
"command"="C:\\Programme\\Virtual CD v8\\System\\VC8Play.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Alarm Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zapro"
"hkey"="HKLM"
"command"="D:\\Program Files\\Zone Labs\\ZoneAlarm\\zapro.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002
"SharedAccess"=dword:00000002
"BITS"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A4828889929D01B1.job

Completion time: 06-12-17 16:53:22.70
C:\ComboFix.txt ... 06-12-17 16:53
C:\ComboFix2.txt ... 06-12-17 15:00
Seitenanfang Seitenende
17.12.2006, 17:39
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|haematobia
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}

registry keys to delete:
HKLM\SOFTWARE\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Generic Host Process
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run

Files to delete:
C:\WINDOWS\system32\hjpprpu.dll
C:\WINDOWS\tasks\A4828889929D01B1.job
C:\WINDOWS\system32\scvhost.exe

Folders to delete:
C:\Programme\MessengerPlus! 3
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\4bash
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

_______

öffne das HijackThis -- Button "scan" -- vor diese Eintraege Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKCU\..\Run: [jump mpeg] C:\DOKUME~1\Romeo\ANWEND~1\4bash\bin web cdrom.exe

O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\PasSrv.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\PavFnSvr.exe (file missing)
O23 - Service: Panda PavProt (PavProt) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\PavProt.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\pavsrv51.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Programme\Panda Software\Panda Platinum Internet Security\psimsvc.exe (file missing)



**
scanne und lasse den swizzor-Trojaner entfernen - den du dir mit MessengerPlus3 eingefangen hast
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.12.2006, 18:10
don romeo
...neu hier

Themenstarter

Beiträge: 3
#5 Viele lieben Dank, es hat einwandfrei funktioniert ;)

Keine Spyware mehr und sonstigen Müll

Auf euch is eben Verlass ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1