"system alert" -anleitungThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
26.12.2006, 14:32
...neu hier
Beiträge: 7 |
||
|
||
26.12.2006, 14:35
Ehrenmitglied
Beiträge: 29434 |
#2
1.
Erstellen eines Hijackthis-Logfiles http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" 2. Folgen den Anweisungen unter http://virus-protect.org/cleanup.html und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht) 3. combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.12.2006, 14:37
...neu hier
Themenstarter Beiträge: 7 |
#3
Scanner (hjackthis):
Logfile of HijackThis v1.99.1 Scan saved at 13:16:25, on 26.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Premium\sched.exe C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Video ActiveX Object\isamonitor.exe C:\Programme\Video ActiveX Object\pmsngr.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Roxio\CinePlayer\DMXLauncher.exe C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Programme\Winamp\winampa.exe C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\Programme\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\Microsoft Office\Office\OSA.EXE C:\Programme\Video ActiveX Object\pmmon.exe C:\Programme\Video ActiveX Object\isamini.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Mozilla1.7.13\mozilla.exe C:\DOKUME~1\Benjamin\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOKUME~1\Benjamin\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: IeMonitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Programme\Conceiva\DownloadStudio\DLMonitr.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Programme\Conceiva\DownloadStudio\WebDLBar.dll O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Programme\Video ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [DMXLauncher] C:\Programme\Roxio\CinePlayer\DMXLauncher.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [DownloadStudio] C:\Programme\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - Startup: StarOffice 7.lnk = C:\Program Files\StarOffice7\program\quickstart.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: Auswahl mit DownloadStudio herunterladen... - C:\Programme\Conceiva\DownloadStudio\ds_sel.htm O8 - Extra context menu item: Bild mit DownloadStudio herunterladen... - C:\Programme\Conceiva\DownloadStudio\ds_img.htm O8 - Extra context menu item: Downloadziel mit DownloadStudio... - C:\Programme\Conceiva\DownloadStudio\ds_file.htm O8 - Extra context menu item: Seite mit DownloadStudio herunterladen... - C:\Programme\Conceiva\DownloadStudio\ds_all.htm O8 - Extra context menu item: Seiten Links mit DownloadStudio anzeigen... - C:\Programme\Conceiva\DownloadStudio\ds_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Programme\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Programme\Conceiva\DownloadStudio\DownloadStudio.exe O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Programme\Conceiva\DownloadStudio\WebDLBar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'avsda.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141546086265 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 004 (ClipInc004) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 005 (ClipInc005) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 006 (ClipInc006) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 007 (ClipInc007) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 008 (ClipInc008) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 009 (ClipInc009) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 010 (ClipInc010) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 011 (ClipInc011) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 012 (ClipInc012) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 013 (ClipInc013) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 014 (ClipInc014) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
||
26.12.2006, 14:39
Ehrenmitglied
Beiträge: 29434 |
||
|
||
26.12.2006, 14:40
...neu hier
Themenstarter Beiträge: 7 |
#5
ComboFix:
Daniel - 06-12-26 14:25:52.76 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Programme\Mozilla1.7.13" ((((((((((((((((((((((((((((((( Files Created from 2006-11-26 to 2006-12-26 )))))))))))))))))))))))))))))))))) 2006-12-26 14:18 <DIR> d-------- C:\Programme\CleanUp! 2006-12-26 14:14 <DIR> d-------- C:\Programme\SpywareHeal 2006-12-25 18:17 <DIR> d-------- C:\Programme\AntiVermins 2006-12-25 18:15 20,992 --a------ C:\WINDOWS\system32\cthkpcv.dll 2006-12-25 18:15 <DIR> d-------- C:\Programme\Video ActiveX Object 2006-12-24 12:51 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2006-12-24 12:51 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2006-12-24 12:51 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2006-12-24 12:51 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2006-12-24 12:51 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2006-12-24 12:51 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2006-12-24 12:51 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2006-12-24 12:51 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2006-12-24 12:50 <DIR> d-------- C:\Kopie von WINDOWS 2006-12-24 12:50 <DIR> d-------- C:\DirectX 2006-12-24 12:33 <DIR> d-------- C:\Programme\NASA 2006-12-23 19:22 <DIR> d-------- C:\Programme\Wisdom-soft AutoScreenRecorder 2006-12-22 17:48 295,952 --a------ C:\WINDOWS\SCRANTIC.SCR 2006-12-22 17:48 <DIR> d-------- C:\SIERRA 2006-12-17 17:20 <DIR> d-------- C:\Programme\QuickTime 2006-12-17 17:19 <DIR> d-------- C:\Programme\Apple Software Update 2006-12-17 17:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-26 14:25 -------- d-------- C:\Programme\Mozilla1.7.13 2006-12-26 14:24 -------- d-------- C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Skype 2006-12-25 17:59 -------- d-------- C:\Programme\PokerStars 2006-12-17 14:37 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-12-16 15:15 -------- d-------- C:\Programme\Gemeinsame Dateien\System 2006-12-16 13:21 -------- d-------- C:\Programme\Outlook Express 2006-12-15 20:16 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-12-14 15:11 -------- d-------- C:\Programme\Internet Explorer 2006-12-06 19:13 -------- d-------- C:\Programme\Winamp 2006-12-06 19:13 -------- d-------- C:\Programme\Gamers.IRC 2006-12-06 19:13 -------- d-------- C:\Programme\Game Cam Lite v1.4 2006-12-06 19:12 -------- d-------- C:\Programme\Warcraft III 2006-11-25 17:11 99024 --a------ C:\WINDOWS\MozillaUninstall.exe 2006-11-25 17:11 -------- d-------- C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Talkback 2006-11-25 17:11 -------- d-------- C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Mozilla 2006-11-25 15:42 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start" "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "DMXLauncher"="C:\\Programme\\Roxio\\CinePlayer\\DMXLauncher.exe" "farstone"="" "CloneCDElbyCDFL"="\"C:\\Programme\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL" "CloneCDTray"="\"C:\\Programme\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\"" "WinampAgent"="C:\\Programme\\Winamp\\winampa.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Premium\\avgnt.exe\" /min" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "DownloadStudio"="C:\\Programme\\Conceiva\\DownloadStudio\\DownloadStudioScheduleMonitor.exe" "SpywareHeal"="C:\\Programme\\SpywareHeal\\SpywareHeal.exe /h" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="http://www.wetteronline.de/daten/radar/dwddg/2006/07/11/1600.gif?f4ad7ba3728cc6a83636290251366951&LANG=de" "SubscribedURL"="http://www.wetteronline.de/daten/radar/dwddg/2006/07/11/1600.gif?f4ad7ba3728cc6a83636290251366951&LANG=de" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,bc,02,00,00,ad,00,00,00,bd,01,00,00,c2,01,00,00,e8,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,6d,01,00,00,bd,01,00,00,c2,01,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,23,05,41,c0,ac,74,30,e0,08,04,68,de,23,05,20,6d,\ 23,05,6b,b9,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="http://www.wetteronline.de/daten/radar/dsmall/std.gif?82c490a167013c098226bc6219961c87&LANG=de" "SubscribedURL"="http://www.wetteronline.de/daten/radar/dsmall/std.gif?82c490a167013c098226bc6219961c87&LANG=de" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,0e,03,00,00,86,00,00,00,93,01,00,00,e4,01,00,00,ea,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,23,00,00,00,9f,00,00,00,bc,00,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,f9,02,00,00,1b,01,00,00,93,01,00,00,e4,01,\ 