IE System Alert bei aufruf des Internet Explorer! |
||
---|---|---|
#0
| ||
22.12.2006, 01:31
Member
Beiträge: 79 |
||
|
||
22.12.2006, 03:05
Ehrenmitglied
Beiträge: 29434 |
#2
arbeite das ab und poste die logs hier
http://board.protecus.de/t23187.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.12.2006, 02:23
Member
Themenstarter Beiträge: 79 |
#3
1. HJT
--------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 02:14:59, on 23.12.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe E:\Nvida\Apache Group\Apache2\bin\apache.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe E:\Antivir\nod32krn.exe E:\Nvida\bin\nSvcIp.exe E:\Nvida\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\oodag.exe e:\Spyware Doctor\sdhelp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe E:\Nvida\Apache Group\Apache2\bin\apache.exe E:\Sound Blaster X-Fi\Volume Panel\VolPanel.exe E:\asus probe\AsusProb.exe C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\System32\CTXFIHLP.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe C:\WINDOWS\System32\svchost.exe E:\OFFICE~2\Office10\OUTLOOK.EXE E:\Office XP\Office10\WINWORD.EXE E:\Trillian\trillian.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\André\Desktop\hijackthis\HjT1991.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file) O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\System32\ipv6mons.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\SPYWAR~1\tools\iesdpb.dll O2 - BHO: ASGP32.ASGP - {BB89F547-37EC-4920-880C-9D553B1C788C} - C:\WINDOWS\System32\asgp32.dll O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - e:\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VolPanel] "e:\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [ASUS Probe] e:\asus probe\AsusProb.exe O4 - HKLM\..\Run: [RCSystem] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AIM] E:\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Yahoo!\Messenger\YahooMessenger.exe" -quiet O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Download with &DAP - E:\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - E:\DAP\dapextie2.htm O8 - Extra context menu item: Easy-WebPrint - Drucken - res://e:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://e:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://e:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://e:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\OFFICE~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM95\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Nvida\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - E:\Nvida\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Antivir\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - E:\Nvida\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - E:\Nvida\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - e:\Spyware Doctor\sdhelp.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\TuneUp Utilities 2006\WinStylerThemeSvc.exe --------------------------------------------------- 2. Clean up gelaufen --------------------------------------------------- 3. Combofix Andr‚ - 06-12-23 2:17:49,00 Service Pack 1 ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\Andr‚\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-11-23 to 2006-12-23 )))))))))))))))))))))))))))))))))) 2006-12-23 02:15 <DIR> d-------- C:\Programme\CleanUp! 2006-12-15 17:34 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2006-12-15 17:34 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-22 01:45 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\Azureus 2006-12-15 17:36 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-12-15 17:34 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2006-12-15 17:34 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll 2006-11-19 02:15 24968 --a------ C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2006-11-05 16:16 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\temp 2006-10-30 13:18 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\Opera 2006-10-30 10:30 8448 --a------ C:\WINDOWS\system32\anti_troj.exe 2006-10-30 10:30 8192 --a------ C:\WINDOWS\system32\kernels64.exe 2006-10-30 10:30 30976 --a------ C:\WINDOWS\system32\win32hp.dll 2006-10-30 10:30 28416 --a------ C:\WINDOWS\system32\msmsn.exe 2006-10-30 10:30 27648 --a------ C:\WINDOWS\system32\VXH8JKDQ2.EXE 2006-10-30 10:30 21760 --a------ C:\WINDOWS\notepad32.exe 2006-10-30 10:30 16128 --a------ C:\WINDOWS\system32\mpsegment.exe 2006-10-30 10:30 15360 --a------ C:\WINDOWS\system32\ace16win.dll 2006-10-30 10:30 