"system alert" -anleitung

Thema ist geschlossen!
Thema ist geschlossen!
#0
26.12.2006, 14:32
...neu hier

Beiträge: 7
#1 KANN MIR EINER HELFEN MIT DIESEM "system alert" ?????
bitte........schnell...
thx Daniel
Seitenanfang Seitenende
26.12.2006, 14:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 1.
Erstellen eines Hijackthis-Logfiles
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

2.
Folgen den Anweisungen unter
http://virus-protect.org/cleanup.html
und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht)

3.
combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.12.2006, 14:37
...neu hier

Themenstarter

Beiträge: 7
#3 Scanner (hjackthis):


Logfile of HijackThis v1.99.1
Scan saved at 13:16:25, on 26.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Video ActiveX Object\isamonitor.exe
C:\Programme\Video ActiveX Object\pmsngr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Roxio\CinePlayer\DMXLauncher.exe
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Video ActiveX Object\pmmon.exe
C:\Programme\Video ActiveX Object\isamini.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Mozilla1.7.13\mozilla.exe
C:\DOKUME~1\Benjamin\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\Benjamin\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Programme\Conceiva\DownloadStudio\DLMonitr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Programme\Conceiva\DownloadStudio\WebDLBar.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Programme\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Programme\Roxio\CinePlayer\DMXLauncher.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadStudio] C:\Programme\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Auswahl mit DownloadStudio herunterladen... - C:\Programme\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Bild mit DownloadStudio herunterladen... - C:\Programme\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Downloadziel mit DownloadStudio... - C:\Programme\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Seite mit DownloadStudio herunterladen... - C:\Programme\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Seiten Links mit DownloadStudio anzeigen... - C:\Programme\Conceiva\DownloadStudio\ds_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Programme\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Programme\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Programme\Conceiva\DownloadStudio\WebDLBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141546086265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 004 (ClipInc004) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 005 (ClipInc005) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 006 (ClipInc006) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 007 (ClipInc007) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 008 (ClipInc008) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 009 (ClipInc009) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 010 (ClipInc010) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 011 (ClipInc011) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 012 (ClipInc012) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 013 (ClipInc013) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 014 (ClipInc014) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Seitenanfang Seitenende
26.12.2006, 14:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 nun poste noch das log von combofix
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.12.2006, 14:40
...neu hier

Themenstarter

Beiträge: 7
#5 ComboFix:


Daniel - 06-12-26 14:25:52.76 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Programme\Mozilla1.7.13"

((((((((((((((((((((((((((((((( Files Created from 2006-11-26 to 2006-12-26 ))))))))))))))))))))))))))))))))))