00,00,01,00,00,40 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] "Source"="http://www.radiohamburg.de/media/img/hinhoerer/kreise.gif?1159636450" "SubscribedURL"="http://www.radiohamburg.de/media/img/hinhoerer/kreise.gif?1159636450" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,53,00,00,00,e4,01,00,00,b0,02,00,00,ce,01,00,00,ec,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,57,01,00,00,b0,02,00,00,ce,01,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,bd,05,41,c0,ac,74,e8,65,ac,03,68,de,bd,05,20,6d,\ bd,05,da,cb,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] "Source"="http://www.finanztreff.de/ftreff/1/chart.gfx?time=0&symbol=EUR&countryId=276& exchangeId=11&chartType=0&height=480&width=640&gridGlobalOff=0&highLow=0&fill=0&averag e=0&average=0&overTime=2&split=1&u=0&k=0" "SubscribedURL"="http://www.finanztreff.de/ftreff/1/chart.gfx?time=0&symbol=EUR&countryI d=276&exchangeId=11&chartType=0&height=480&width=640&gridGlobalOff=0&highLow=0&fill=0&average=0&average=0&overTime=2&split=1&u=0&k=0" "FriendlyName"="" "Flags"=dword:00002001 "Position"=hex:2c,00,00,00,ff,ff,ff,ff,09,00,00,00,80,02,00,00,e0,01,00,00,ee,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,80,02,00,00,e0,01,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,21,06,41,c0,ac,74,f8,7b,b5,03,68,de,21,06,20,6d,\ 21,06,e2,c1,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4] "Source"="http://live.focus.msn.de/imedia/211/20211_X+YwxOxPhcuHF_lQJ7I7kgf934oWv1JwnMCzU_9nGfo=.jpg" "SubscribedURL"="http://live.focus.msn.de/imedia/211/20211_X+YwxOxPhcuHF_lQJ7I7kgf934oWv1JwnMCzU_9nGfo=.jpg" "FriendlyName"="" "Flags"=dword:00002001 "Position"=hex:2c,00,00,00,6f,03,00,00,00,02,00,00,90,01,00,00,90,01,00,00,f0,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,c0,03,00,00,35,00,00,00,90,01,00,00,90,01,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,35,06,41,c0,ac,74,08,10,e1,03,68,de,35,06,20,6d,\ 35,06,df,d2,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5] "Source"="http://www.finanztreff.de/ftreff/1/chart.gfx?time=0&symbol=8 46900&countryId=276&exchangeId=9&chartType=0&height=480&width=640&gridGlobalOff=0&hig hLow=0&fill=0&average=0&average=0&overTime=2&split=1&u=0&k=0" "SubscribedURL"="http://www.finanztreff.de/ftreff/1/chart.gfx?time=0&symbol=846 900&countryId=276&exchangeId=9&chartType=0&height=480&width=640&gridG lobalOff=0&highLow=0&fill=0&average=0&average=0&overTime=2&split=1&u=0&k=0" "FriendlyName"="" "Flags"=dword:00002001 "Position"=hex:2c,00,00,00,83,02,00,00,09,00,00,00,80,02,00,00,e0,01,00,00,f2,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,57,01,00,00,80,02,00,00,e0,01,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,9f,05,41,c0,ac,74,08,80,b1,03,68,de,9f,05,20,6d,\ 9f,05,e2,c1,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,9e,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe" "none"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe" "isamini.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" "buprestidae"="{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-12-26 14:26:38.50 C:\ComboFix.txt ... 06-12-26 14:26 is das posten?? tT |
|
|
||
26.12.2006, 15:06
Ehrenmitglied
Beiträge: 29434 |
#6
Daniel_76
Download Registry Search by Bobbi Flekman http://www.bleepingcomputer.com/files/regsearch.php und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) SpywareHeal in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. gleiches mit: AntiVermins Video ActiveX Object ________________________________________________________ «« http://virus-protect.org/artikel/tools/agentransack.html kopiere in Suche: SpywareHeal AntiVermins Video ActiveX Object und poste, was angezeigt wird __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.12.2006, 15:55
...neu hier
Themenstarter Beiträge: 7 |
#7
Wie folgt:
SpywareHeal: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 26.12.2006 15:42:45 for strings: ; 'spywareheal' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFA75D89-F998-4F7C-B1BF-D7BCB85DFB2E}\1.0\0\win32] @="C:\\Programme\\SpywareHeal\\SpywareHeal.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFA75D89-F998-4F7C-B1BF-D7BCB85DFB2E}\1.0\HELPDIR] @="C:\\Programme\\SpywareHeal\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SpywareHeal] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SpywareHeal\DEBUG] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareHeal.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareHeal.exe] @="C:\\Programme\\SpywareHeal\\SpywareHeal.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpywareHeal"="C:\\Programme\\SpywareHeal\\SpywareHeal.exe /h" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareHeal] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareHeal] "DisplayName"="SpywareHeal 2.2" "UninstallString"="C:\\Programme\\SpywareHeal\\uninst.exe" "DisplayIcon"="C:\\Programme\\SpywareHeal\\SpywareHeal.exe" "NSIS:StartMenuDir"="SpywareHeal" "Publisher"="SpywareHeal" [HKEY_LOCAL_MACHINE\SOFTWARE\SpywareHeal] [HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpywareHeal] [HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Download\\HackerAbwehr\\spyheal_setup.exe"="SpywareHeal Install" "C:\\Programme\\SpywareHeal\\SpywareHeal.exe"="Anti- spyware and adware" ; End Of The Log... AntiVermins: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 26.12.2006 15:44:50 for strings: ; 'antivermins' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560}\1.0\0\win32] @="C:\\Programme\\AntiVermins\\AntiVermins.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560}\1.0\HELPDIR] @="C:\\Programme\\AntiVermins\\" [HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AntiVermins] [HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\DOKUME~1\\Benjamin\\LOKALE~1\\Temp\\av13.exe"="AntiVermins Install" "C:\\Programme\\AntiVermins\\AntiVermins.exe"="Anti- spyware and adware" "C:\\Programme\\AntiVermins\\uninst.exe"="AntiVermins Install" "C:\\DOKUME~1\\Benjamin\\LOKALE~1\\Temp\\~nsu.tmp\\Au_.exe"="AntiVermins Install" ; End Of The Log... Video ActiveX Object: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 26.12.2006 15:46:16 for strings: ; 'video activex object' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}\InprocServer32] @="C:\\Programme\\Video ActiveX Object\\iesplugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}\InprocServer32] @="C:\\Programme\\Video ActiveX Object\\isaddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe" "none"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe" "isamini.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006] "UninstallString"="\"C:\\Programme\\Video ActiveX Object\\iesuninst.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On] "UninstallString"="\"C:\\Programme\\Video ActiveX Object\\isauninst.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03] "UninstallString"="\"C:\\Programme\\Video ActiveX Object\\pmuninst.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object] "DisplayName"="Video ActiveX Object 2.07" "UninstallString"="C:\\Programme\\Video ActiveX Object\\uninst.exe" "DisplayIcon"="C:\\Programme\\Video ActiveX Object\\uninst.exe" "Publisher"="Video ActiveX Object Software" [HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Internet Security] "Path"="C:\\Programme\\Video ActiveX Object" [HKEY_USERS\S-1-5-21-1626110247-2642560380-3197060122-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Programme\\Video ActiveX Object\\pmsngr.exe"="pmsngr" "C:\\Programme\\Video ActiveX Object\\isamonitor.exe"="isamonitor" ; End Of The Log... XP-Suche: SpywareHeal: C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\SpywareHeal 2.2.lnk (1 KB, 26.12.2006 14:14:16) C:\Dokumente und Einstellungen\Benjamin\Desktop\SpywareHeal.lnk (1 KB, 26.12.2006 14:14:16) C:\Dokumente und Einstellungen\Benjamin\Startmenü\SpywareHeal 2.2.lnk (1 KB, 26.12.2006 14:14:16) C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal (26.12.2006 14:14:17) C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal\SpywareHeal 2.2 Website.lnk (1 KB, 26.12.2006 14:14:17) C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal\SpywareHeal 2.2.lnk (1 KB, 26.12.2006 14:14:16) C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal\Uninstall SpywareHeal 2.2.lnk (1 KB, 26.12.2006 14:14:17) C:\Programme\SpywareHeal (26.12.2006 14:52:04) C:\Programme\SpywareHeal\SpywareHeal.exe (1904 KB, 12.12.2006 22:41:10) C:\Programme\SpywareHeal\SpywareHeal.url (1 KB, 26.12.2006 14:14:16) C:\WINDOWS\Prefetch\SPYWAREHEAL.EXE-370E5B55.pf (43 KB, 26.12.2006 14:14:28) AntiVermins: C:\Programme\AntiVermins (25.12.2006 18:23:43) C:\Programme\AntiVermins\AntiVermins.exe (1736 KB, 19.12.2006 15:05:12) Video ActiveX Object: C:\Programme\Video ActiveX Object (25.12.2006 18:15:51) ---------------------------------------------------------------------------- Alles gepostet! |
|
|
||
26.12.2006, 17:00
Ehrenmitglied
Beiträge: 29434 |
#8
Daniel_76
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein (ohne "Zitat" ) Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» poste das log vom avenger, was nach neustart erscheint »» lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.12.2006, 11:50
...neu hier
Themenstarter Beiträge: 7 |
#9
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\v^dexnmj ******************* Script file located at: \??\C:\muamohal.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\Prefetch\SPYWAREHEAL.EXE-370E5B55.pf deleted successfully. File C:\Dokumente und Einstellungen\Benjamin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\SpywareHeal 2.2.lnk deleted successfully. File C:\Dokumente und Einstellungen\Benjamin\Desktop\SpywareHeal.lnk deleted successfully. File C:\Dokumente und Einstellungen\Benjamin\Startmenü\SpywareHeal 2.2.lnk deleted successfully. File C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\av13.exe not found! Deletion of file C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\av13.exe failed! Could not process line: C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\av13.exe Status: 0xc0000034 File C:\WINDOWS\system32\cthkpcv.dll deleted successfully. File C:\Download\HackerAbwehr\spyheal_setup.exe deleted successfully. Folder C:\Programme\SpywareHeal deleted successfully. Folder C:\Dokumente und Einstellungen\Benjamin\Startmenü\Programme\SpywareHeal deleted successfully. Folder C:\Programme\AntiVermins deleted successfully. Folder C:\Programme\Video ActiveX Object deleted successfully. Folder C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\~nsu.tmp not found! Deletion of folder C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\~nsu.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Benjamin\Lokale Einstellungen\Temp\~nsu.tmp Status: 0xc0000034 Registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SpywareHeal deleted successfully. Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully. Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|none deleted successfully. Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|buprestidae deleted successfully. Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} deleted successfully. Registry key HKLM\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFA75D89-F998-4F7C-B1BF-D7BCB85DFB2E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SpywareHeal deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareHeal.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareHeal deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpywareHeal deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560} deleted successfully. Registry key HKLM\SOFTWARE\AntiVermins not found! Deletion of registry key HKLM\SOFTWARE\AntiVermins failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Danke!!! (Ich hätte noch 3 Fragen: Gibt es ein Programm, das diesen Virus zukünftig blockt? Wie kann ich verhindern, dass dieser Virus nocheinmal meinen Rechner befällt?? Hat der Virus schaden hinterlassen?) |
|
|
||
27.12.2006, 12:07
Ehrenmitglied
Beiträge: 29434 |
#10
««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html «« es reicht aus, dass du keine verseuchten Codecs laedst -bevor du auf Laden klickst - Gehirn einschalten ! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.12.2006, 13:08
...neu hier
Beiträge: 2 |
#11
Hi!