13568 --a------ C:\WINDOWS\system32\VXH8JKDQ6.EXE 2006-10-30 10:04 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\PC Tools 2006-10-30 09:54 24320 --a------ C:\WINDOWS\system32\performent202.dll 2006-10-30 09:44 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\Spybot - Search & Destroy 2006-10-29 11:56 26368 --a------ C:\WINDOWS\system32\proqlaim.exe 2006-10-29 11:56 16128 --a------ C:\WINDOWS\system32\netstat2.exe 2006-10-29 11:55 9984 --a------ C:\WINDOWS\winmgnt.exe 2006-10-29 11:55 9216 --a------ C:\WINDOWS\x.exe 2006-10-29 11:55 31744 --a------ C:\WINDOWS\spp3.dll 2006-10-29 11:55 30720 --a------ C:\WINDOWS\mtwirl32.dll 2006-10-29 11:55 27648 --a------ C:\WINDOWS\xplugin.dll 2006-10-29 11:55 27392 --a------ C:\WINDOWS\dialup.exe 2006-10-29 11:55 26112 --a------ C:\WINDOWS\olehelp.exe 2006-10-29 11:55 24064 --a------ C:\WINDOWS\inetdctr.dll 2006-10-29 11:55 24064 --a------ C:\WINDOWS\clrssn.exe 2006-10-29 11:55 23296 --a------ C:\WINDOWS\window.exe 2006-10-29 11:55 22272 --a------ C:\WINDOWS\win32e.exe 2006-10-29 11:55 20992 --a------ C:\WINDOWS\win64.exe 2006-10-29 11:55 20736 --a------ C:\WINDOWS\users32.exe 2006-10-29 11:55 19968 --a------ C:\WINDOWS\winajbm.dll 2006-10-29 11:55 19968 --a------ C:\WINDOWS\system32\dload.exe 2006-10-29 11:55 19200 --a------ C:\WINDOWS\y.exe 2006-10-29 11:55 18176 --a------ C:\WINDOWS\systemcritical.exe 2006-10-29 11:55 17920 --a------ C:\WINDOWS\avpcc.dll 2006-10-29 11:55 17664 --a------ C:\WINDOWS\system32\iewd.exe 2006-10-29 11:55 16896 --a------ C:\WINDOWS\systeem.exe 2006-10-29 11:55 16384 --a------ C:\WINDOWS\accesss.exe 2006-10-29 11:55 15104 --a------ C:\WINDOWS\waol.exe 2006-10-29 11:55 13312 --a------ C:\WINDOWS\runwin32.exe 2006-10-29 11:55 12288 --a------ C:\WINDOWS\cpan.dll 2006-10-29 11:55 10496 --a------ C:\WINDOWS\time.exe 2006-10-29 11:54 9216 --a------ C:\WINDOWS\system32\zggjudxn.exe 2006-10-29 11:54 5707 --a------ C:\WINDOWS\system32\dsrvknvk.exe 2006-10-29 11:54 55016 --a------ C:\WINDOWS\system32\1821.exe 2006-10-29 11:54 43520 --a------ C:\WINDOWS\system32\msmapi32.exe 2006-10-29 11:54 19968 --a------ C:\WINDOWS\system32\asgp32.dll 2006-10-29 11:54 15360 --a------ C:\WINDOWS\system32\intr32.dll 2006-10-28 22:48 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\Skype 2006-10-15 12:33 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "AIM"="E:\\AIM95\\aim.exe -cnetwait.odl" "msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "Yahoo! Pager"="\"E:\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Disabled] "msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "VolPanel"="\"e:\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r" "ASUS Probe"="e:\\asus probe\\AsusProb.exe" "RCSystem"="\"C:\\Programme\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup" "AudioDrvEmulator"="\"C:\\Programme\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Programme\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\"" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "CTxfiHlp"="CTXFIHLP.EXE" "CTHelper"="CTHELPER.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,cb,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,50,01,00,00,62,01,00,00,20,01,00,00,23,01,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "MaxRecentDocs"=dword:0000001f "NoRecentDocsHistory"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="E:\\AIM95\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AnyDVD" "hkey"="HKLM" "command"="\"E:\\AnyDVD\\AnyDVD.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"e:\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dxdllreg" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\dxdllreg.exe " "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BJPSMAIN" "hkey"="HKLM" "command"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NetPumperIEProxy" "hkey"="HKLM" "command"="\"e:\\NetPumper\\NetPumperIEProxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nod32kui" "hkey"="HKLM" "command"="\"E:\\Antivir\\nod32kui.exe\" /WAITSERVICE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nTrayFw" "hkey"="HKLM" "command"="E:\\Nvida\\bin\\nTrayFw.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overnet] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Overnet" "hkey"="HKLM" "command"="E:\\Overnet\\Overnet.exe -t" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UninstalTime] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="chkdisk" "hkey"="HKLM" "command"="chkdisk.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdReg" "hkey"="HKLM" "command"="C:\\WINDOWS\\UpdReg.