2006-12-26 14:18 <DIR> d-------- C:\Programme\CleanUp!
2006-12-26 14:14 <DIR> d-------- C:\Programme\SpywareHeal
2006-12-25 18:17 <DIR> d-------- C:\Programme\AntiVermins
2006-12-25 18:15 20,992 --a------ C:\WINDOWS\system32\cthkpcv.dll
2006-12-25 18:15 <DIR> d-------- C:\Programme\Video ActiveX Object
2006-12-24 12:51 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-12-24 12:51 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-12-24 12:51 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2006-12-24 12:51 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2006-12-24 12:51 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-12-24 12:51 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-12-24 12:51 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-12-24 12:51 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-24 12:50 <DIR> d-------- C:\Kopie von WINDOWS
2006-12-24 12:50 <DIR> d-------- C:\DirectX
2006-12-24 12:33 <DIR> d-------- C:\Programme\NASA
2006-12-23 19:22 <DIR> d-------- C:\Programme\Wisdom-soft AutoScreenRecorder
2006-12-22 17:48 295,952 --a------ C:\WINDOWS\SCRANTIC.SCR
2006-12-22 17:48 <DIR> d-------- C:\SIERRA
2006-12-17 17:20 <DIR> d-------- C:\Programme\QuickTime
2006-12-17 17:19 <DIR> d-------- C:\Programme\Apple Software Update
2006-12-17 17:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-26 14:25 -------- d-------- C:\Programme\Mozilla1.7.13
2006-12-26 14:24 -------- d-------- C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Skype
2006-12-25 17:59 -------- d-------- C:\Programme\PokerStars
2006-12-17 14:37 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-12-16 15:15 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-12-16 13:21 -------- d-------- C:\Programme\Outlook Express
2006-12-15 20:16 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-14 15:11 -------- d-------- C:\Programme\Internet Explorer
2006-12-06 19:13 -------- d-------- C:\Programme\Winamp
2006-12-06 19:13 -------- d-------- C:\Programme\Gamers.IRC
2006-12-06 19:13 -------- d-------- C:\Programme\Game Cam Lite v1.4
2006-12-06 19:12 -------- d-------- C:\Programme\Warcraft III
2006-11-25 17:11 99024 --a------ C:\WINDOWS\MozillaUninstall.exe
2006-11-25 17:11 -------- d-------- C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Talkback
2006-11-25 17:11 -------- d-------- C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Mozilla
2006-11-25 15:42 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"DMXLauncher"="C:\\Programme\\Roxio\\CinePlayer\\DMXLauncher.exe"
"farstone"=""
"CloneCDElbyCDFL"="\"C:\\Programme\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"CloneCDTray"="\"C:\\Programme\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Premium\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"DownloadStudio"="C:\\Programme\\Conceiva\\DownloadStudio\\DownloadStudioScheduleMonitor.exe"
"SpywareHeal"="C:\\Programme\\SpywareHeal\\SpywareHeal.exe /h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.wetteronline.de/daten/radar/dwddg/2006/07/11/1600.gif?f4ad7ba3728cc6a83636290251366951&LANG=de"
"SubscribedURL"="http://www.wetteronline.de/daten/radar/dwddg/2006/07/11/1600.gif?f4ad7ba3728cc6a83636290251366951&LANG=de"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,bc,02,00,00,ad,00,00,00,bd,01,00,00,c2,01,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,6d,01,00,00,bd,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,23,05,41,c0,ac,74,30,e0,08,04,68,de,23,05,20,6d,\
23,05,6b,b9,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://www.wetteronline.de/daten/radar/dsmall/std.gif?82c490a167013c098226bc6219961c87&LANG=de"
"SubscribedURL"="http://www.wetteronline.de/daten/radar/dsmall/std.gif?82c490a167013c098226bc6219961c87&LANG=de"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,0e,03,00,00,86,00,00,00,93,01,00,00,e4,01,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,23,00,00,00,9f,00,00,00,bc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,f9,02,00,00,1b,01,00,00,93,01,00,00,e4,01,\
00,00,01,00,00,40

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="http://www.radiohamburg.de/media/img/hinhoerer/kreise.gif?1159636450"
"SubscribedURL"="http://www.radiohamburg.de/media/img/hinhoerer/kreise.gif?1159636450"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,53,00,00,00,e4,01,00,00,b0,02,00,00,ce,01,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,57,01,00,00,b0,02,00,00,ce,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,bd,05,41,c0,ac,74,e8,65,ac,03,68,de,bd,05,20,6d,\
bd,05,da,cb,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="http://www.finanztreff.de/ftreff/1/chart.gfx?time=0&symbol=EUR&countryId=276&
exchangeId=11&chartType=0&height=480&width=640&gridGlobalOff=0&highLow=0&fill=0&averag
e=0&average=0&overTime=2&split=1&u=0&k=0"
"SubscribedURL"="http://www.finanztreff.de/ftreff/1/chart.gfx?time=0&symbol=EUR&countryI
d=276&exchangeId=11&chartType=0&height=480&width=640&gridGlobalOff=0&highLow=0&fill=0&average=0&average=0&overTime=2&split=1&u=0&k=0"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,ff,ff,ff,ff,09,00,00,00,80,02,00,00,e0,01,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,80,02,00,00,e0,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,21,06,41,c0,ac,74,f8,7b,b5,03,68,de,21,06,20,6d,\
21,06,e2,c1,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="http://live.focus.msn.de/imedia/211/20211_X+YwxOxPhcuHF_lQJ7I7kgf934oWv1JwnMCzU_9nGfo=.jpg"
"SubscribedURL"="http://live.focus.msn.de/imedia/211/20211_X+YwxOxPhcuHF_lQJ7I7kgf934oWv1JwnMCzU_9nGfo=.jpg"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,6f,03,00,00,00,02,00,00,90,01,00,00,90,01,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,c0,03,00,00,35,00,00,00,90,01,00,00,90,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,35,06,41,c0,ac,74,08,10,e1,03,68,de,35,06,20,6d,\
35,06,df,d2,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
"Source"="http://www.finanztreff.de/ftreff/1/chart.gfx?time=0&symbol=8
46900&countryId=276&exchangeId=9&chartType=0&height=480&width=640&gridGlobalOff=0&hig
hLow=0&fill=0&average=0&average=0&overTime=2&split=1&u=0&k=0"
"SubscribedURL"="http://www.finanztreff.de/ftreff/1/chart.gfx?time=0&symbol=846
900&countryId=276&exchangeId=9&chartType=0&height=480&width=640&gridG
lobalOff=0&highLow=0&fill=0&average=0&average=0&overTime=2&split=1&u=0&k=0"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,83,02,00,00,09,00,00,00,80,02,00,00,e0,01,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,57,01,00,00,80,02,00,00,e0,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,9f,05,41,c0,ac,74,08,80,b1,03,68,de,9f,05,20,6d,\
9f,05,e2,c1,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,9e,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"none"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"
"isamini.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"buprestidae"="{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-26 14:26:38.50
C:\ComboFix.txt ... 06-12-26 14:26