Ich hab genau den selben Virus oder was auch immer! Ständig blinkt dieses System Alert in meiner Taskleiste! Nun hab ich mir auch die oben genannten Tools runtergeladen und wollte jetzt die Logfiles posten, damit mir auch jemand bzw. Sabina helfen kann! Vielen Dank! Gruß, Sheilon! ___________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 13:02:44, on 28.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS.0\system32\brsvc01a.exe C:\WINDOWS.0\system32\brss01a.exe C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\system32\bmwebcfg.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS.0\system32\nvsvc32.exe C:\WINDOWS.0\system32\oodag.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS.0\system32\svchost.exe C:\Programme\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\RTHDCPL.EXE C:\WINDOWS.0\system32\wuauclt.exe C:\WINDOWS.0\mHotkey.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\Elantech\ktp.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS.0\system32\rundll32.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Brother\ControlCenter2\brctrcen.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Microsoft Encarta\Encarta 2007 - Enzyklopaedie DVD\EDICT.EXE C:\programme\steam\steam.exe C:\Programme\Nokia\Nokia PC Suite 6\PCSync2.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\SlySoft\AnyDVD\AnyDVD.exe C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Autostart\procexp.exe C:\Programme\Gemeinsame Dateien\Nokia\MPAPI\MPAPI3s.exe C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\Programme\DeskTask\DeskTask.exe C:\Programme\Mozilla Firefox\firefox.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programme\FreshDevices\FreshDownload\fd.exe C:\Downloads\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programme\FreshDevices\FreshDownload\fdcatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O2 - BHO: Hilfsobjekt für Encarta Web-Begleiter - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {C2A65479-0D35-4F61-BA03-BCC14A77F6CC} - C:\WINDOWS.0\system32\p2pneush.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Programme\FreshDevices\FreshDownload\fdiebar.dll O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Programme\Video ActiveX Object\iesplugin.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [KTPWare] C:\Programme\Elantech\ktp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [E07DXLRD_8070890] "C:\Programme\Microsoft Encarta\Encarta 2007 - Enzyklopaedie DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: DeskTask.lnk = C:\Programme\DeskTask\DeskTask.exe O4 - Global Startup: procexp.exe O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: FreshDownload - {BABFCE11-8817-4125-BE9F-739F35596232} - C:\Programme\FreshDevices\FreshDownload\fd.exe O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing O17 - HKLM\System\CCS\Services\Tcpip\..\{EF8BEF31-1486-431D-901F-7B42AF2A3B2B}: NameServer = 192.168.100.249 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS.0\system32\cthkpcv.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS.0\system32\bmwebcfg.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS.0\system32\brsvc01a.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.0\system32\oodag.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe ____________________________________________________ EDIT: Hier ist noch meine logfile von combofix.exe: Administrator - 06-12-28 13:35:17,48 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Downloads" ((((((((((((((((((((((((((((((( Files Created from 2006-11-28 to 2006-12-28 )))))))))))))))))))))))))))))))))) 2006-12-28 13:10 <DIR> d-------- C:\Programme\CleanUp! 2006-12-27 10:04 <DIR> d-------- C:\Programme\Xvid 2006-12-26 18:38 <DIR> d-------- C:\Programme\SlySoft 2006-12-26 18:20 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.HOME-PC\Anwendungsdaten\SlySoft 2006-12-26 18:09 20,992 --a------ C:\WINDOWS.0\system32\cthkpcv.dll 2006-12-26 17:56 <DIR> d-------- C:\Programme\DVDx 2006-12-26 17:33 <DIR> d--hs---- C:\Dokumente und Einstellungen\Administrator.HOME-PC\Phone Browser 2006-12-26 17:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\PC Suite 2006-12-26 17:27 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.HOME-PC\Anwendungsdaten\Nokia 2006-12-26 17:26 <DIR> d-------- C:\Programme\PC Connectivity Solution 2006-12-26 17:26 <DIR> d-------- C:\Programme\Nokia 2006-12-26 17:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia 2006-12-26 14:36 <DIR> d-------- C:\WINDOWS.0\SxsCaPendDel 2006-12-24 19:21 <DIR> d-------- C:\Programme\DeskTask 2006-12-24 19:04 <DIR> d-------- C:\Programme\Gabest 2006-12-24 18:03 765,952 --a------ C:\WINDOWS.0\system32\xvidcore.dll 2006-12-24 18:03 180,224 --a------ C:\WINDOWS.0\system32\xvidvfw.dll 2006-12-24 17:53 <DIR> d-------- C:\Programme\Machinist2DLL 2006-12-24 17:48 <DIR> d-------- C:\Programme\ShrinkTo5Basic 2006-12-24 11:15 <DIR> d-------- C:\Programme\NAMCO BANDAI Games 2006-12-23 09:13 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator.HOME-PC\Anwendungsdaten\SecondLife 2006-12-23 09:12 <DIR> d-------- C:\Programme\SecondLife 2006-12-21 22:25 <DIR> d-------- C:\Programme\SkinBuilder 2006-12-21 20:34 <DIR> d-------- C:\Programme\FreshDevices 2006-12-21 20:17 22,130 --a------ C:\WINDOWS.0\system32\p2pneush.dll 2006-12-21 20:17 <DIR> d-------- C:\Programme\Serials 2000 7.1 Plus 2006-12-21 19:16 <DIR> d-------- C:\Programme\Microsoft Virtual PC Trial 2006-12-19 22:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\WebSpeech.4.0 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS.0\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\"" "E07DXLRD_8070890"="\"C:\\Programme\\Microsoft Encarta\\Encarta 2007 - Enzyklopaedie DVD\\EDICT.EXE\" -m" "Steam"="\"c:\\programme\\steam\\steam.exe\" -silent" "PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PCSync2.exe /NoDialog" "AnyDVD"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS.0\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "Alcmtr"="ALCMTR.EXE" "CHotkey"="mHotkey.exe" "KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize" "ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup" "ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start" "IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "EOUApp"="\"C:\\Programme\\Intel\\Wireless\\Bin\\EOUWiz.exe\"" "KTPWare"="C:\\Programme\\Elantech\\ktp.exe" "NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" @="" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "SSBkgdUpdate"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "PaperPort PTD"="C:\\Programme\\ScanSoft\\PaperPort\\pptd40nt.exe" "IndexSearch"="C:\\Programme\\ScanSoft\\PaperPort\\IndexSearch.exe" "SetDefPrt"="C:\\Programme\\Brother\\Brmfl05a\\BrStDvPt.exe" "ControlCenter2.0"="C:\\Programme\\Brother\\ControlCenter2\\brctrcen.exe /autorun" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "PCSuiteTrayApplication"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,92,04,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS.0\\system32\\CTFMON.EXE" "PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS.0\\system32\\CTFMON.EXE" "PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoCDBurning"=dword:00000001 "NoRecentDocsMenu"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "none"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" "buprestidae"="{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "E07DXLRD_37675109"="\"C:\\Programme\\Microsoft Encarta\\Encarta 2007 - Enzyklopaedie DVD\\EDICT.EXE\" -m" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe] "Debugger"="\"C:\\DOKUMENTE UND EINSTELLUNGEN\\ALL USERS.WINDOWS.0\\STARTMENü\\PROGRAMME\\AUTOSTART\\PROCEXP.EXE\"" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS.0\tasks\1-Klick-Wartung.job Completion time: 06-12-28 13:38:28.42 C:\ComboFix.txt ... 06-12-28 13:38 Dieser Beitrag wurde am 28.12.2006 um 13:40 Uhr von Sheilon editiert.
|
|
|
||
28.12.2006, 14:08
Ehrenmitglied
Beiträge: 29434 |
#12
Sheilon
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.12.2006, 12:29
...neu hier
Beiträge: 2 |
||
|
||
bitte........schnell...
thx Daniel