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YahooMessenger" "hkey"="HKCU" "command"="\"E:\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 06-12-23 2:18:13.07 C:\ComboFix.txt ... 06-12-23 02:18 ----------------------------------------------------------- 4. datfind Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\WINDOWS\system32 23.12.2006 02:19 4 stfv.bin 23.12.2006 02:09 63.114 nvapps.xml 23.12.2006 02:08 0 _nvidia_xxx_.log 23.12.2006 02:08 2.206 wpa.dbl 23.12.2006 02:08 35.803 OODBS.lor 23.12.2006 02:08 79.104 ikhcore.log 22.12.2006 01:45 64.980 DVCState-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx 22.12.2006 01:45 1.080 settings.sfm 22.12.2006 01:45 1.080 settingsbkup.sfm 22.12.2006 01:45 55.172 BMXStateBkp-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx 22.12.2006 01:45 55.172 BMXState-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx 15.12.2006 17:34 86.016 OpenAL32.dll 15.12.2006 17:34 409.600 wrap_oal.dll 30.10.2006 10:30 30.976 win32hp.dll 30.10.2006 10:30 27.648 VXH8JKDQ2.EXE 30.10.2006 10:30 13.568 VXH8JKDQ6.EXE 30.10.2006 10:30 9.984 ts.ico 30.10.2006 10:30 27.392 ot.ico 30.10.2006 10:30 15.360 ace16win.dll 30.10.2006 10:30 28.416 msmsn.exe 30.10.2006 10:30 8.192 kernels64.exe 30.10.2006 10:30 8.448 anti_troj.exe 30.10.2006 10:30 16.128 mpsegment.exe 30.10.2006 10:30 10.496 msvol.tlb 30.10.2006 09:54 24.320 performent202.dll 30.10.2006 00:50 5 SndDrv32ds_d.ods 30.10.2006 00:50 5 AuxDrv32ds_d.ods 30.10.2006 00:00 0 lfd.dat 30.10.2006 00:00 12 oiso.bin 30.10.2006 00:00 0 pcf.pdf 29.10.2006 11:56 16.128 netstat2.exe 29.10.2006 11:56 26.368 proqlaim.exe 29.10.2006 11:55 17.664 iewd.exe 29.10.2006 11:55 19.968 dload.exe 29.10.2006 11:54 19.968 asgp32.dll 29.10.2006 11:54 55.016 1821.exe 29.10.2006 11:54 43.520 msmapi32.exe 29.10.2006 11:54 15.360 intr32.dll 29.10.2006 11:54 5.707 dsrvknvk.exe 29.10.2006 11:54 9.216 zggjudxn.exe 29.10.2006 09:33 311.740 perfh009.dat 29.10.2006 09:33 40.128 perfc009.dat 29.10.2006 09:33 316.924 perfh007.dat 29.10.2006 09:33 48.354 perfc007.dat 29.10.2006 09:33 723.744 PerfStringBackup.INI 15.10.2006 12:33 98.304 CmdLineExt.dll 21.09.2006 13:35 126.112 FNTCACHE.DAT 16.09.2006 09:18 14 systeminfo.dll 15.08.2006 12:56 28 log200672.log 15.08.2006 12:56 22.481 chkdisk.exe ->>>>>>>>????????? 21.07.2006 23:10 34.308 BASSMOD.dll 25.06.2006 15:04 93 imon1.dat 16.06.2006 13:34 48.936 sirenacm.dll 01.06.2006 16:22 2.977.792 nvvitvsr.dll 01.06.2006 16:22 2.924.544 nvvitvs.dll Verzeichnis von C:\DOKUME~1\ANDR~1\LOKALE~1\Temp 23.12.2006 02:11 512 ~DF91C1.tmp 1 Datei(en) 512 Bytes 0 Verzeichnis(se), 4.078.292.992 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\WINDOWS 23.12.2006 02:09 0 0.log 23.12.2006 02:09 159 wiadebug.log 23.12.2006 02:09 0 wiaservc.log 23.12.2006 02:08 2.048 bootstat.dat 22.12.2006 01:45 32.622 SchedLgU.Txt 15.12.2006 19:00 453.545 setupapi.log 15.12.2006 18:17 116 NeroDigital.ini 15.12.2006 17:26 201.214 Windows Update.log 14.12.2006 22:26 45.106 wmsetup.log 12.11.2006 13:57 583 win.ini 12.11.2006 13:57 227 system.ini 05.11.2006 16:11 349.555 DirectX.log 05.11.2006 02:35 180.186 setupact.log 04.11.2006 02:23 729 ie7_main.log 30.10.2006 10:30 21.760 notepad32.exe 29.10.2006 23:00 227 system.tmp 29.10.2006 23:00 583 win.tmp 29.10.2006 11:55 31.744 spp3.dll 29.10.2006 11:55 13.312 runwin32.exe 29.10.2006 11:55 27.392 dialup.exe 29.10.2006 11:55 19.200 y.exe 29.10.2006 11:55 28.160 xxxvideo.hta 29.10.2006 11:55 27.648 xplugin.dll 29.10.2006 11:55 9.216 x.exe 29.10.2006 11:55 9.984 winmgnt.exe 29.10.2006 11:55 23.296 window.exe 29.10.2006 11:55 19.968 winajbm.dll 29.10.2006 11:55 20.992 win64.exe 29.10.2006 11:55 22.272 win32e.exe 29.10.2006 11:55 15.104 waol.exe 29.10.2006 11:55 20.736 users32.exe 29.10.2006 11:55 10.496 time.exe 29.10.2006 11:55 18.176 systemcritical.exe 29.10.2006 11:55 16.896 systeem.exe 29.10.2006 11:55 26.112 olehelp.exe 29.10.2006 11:55 30.720 mtwirl32.dll 29.10.2006 11:55 12.288 cpan.dll 29.10.2006 11:55 24.064 clrssn.exe 29.10.2006 11:55 17.920 avpcc.dll 29.10.2006 11:55 10.752 astctl32.ocx 29.10.2006 11:55 16.384 accesss.exe 29.10.2006 11:55 24.064 inetdctr.dll 15.10.2006 12:59 50 Winamp.ini 16.09.2006 09:16 58 videoimp.ini Verzeichnis von C:\WINDOWS\Temp Verzeichnis von C:\WINDOWS\Downloaded Program Files 09.11.2006 14:36 5.019 swflash.inf 07.06.2006 10:09 1.249 erma.inf 13.03.2006 16:56 65 desktop.ini 19.09.2003 14:22 299.008 isusweb.dll 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd 14.10.1997 18:52 697 DirectAnimation Java Classes.osd 8 Datei(en) 528.384 Bytes 0 Verzeichnis(se), 4.078.276.608 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\ 23.12.2006 02:22 0 sys.txt 23.12.2006 02:22 681 down.txt 23.12.2006 02:22 117 tmp.txt 23.12.2006 02:21 7.188 system.txt 23.12.2006 02:21 293 systemtemp.txt 23.12.2006 02:21 104.489 system32.txt 23.12.2006 02:18 12.916 ComboFix.txt 23.12.2006 02:08 1.610.612.736 pagefile.sys 12.11.2006 13:57 194 boot.ini 09.11.2006 21:59 638 crashAddress.txt 29.10.2006 12:06 61.838 2.html ----------------------------------------------------------- 5. WIe gesagt, bei jedem 2. seitenaufruf im IE wird die seite angezeigt wo man antiviren program saugen soll.. siehe post oben |