is das posten?? tT
Seitenanfang Seitenende
26.12.2006, 15:06
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Daniel_76

Download Registry Search by Bobbi Flekman
http://www.bleepingcomputer.com/files/regsearch.php
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

SpywareHeal

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

gleiches mit:

AntiVermins
Video ActiveX Object


________________________________________________________

««
http://virus-protect.org/artikel/tools/agentransack.html
kopiere in Suche:

SpywareHeal
AntiVermins
Video ActiveX Object

und poste, was angezeigt wird
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.12.2006, 15:55
...neu hier

Themenstarter

Beiträge: 7
#7 Wie folgt:
SpywareHeal:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 26.12.2006 15:42:45 for strings:
; 'spywareheal'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFA75D89-F998-4F7C-B1BF-D7BCB85DFB2E}\1.0\0\win32]
@="C:\\Programme\\SpywareHeal\\SpywareHeal.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFA75D89-F998-4F7C-B1BF-D7BCB85DFB2E}\1.0\HELPDIR]
@="C:\\Programme\\SpywareHeal\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SpywareHeal]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SpywareHeal\DEBUG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareHeal.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareHeal.exe]
@="C:\\Programme\\SpywareHeal\\SpywareHeal.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareHeal"="C:\\Programme\\SpywareHeal\\SpywareHeal.exe /h"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareHeal]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareHeal]
"DisplayName"="SpywareHeal 2.2"
"UninstallString"="C:\\Programme\\SpywareHeal\\uninst.exe"
"DisplayIcon"="C:\\Programme\\SpywareHeal\\SpywareHeal.exe"
"NSIS:StartMenuDir"="SpywareHeal"
"Publisher"="SpywareHeal"

[HKEY_LOCAL_MACHINE\SOFTWARE\SpywareHeal]

[HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpywareHeal]

[HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Download\\HackerAbwehr\\spyheal_setup.exe"="SpywareHeal Install"
"C:\\Programme\\SpywareHeal\\SpywareHeal.exe"="Anti- spyware and adware"

; End Of The Log...


AntiVermins:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 26.12.2006 15:44:50 for strings:
; 'antivermins'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560}\1.0\0\win32]
@="C:\\Programme\\AntiVermins\\AntiVermins.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560}\1.0\HELPDIR]
@="C:\\Programme\\AntiVermins\\"

[HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntiVermins]

[HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOKUME~1\\Benjamin\\LOKALE~1\\Temp\\av13.exe"="AntiVermins Install"
"C:\\Programme\\AntiVermins\\AntiVermins.exe"="Anti- spyware and adware"
"C:\\Programme\\AntiVermins\\uninst.exe"="AntiVermins Install"
"C:\\DOKUME~1\\Benjamin\\LOKALE~1\\Temp\\~nsu.tmp\\Au_.exe"="AntiVermins Install"

; End Of The Log...