|
|
||
23.12.2006, 12:28
Ehrenmitglied
Beiträge: 29434 |
#4
««
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen /soweit sie noch vorhanden sind.....-- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)»» scanne und poste den scanreport http://virus-protect.org/ewido.html ------------ virustotal Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\chkdisk.exe poste den report hier http://nepenthes.mwcollect.org/analysis:norman:be662ede2b99676217cdf97a95365891 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.12.2006, 15:12
Member
Themenstarter Beiträge: 79 |
#5
1. Avanger
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mqlhrqsy ******************* Script file located at: qeokghyb Could not open script file! Error Could not open script file! Status: 0xc000003b Abort! --------------------------------------------------- 2. HTJ gelaufen --------------------------------------------------- 3. Virusscanner Läuft und läuft und läuft.... Duracel *lach* Report: --------------------------------------------------------- AVG Anti-Spyware - Scan-Bericht --------------------------------------------------------- + Erstellt um: 15:11:35 24.12.2006 + Scan-Ergebnis: L:\Download programme\Download.Accelerator.7.2.Premium.by.MadHacker2k4.for.www.goldesel.6x.to.rar/Download.Accelerator.7.2.Premium.by.MadHacker2k4.for.www.goldesel.6x.to\Crack\DAP.exe -> Adware.Dap : Gesäubert. E:\Antivir\INFECTED\MEMQS4AA.NQF -> Adware.NewDotNet : Gesäubert. E:\Antivir\INFECTED\LQAVW4AA.NQF -> Adware.SaveNow : Gesäubert. E:\System Volume Information\_restore{F47EF1A3-4054-4B0B-9D14-D42888472642}\RP104\A0071979.exe -> Backdoor.Hupigon.dp : Gesäubert. L:\Gta San Andreas\hlm-gtasa\HOODLUM\HLM-INTR.EXE -> Backdoor.Hupigon.kg : Gesäubert. E:\System Volume Information\_restore{F47EF1A3-4054-4B0B-9D14-D42888472642}\RP104\A0072083.exe -> Dropper.AphexLace.a : Gesäubert. L:\400.Winamp.Plugins.by.neonic\400.Winamp.Plugins.by.neonic\EINFACH GELD VERDIENEN\test33.exe -> Logger.Alexa.a : Gesäubert. E:\Trillian\Trillian.Pro.v3.1.0.121.WinALL.PROPER-BM.for.goldesel.6x.to\crack\patcher-arn.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Gesäubert. E:\Trillian\Trillian.Pro.v3.1.0.121.WinALL.PROPER-BM.for.goldesel.6x.to\crack\patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Gesäubert. E:\Trillian\patcher-arn.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Gesäubert. E:\Trillian\patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Gesäubert. L:\Download programme\IncrediMail.Xe.Premium.4.00.Build.1874.rar/IncrediMail Xe Premium 4.00 Build 1874\Incredimail13xx-14xxgoldpatch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Gesäubert. L:\Download programme\RegSupreme.Professional.1.2.0.35_CRK-FFF.rar/Crack-FFF.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Gesäubert. E:\Hot CPU Tester Pro 4 LE\crack_ttdown.exe -> Trojan.Regpat.a : Gesäubert. L:\Download programme\Hot.CPU.Tester.Pro.v4.2.2.Pro.Edition-Full[www.ed2kmagazine.com].rar/Hot CPU Tester Pro v4.2.2 Pro Edition-Full[www.ed2kmagazine.com]\Keygen\crack_ttdown.exe -> Trojan.Regpat.a : Gesäubert. E:\AIM95\icbmft.ocm -> Worm.AimVen : Gesäubert. ::Berichtende --------------------------------------------------- Virustotal HP STATUS: FINISHEDComplete scanning result of "chkdisk.exe", received in VirusTotal at 12.24.2006, 14:25:18 (CET). Antivirus Version Update Result AntiVir 7.3.0.21 12.23.2006 no virus found Authentium 4.93.8 12.22.2006 no virus found Avast 4.7.892.0 12.21.2006 no virus found AVG 386 12.24.2006 no virus found BitDefender 7.2 12.24.2006 no virus found CAT-QuickHeal 8.00 12.23.2006 (Suspicious) - DNAScan ClamAV devel-20060426 12.24.2006 no virus found DrWeb 4.33 12.24.2006 no virus found eSafe 7.0.14.0 12.24.2006 Suspicious Trojan/Worm eTrust-InoculateIT 23.73.97 12.23.2006 no virus found eTrust-Vet 30.3.3271 12.23.2006 no virus found Ewido 4.0 12.24.2006 no virus found Fortinet 2.82.0.0 12.24.2006 suspicious F-Prot 3.16f 12.22.2006 no virus found F-Prot4 4.2.1.29 12.22.2006 no virus found Ikarus T3.1.0.27 12.24.2006 not-a-virus:AdWare.Win32.Agent.ab Kaspersky 4.0.2.24 12.24.2006 no virus found McAfee 4925 12.22.2006 no virus found Microsoft 1.1904 12.24.2006 no virus found NOD32v2 1937 12.24.2006 no virus found Norman 5.80.02 12.22.2006 no virus found Panda 9.0.0.4 12.24.2006 Suspicious file Prevx1 V2 12.24.2006 Covert.Sys.Exec Sophos 4.12.0 12.24.2006 Mal/Packer Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious TheHacker 6.0.3.136 12.24.2006 no virus found UNA 1.83 12.22.2006 no virus found VBA32 3.11.1 12.24.2006 no virus found VirusBuster 4.3.19:9 12.23.2006 novirusacked/FSG Aditional Information File size: 22481 bytes MD5: 7c24a96026b8e28bd03f39ec231b9025 SHA1: 93401f1a89b99c7a3afbc4494125a7db1ff372a4 packers: FSG packers: FSG Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=2bfe43009388 Sunbelt info: VIPRE.Suspicious is a generic detection for potential Thread that are deemed suspicious through heuristics. |
|
|
||
24.12.2006, 15:43
Ehrenmitglied
Beiträge: 29434 |
#6
du musst den avenger korrekt anwenden , also erst mal auf c:\ und dann genau nach Anleitung alles anhaken und klicken, wie auf der seite vom avenger beschrieben
Input script manually (anhaken) (und nicht "Zitat" mit reinkopieren ! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.12.2006, 01:51
Member
Themenstarter Beiträge: 79 |
#7
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\njl^ekej ******************* Script file located at: \??\C:\Program Files\yyexphkt.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\win32hp.dll deleted successfully. File C:\WINDOWS\system32\VXH8JKDQ2.EXE deleted successfully. File C:\WINDOWS\system32\VXH8JKDQ6.EXE deleted successfully. File C:\WINDOWS\system32\ts.ico deleted successfully. File C:\WINDOWS\system32\ot.ico deleted successfully. File C:\WINDOWS\system32\ace16win.dll deleted successfully. File C:\WINDOWS\system32\msmsn.exe deleted successfully. File C:\WINDOWS\system32\kernels64.exe deleted successfully. File C:\WINDOWS\system32\anti_troj.exe deleted successfully. File C:\WINDOWS\system32\mpsegment.exe deleted successfully. File C:\WINDOWS\system32\msvol.tlb deleted successfully. File C:\WINDOWS\system32\performent202.dll deleted successfully. File C:\WINDOWS\system32\lfd.dat deleted successfully. File C:\WINDOWS\system32\oiso.bin deleted successfully. File C:\WINDOWS\system32\pcf.pdf deleted successfully. File C:\WINDOWS\system32\netstat2.exe deleted successfully. File C:\WINDOWS\system32\proqlaim.exe deleted successfully. File C:\WINDOWS\system32\iewd.exe deleted successfully. File C:\WINDOWS\system32\dload.exe deleted successfully. File C:\WINDOWS\system32\asgp32.dll not found! Deletion of file C:\WINDOWS\system32\asgp32.dll failed! Could not process line: C:\WINDOWS\system32\asgp32.dll Status: 0xc0000034 File C:\WINDOWS\system32\1821.exe deleted successfully. File C:\WINDOWS\system32\msmapi32.exe deleted successfully. File C:\WINDOWS\system32\intr32.dll deleted successfully. File C:\WINDOWS\system32\dsrvknvk.exe deleted successfully. File C:\WINDOWS\system32\zggjudxn.exe deleted successfully. File C:\WINDOWS\system32\log200672.log deleted successfully. File C:\WINDOWS\system32\imon1.dat deleted successfully. File C:\WINDOWS\notepad32.exe deleted successfully. File C:\WINDOWS\system.tmp deleted successfully. File C:\WINDOWS\win.tmp deleted successfully. File C:\WINDOWS\spp3.dll deleted successfully. File C:\WINDOWS\runwin32.exe deleted successfully. File C:\WINDOWS\dialup.exe deleted successfully. File C:\WINDOWS\y.exe deleted successfully. File C:\WINDOWS\xxxvideo.hta deleted successfully. File C:\WINDOWS\xplugin.dll deleted successfully. File C:\WINDOWS\x.exe deleted successfully. File C:\WINDOWS\winmgnt.exe deleted successfully. File C:\WINDOWS\window.exe deleted successfully. File C:\WINDOWS\winajbm.dll deleted successfully. File C:\WINDOWS\win64.exe deleted successfully. File C:\WINDOWS\win32e.exe deleted successfully. File C:\WINDOWS\waol.exe deleted successfully. File C:\WINDOWS\users32.exe deleted successfully. File C:\WINDOWS\time.exe deleted successfully. File C:\WINDOWS\systemcritical.exe deleted successfully. File C:\WINDOWS\systeem.exe deleted successfully. File C:\WINDOWS\olehelp.exe deleted successfully. File C:\WINDOWS\mtwirl32.dll deleted successfully. File C:\WINDOWS\cpan.dll deleted successfully. File C:\WINDOWS\clrssn.exe deleted successfully. File C:\WINDOWS\avpcc.dll deleted successfully. File C:\WINDOWS\astctl32.ocx deleted successfully. File C:\WINDOWS\accesss.exe deleted successfully. File C:\WINDOWS\inetdctr.dll deleted successfully. File C:\2.html deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UninstalTime deleted successfully. Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364D99-1240-4dff-B12A-67E448373148} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364D99-1240-4dff-B12A-67E448373148} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B12A-67E448373148} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73364D99-1240-4dff-B12A-67E448373148} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dc8f96d-34f7-1501-a2a4-631341aa3ac1} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dc8f96d-34f7-1501-a2a4-631341aa3ac1} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dc8f96d-34f7-1501-a2a4-631341aa3ac1} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dc8f96d-34f7-1501-a2a4-631341aa3ac1} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB89F547-37EC-4920-880C-9D553B1C788C} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB89F547-37EC-4920-880C-9D553B1C788C} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB89F547-37EC-4920-880C-9D553B1C788C} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB89F547-37EC-4920-880C-9D553B1C788C} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
26.12.2006, 12:36
Ehrenmitglied
Beiträge: 29434 |
#8
1.
poste noch mal die 6 logs von datfindbat 2. poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.12.2006, 02:42
Member
Themenstarter Beiträge: 79 |
#9
1.
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\WINDOWS\system32 27.12.2006 15:35 7.749 _nvidia_xxx_.log 27.12.2006 11:29 63.114 nvapps.xml 27.12.2006 11:27 2.206 wpa.dbl 27.12.2006 11:26 37.840 OODBS.lor 27.12.2006 11:26 91.249 ikhcore.log 26.12.2006 03:54 64.980 DVCState-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx 26.12.2006 03:54 1.080 settings.sfm 26.12.2006 03:54 1.080 settingsbkup.sfm 26.12.2006 03:54 55.172 BMXState-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx 26.12.2006 03:54 55.172 BMXStateBkp-{00000005-00000000-00000008-00001102-00000005-00211102}.rfx 24.12.2006 15:12 4 stfv.bin 15.12.2006 17:34 409.600 wrap_oal.dll 15.12.2006 17:34 86.016 OpenAL32.dll 30.10.2006 00:50 5 SndDrv32ds_d.ods 30.10.2006 00:50 5 AuxDrv32ds_d.ods 29.10.2006 09:33 311.740 perfh009.dat 29.10.2006 09:33 40.128 perfc009.dat 29.10.2006 09:33 316.924 perfh007.dat 29.10.2006 09:33 48.354 perfc007.dat 29.10.2006 09:33 723.744 PerfStringBackup.INI 15.10.2006 12:33 98.304 CmdLineExt.dll 21.09.2006 13:35 126.112 FNTCACHE.DAT 16.09.2006 09:18 14 systeminfo.dll ------------------------------------------------ 2. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\DOKUME~1\ANDR~1\LOKALE~1\Temp 28.12.2006 02:38 512 ~DF2D54.tmp 28.12.2006 02:36 0 NEREC.tmp 27.12.2006 11:31 16.384 Perflib_Perfdata_c68.dat 26.12.2006 02:02 2.912 java_install_reg.log 23.12.2006 11:20 5.512.294 splist.txt 23.12.2006 11:20 1.637.980 ranges18909.zip 23.12.2006 02:26 1.637.980 ranges41723.zip 30.07.2006 05:44 16.330.024 Install_Messenger.exe 8 Datei(en) 25.138.086 Bytes 0 Verzeichnis(se), 4.002.840.576 Bytes frei ------------------------------------------------------------ 3. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\WINDOWS 27.12.2006 15:35 116 NeroDigital.ini 27.12.2006 11:30 456.113 setupapi.log 27.12.2006 11:28 0 0.log 27.12.2006 11:27 159 wiadebug.log 27.12.2006 11:27 50 wiaservc.log 27.12.2006 11:26 2.048 bootstat.dat 22.12.2006 01:45 32.622 SchedLgU.Txt 15.12.2006 17:26 201.214 Windows Update.log 14.12.2006 22:26 45.106 wmsetup.log 12.11.2006 13:57 227 system.ini 12.11.2006 13:57 583 win.ini 05.11.2006 16:11 349.555 DirectX.log 05.11.2006 02:35 180.186 setupact.log 04.11.2006 02:23 729 ie7_main.log 15.10.2006 12:59 50 Winamp.ini 16.09.2006 09:16 58 videoimp.ini 15.08.2006 11:58 0 ROUTE 15.08.2006 11:52 0 stduser.ini --------------------------------------------------- 4. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\WINDOWS\Temp 26.12.2006 02:35 0 exp2F2.tmp 24.12.2006 13:45 0 exp16.tmp 2 Datei(en) 0 Bytes 0 Verzeichnis(se), 4.002.840.576 Bytes frei ------------------------------------------------------ 5. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\WINDOWS\Downloaded Program Files 09.11.2006 14:36 5.019 swflash.inf 07.06.2006 10:09 1.249 erma.inf 13.03.2006 16:56 65 desktop.ini 19.09.2003 14:22 299.008 isusweb.dll 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe ------------------------------------------------------ 6. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: FC5C-B857 Verzeichnis von C:\ 28.12.2006 02:41 0 sys.txt 28.12.2006 02:40 681 down.txt 28.12.2006 02:40 322 tmp.txt 28.12.2006 02:40 5.839 system.txt 28.12.2006 02:40 673 systemtemp.txt 28.12.2006 02:39 103.179 system32.txt 27.12.2006 11:26 1.610.612.736 pagefile.sys 26.12.2006 01:33 13.304 avenger.txt 23.12.2006 02:18 12.916 ComboFix.txt 12.11.2006 13:57 194 boot.ini 09.11.2006 21:59 638 crashAddress.txt ----------------------------------------------------- ----------------------------------------------------- HTJ Logfile of HijackThis v1.99.1 Scan saved at 02:42:32, on 28.12.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe e:\AVG Anti-Spyware 7.5\guard.exe E:\Nvida\Apache Group\Apache2\bin\apache.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe E:\Antivir\nod32krn.exe E:\Nvida\bin\nSvcIp.exe E:\Nvida\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\oodag.exe e:\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe E:\Nvida\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE E:\Sound Blaster X-Fi\Volume Panel\VolPanel.exe E:\asus probe\AsusProb.exe C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe E:\Nero 7\Nero Vision\NeroVision.exe C:\WINDOWS\System32\imapi.exe E:\OFFICE~2\Office10\OUTLOOK.EXE E:\Office XP\Office10\WINWORD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\André\Desktop\hijackthis\HjT1991.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - e:\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VolPanel] "e:\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [ASUS Probe] e:\asus probe\AsusProb.exe O4 - HKLM\..\Run: [RCSystem] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AIM] E:\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Yahoo!\Messenger\YahooMessenger.exe" -quiet O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Download with &DAP - E:\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - E:\DAP\dapextie2.htm O8 - Extra context menu item: Easy-WebPrint - Drucken - res://e:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://e:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://e:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://e:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\OFFICE~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM95\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Nvida\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - E:\Nvida\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Antivir\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - E:\Nvida\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - E:\Nvida\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - e:\Spyware Doctor\sdhelp.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
|
|
||
28.12.2006, 02:57
Ehrenmitglied
Beiträge: 29434 |
#10
sandbox.norman
http://sandbox.norman.no/live_4.html C:\WINDOWS\system32\chkdisk.exe wenn du dann benachrichtigt wirst, per mail, poste hier die antwort __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.12.2006, 20:58
Member
Themenstarter Beiträge: 79 |
#11
Your message ID (for later reference): 20061228-4134
Hello, Thanks for taking the time to submit your samples to the Norman Sandbox Information Center. Customer delight is our top priority at Norman. With that in mind we have developed Sandbox Solutions for organizations that are committed to speedy analysis and debugging. Norman Sandbox Solutions give your organization the opportunity to analyze files immediately in your own environment. To find out how to bring the power of Norman Sandbox into your test environments follow the links below. Norman Sandbox Solutions http://www.norman.com/Product/Sandbox-products/ Norman Sandbox Analyzer http://www.norman.com/Product/Sandbox-products/Analyzer/ Norman Sandbox Analyzer Pro http://www.norman.com/Product/Sandbox-products/Analyzer-pro/ Norman SandBox Reporter http://www.norman.com/Product/Sandbox-products/Reporter/ chkdisk.exe : Not detected by Sandbox (Signature: NO_VIRUS) [ General information ] * Decompressing Unk3!FSG?. * File length: 22481 bytes. * MD5 hash: 7c24a96026b8e28bd03f39ec231b9025. [ Changes to registry ] * Creates value "UninstalTime"="chkdisk.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". * Sets value "SubVer"="1" in key "HKLM\Software\Microsoft\Windows\CurrentVersion". [ Process/window information ] * Will automatically restart after boot (I'll be back...). (C) 2004-2006 Norman ASA. All Rights Reserved. |
|
|
||
28.12.2006, 21:11
Ehrenmitglied
Beiträge: 29434 |
#12
1.