Video ActiveX Object:


REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 26.12.2006 15:46:16 for strings:
; 'video activex object'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}\InprocServer32]
@="C:\\Programme\\Video ActiveX Object\\iesplugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}\InprocServer32]
@="C:\\Programme\\Video ActiveX Object\\isaddon.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"none"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"
"isamini.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006]
"UninstallString"="\"C:\\Programme\\Video ActiveX Object\\iesuninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On]
"UninstallString"="\"C:\\Programme\\Video ActiveX Object\\isauninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03]
"UninstallString"="\"C:\\Programme\\Video ActiveX Object\\pmuninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object]
"DisplayName"="Video ActiveX Object 2.07"
"UninstallString"="C:\\Programme\\Video ActiveX Object\\uninst.exe"
"DisplayIcon"="C:\\Programme\\Video ActiveX Object\\uninst.exe"
"Publisher"="Video ActiveX Object Software"

[HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Internet Security]
"Path"="C:\\Programme\\Video ActiveX Object"

[HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\Video ActiveX Object\\pmsngr.exe"="pmsngr"
"C:\\Programme\\Video ActiveX Object\\isamonitor.exe"="isamonitor"

; End Of The Log...

XP-Suche:

SpywareHeal:


C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\SpywareHeal 2.2.lnk (1 KB, 26.12.2006 14:14:16)
C:\Dokumente und Einstellungen\Benjamin\Desktop\SpywareHeal.lnk (1 KB, 26.12.2006 14:14:16)
C:\Dokumente und Einstellungen\Benjamin\Startmenü\SpywareHeal 2.2.lnk (1 KB, 26.12.2006 14:14:16)
C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal (26.12.2006 14:14:17)
C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal\SpywareHeal 2.2 Website.lnk (1 KB, 26.12.2006 14:14:17)
C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal\SpywareHeal 2.2.lnk (1 KB, 26.12.2006 14:14:16)
C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal\Uninstall SpywareHeal 2.2.lnk (1 KB, 26.12.2006 14:14:17)
C:\Programme\SpywareHeal (26.12.2006 14:52:04)
C:\Programme\SpywareHeal\SpywareHeal.exe (1904 KB, 12.12.2006 22:41:10)
C:\Programme\SpywareHeal\SpywareHeal.url (1 KB, 26.12.2006 14:14:16)
C:\WINDOWS\Prefetch\SPYWAREHEAL.EXE-370E5B55.pf (43 KB, 26.12.2006 14:14:28)

AntiVermins:

C:\Programme\AntiVermins (25.12.2006 18:23:43)
C:\Programme\AntiVermins\AntiVermins.exe (1736 KB, 19.12.2006 15:05:12)


Video ActiveX Object:

C:\Programme\Video ActiveX Object (25.12.2006 18:15:51)

----------------------------------------------------------------------------
Alles gepostet!
Seitenanfang Seitenende
26.12.2006, 17:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 Daniel_76

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein (ohne "Zitat" )

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SpywareHeal
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|none
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|buprestidae
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}

registry keys to delete:
HKLM\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFA75D89-F998-4F7C-B1BF-D7BCB85DFB2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SpywareHeal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareHeal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareHeal
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareHeal
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560}
HKLM\SOFTWARE\AntiVermins

Files to delete:
C:\WINDOWS\Prefetch\SPYWAREHEAL.EXE-370E5B55.pf
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\SpywareHeal 2.2.lnk
C:\Dokumente und Einstellungen\%Username%\Desktop\SpywareHeal.lnk
C:\Dokumente und Einstellungen\%Username%\Startmenü\SpywareHeal 2.2.lnk
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\av13.exe
C:\WINDOWS\system32\cthkpcv.dll
C:\Download\HackerAbwehr\spyheal_setup.exe

Folders to delete:
C:\Programme\SpywareHeal
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\SpywareHeal
C:\Programme\AntiVermins
C:\Programme\Video ActiveX Object
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\~nsu.tmp

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
poste das log vom avenger, was nach neustart erscheint

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.12.2006, 11:50
...neu hier

Themenstarter

Beiträge: 7
#9 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\v^dexnmj

*******************

Script file located at: \??\C:\muamohal.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Prefetch\SPYWAREHEAL.EXE-370E5B55.pf deleted successfully.
File C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\SpywareHeal 2.2.lnk deleted successfully.
File C:\Dokumente und Einstellungen\Benjamin\Desktop\SpywareHeal.lnk deleted successfully.
File C:\Dokumente und Einstellungen\Benjamin\Startmenü\SpywareHeal 2.2.lnk deleted successfully.


File C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\av13.exe not found!
Deletion of file C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\av13.exe failed!

Could not process line:
C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\av13.exe
Status: 0xc0000034

File C:\WINDOWS\system32\cthkpcv.dll deleted successfully.
File C:\Download\HackerAbwehr\spyheal_setup.exe deleted successfully.
Folder C:\Programme\SpywareHeal deleted successfully.
Folder C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal deleted successfully.
Folder C:\Programme\AntiVermins deleted successfully.
Folder C:\Programme\Video ActiveX Object deleted successfully.


Folder C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\~nsu.tmp not found!
Deletion of folder C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\~nsu.tmp failed!

Could not process line:
C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\~nsu.tmp
Status: 0xc0000034

Registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SpywareHeal deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|none deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe deleted successfully.
Registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|buprestidae deleted successfully.
Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} deleted successfully.
Registry key HKLM\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFA75D89-F998-4F7C-B1BF-D7BCB85DFB2E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SpywareHeal deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareHeal.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareHeal deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpywareHeal deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560} deleted successfully.


Registry key HKLM\SOFTWARE\AntiVermins not found!
Deletion of registry key HKLM\SOFTWARE\AntiVermins failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.




Danke!!!
(Ich hätte noch 3 Fragen: Gibt es ein Programm, das diesen Virus zukünftig blockt? Wie kann ich verhindern, dass dieser Virus nocheinmal meinen Rechner befällt?? Hat der Virus schaden hinterlassen?)
Seitenanfang Seitenende
27.12.2006, 12:07
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 ««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

««
es reicht aus, dass du keine verseuchten Codecs laedst ;) -bevor du auf Laden klickst - Gehirn einschalten !
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.12.2006, 13:08
...neu hier

Beiträge: 2
#11 Hi!
Ich hab genau den selben Virus oder was auch immer! Ständig blinkt dieses System Alert in meiner Taskleiste! Nun hab ich mir auch die oben genannten Tools runtergeladen und wollte jetzt die Logfiles posten, damit mir auch jemand bzw. Sabina helfen kann! ;) Vielen Dank!

Gruß, Sheilon!

___________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 13:02:44, on 28.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS.0\system32\brsvc01a.exe
C:\WINDOWS.0\system32\brss01a.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\bmwebcfg.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\oodag.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\mHotkey.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Elantech\ktp.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\Programme\Microsoft Encarta\Encarta 2007 - Enzyklopaedie DVD\EDICT.EXE
C:\programme\steam\steam.exe
C:\Programme\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Autostart\procexp.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPAPI\MPAPI3s.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programme\DeskTask\DeskTask.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\FreshDevices\FreshDownload\fd.exe
C:\Downloads\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programme\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O2 - BHO: Hilfsobjekt für Encarta Web-Begleiter - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C2A65479-0D35-4F61-BA03-BCC14A77F6CC} - C:\WINDOWS.0\system32\p2pneush.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Programme\FreshDevices\FreshDownload\fdiebar.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Programme\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [KTPWare] C:\Programme\Elantech\ktp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E07DXLRD_8070890] "C:\Programme\Microsoft Encarta\Encarta 2007 - Enzyklopaedie DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: DeskTask.lnk = C:\Programme\DeskTask\DeskTask.exe
O4 - Global Startup: procexp.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FreshDownload - {BABFCE11-8817-4125-BE9F-739F35596232} - C:\Programme\FreshDevices\FreshDownload\fd.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF8BEF31-1486-431D-901F-7B42AF2A3B2B}: NameServer = 192.168.100.249
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS.0\system32\cthkpcv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS.0\system32\bmwebcfg.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS.0\system32\brsvc01a.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.0\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe


____________________________________________________
EDIT: Hier ist noch meine logfile von combofix.exe:

Administrator - 06-12-28 13:35:17,48 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-11-28 to 2006-12-28 ))))))))))))))))))))))))))))))))))