Avenger kopiere rein Zitat Files to delete:»»loesche nicht das backup vom avenger, falls es probleme geben sollte..... 2. poste noch mal das log vom combofix __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.12.2006, 02:23
Member
Themenstarter Beiträge: 79 |
#13
1. Erledigt
------------------------------------------------------ 2. Combifix Andr‚ - 06-12-31 2:22:54,39 Service Pack 1 ComboFix 06.11.27 - Running from: "L:\Download programme" ((((((((((((((((((((((((((((((( Files Created from 2006-11-31 to 2006-12-31 )))))))))))))))))))))))))))))))))) 2006-12-31 02:19 <DIR> d-------- C:\avenger 2006-12-24 13:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-12-23 02:15 <DIR> d-------- C:\Programme\CleanUp! 2006-12-15 17:34 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2006-12-15 17:34 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-31 01:59 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\Adobe 2006-12-28 03:01 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\Azureus 2006-12-15 17:36 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-12-15 17:34 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2006-12-15 17:34 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll 2006-11-19 02:15 24968 --a------ C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2006-11-05 16:16 -------- d-------- C:\Dokumente und Einstellungen\Andr‚\Anwendungsdaten\temp 2006-10-15 12:33 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "AIM"="E:\\AIM95\\aim.exe -cnetwait.odl" "msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "Yahoo! Pager"="\"E:\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Disabled] "msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "VolPanel"="\"e:\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r" "ASUS Probe"="e:\\asus probe\\AsusProb.exe" "RCSystem"="\"C:\\Programme\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup" "AudioDrvEmulator"="\"C:\\Programme\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Programme\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\"" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "CTxfiHlp"="CTXFIHLP.EXE" "CTHelper"="CTHELPER.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,cb,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,50,01,00,00,62,01,00,00,20,01,00,00,23,01,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "MaxRecentDocs"=dword:0000001f "NoRecentDocsHistory"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="E:\\AIM95\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AnyDVD" "hkey"="HKLM" "command"="\"E:\\AnyDVD\\AnyDVD.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"e:\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dxdllreg" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\dxdllreg.exe " "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BJPSMAIN" "hkey"="HKLM" "command"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nod32kui" "hkey"="HKLM" "command"="\"E:\\Antivir\\nod32kui.exe\" /WAITSERVICE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nTrayFw" "hkey"="HKLM" "command"="E:\\Nvida\\bin\\nTrayFw.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overnet] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Overnet" "hkey"="HKLM" "command"="E:\\Overnet\\Overnet.exe -t" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdReg" "hkey"="HKLM" "command"="C:\\WINDOWS\\UpdReg.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YahooMessenger" "hkey"="HKCU" "command"="\"E:\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 06-12-31 2:23:19.77 C:\ComboFix.txt ... 06-12-31 02:23 C:\ComboFix2.txt ... 06-12-23 02:18 |
|
|
||
31.12.2006, 13:56
Ehrenmitglied
Beiträge: 29434 |
#14
um das ganze abzuschliessen: scanne mit panda und poste den report + das neue log vom hijackthis
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
----------------------------------------------------------
System Security Center Alert:
Warning! Spyware files are detected on your computer!
It’s highly recommended to scan the system immediately to remove all dangerous spyware/adware programs.
Spyware gathers your private information without your consent.
This information includes passwords and credit card details, as well as other sensitive data.
Once installed, spyware keeps track of your surfing habits, which makes it possible for unsolicited ads and SPAM messages.
Spyware can not be removed by antivirus and firewalls.
These programs are not even able to find evidence of spyware being installed on the computer.
Spyware also uses your computer’s memory and system resources making your PC incredibly slow
--------------------------------------------------------
Kann mir jemand helfen mal, wie ich den unsinn los bekomme wieder?
Lg danke im vorraus