2006-12-28 13:10 <DIR> d-------- C:\Programme\CleanUp!
2006-12-27 10:04 <DIR> d-------- C:\Programme\Xvid
2006-12-26 18:38 <DIR> d-------- C:\Programme\SlySoft
2006-12-26 18:20 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.HOME-PC\Anwendungsdaten\SlySoft
2006-12-26 18:09 20,992 --a------ C:\WINDOWS.0\system32\cthkpcv.dll
2006-12-26 17:56 <DIR> d-------- C:\Programme\DVDx
2006-12-26 17:33 <DIR> d--hs---- C:\Dokumente und Einstellungen\Administrator.HOME-PC\Phone Browser
2006-12-26 17:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\PC Suite
2006-12-26 17:27 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.HOME-PC\Anwendungsdaten\Nokia
2006-12-26 17:26 <DIR> d-------- C:\Programme\PC Connectivity Solution
2006-12-26 17:26 <DIR> d-------- C:\Programme\Nokia
2006-12-26 17:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2006-12-26 14:36 <DIR> d-------- C:\WINDOWS.0\SxsCaPendDel
2006-12-24 19:21 <DIR> d-------- C:\Programme\DeskTask
2006-12-24 19:04 <DIR> d-------- C:\Programme\Gabest
2006-12-24 18:03 765,952 --a------ C:\WINDOWS.0\system32\xvidcore.dll
2006-12-24 18:03 180,224 --a------ C:\WINDOWS.0\system32\xvidvfw.dll
2006-12-24 17:53 <DIR> d-------- C:\Programme\Machinist2DLL
2006-12-24 17:48 <DIR> d-------- C:\Programme\ShrinkTo5Basic
2006-12-24 11:15 <DIR> d-------- C:\Programme\NAMCO BANDAI Games
2006-12-23 09:13 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.HOME-PC\Anwendungsdaten\SecondLife
2006-12-23 09:12 <DIR> d-------- C:\Programme\SecondLife
2006-12-21 22:25 <DIR> d-------- C:\Programme\SkinBuilder
2006-12-21 20:34 <DIR> d-------- C:\Programme\FreshDevices
2006-12-21 20:17 22,130 --a------ C:\WINDOWS.0\system32\p2pneush.dll
2006-12-21 20:17 <DIR> d-------- C:\Programme\Serials 2000 7.1 Plus
2006-12-21 19:16 <DIR> d-------- C:\Programme\Microsoft Virtual PC Trial
2006-12-19 22:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\WebSpeech.4.0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS.0\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"E07DXLRD_8070890"="\"C:\\Programme\\Microsoft Encarta\\Encarta 2007 - Enzyklopaedie DVD\\EDICT.EXE\" -m"
"Steam"="\"c:\\programme\\steam\\steam.exe\" -silent"
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PCSync2.exe /NoDialog"
"AnyDVD"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS.0\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"CHotkey"="mHotkey.exe"
"KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Programme\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"KTPWare"="C:\\Programme\\Elantech\\ktp.exe"
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SSBkgdUpdate"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Programme\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Programme\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Programme\\Brother\\Brmfl05a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Programme\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"PCSuiteTrayApplication"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,92,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS.0\\system32\\CTFMON.EXE"
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS.0\\system32\\CTFMON.EXE"
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoCDBurning"=dword:00000001
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"buprestidae"="{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"E07DXLRD_37675109"="\"C:\\Programme\\Microsoft Encarta\\Encarta 2007 - Enzyklopaedie DVD\\EDICT.EXE\" -m"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"="\"C:\\DOKUMENTE UND EINSTELLUNGEN\\ALL USERS.WINDOWS.0\\STARTMENü\\PROGRAMME\\AUTOSTART\\PROCEXP.EXE\""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS.0\tasks\1-Klick-Wartung.job

Completion time: 06-12-28 13:38:28.42
C:\ComboFix.txt ... 06-12-28 13:38
Dieser Beitrag wurde am 28.12.2006 um 13:40 Uhr von Sheilon editiert.
Seitenanfang Seitenende
28.12.2006, 14:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Sheilon

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|buprestidae
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run|none

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A65479-0D35-4F61-BA03-BCC14A77F6CC}
HKLM\SOFTWARE\Classes\CLSID\{C2A65479-0D35-4F61-BA03-BCC14A77F6CC}
HKLM\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKLM\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

Files to delete:
C:\WINDOWS.0\system32\p2pneush.dll
C:\WINDOWS.0\system32\cthkpcv.dll

Folders to delete:
C:\Programme\Video ActiveX Object
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.12.2006, 12:29
...neu hier

Beiträge: 2
#13 Vielen Dank für die tolle Hilfe! Ich werde euer Forum weiterempfehlen! ;)

Grüße, Sheilon!
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: