Schei... "System Alert"

#1 hi,
ich habe das gleiche problem wie ein anderer schon mit dem "Fragezeichen" neben der uhr. ich habe schon die log gemacht blicke aber nicht durch - bitte helft mir!!

((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))


2007-01-21 18:06 1,302 --a------ C:\WINDOWS\system32\msvtr.dll
2007-01-19 17:20 67,072 --a------ C:\WINDOWS\system32\faultrep.dll
2007-01-19 17:11 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-01-19 17:11 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-01-19 17:11 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-01-19 17:11 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-01-19 17:11 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-01-19 17:11 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-01-19 14:29 <DIR> d-------- C:\temp
2007-01-19 14:27 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-19 14:27 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-19 14:27 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\Media Center Programs
2007-01-19 13:57 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2007-01-19 13:55 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\Hamachi
2007-01-19 00:13 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\Skype
2007-01-19 00:13 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Skype
2007-01-18 12:56 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\ACStealth4
2007-01-14 21:26 65,536 --a------ C:\WINDOWS\system32\foxcbmp3.dll
2007-01-14 21:25 796,672 --a------ C:\WINDOWS\GPInstall.exe
2007-01-14 03:57 <DIR> d-------- C:\Programme\xp-AntiSpy
2007-01-13 21:39 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\teamspeak2
2007-01-12 16:46 <DIR> d-------- C:\Programme\AntiVerminser
2007-01-12 16:45 20,992 --a------ C:\WINDOWS\system32\gwquvw.dll
2007-01-12 00:41 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\pixelStorm
2007-01-10 21:01 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\AnoNet
2007-01-10 18:21 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\Google
2007-01-10 18:21 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Google
2007-01-10 18:20 <DIR> d-------- C:\Programme\Google
2007-01-10 01:33 <DIR> d-------- C:\Programme\MorpheusBar
2007-01-10 01:32 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\Morpheus
2007-01-10 00:59 <DIR> d-------- C:\My Shared Folder
2007-01-10 00:59 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\Kazaa Lite
2007-01-09 19:13 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\ICQ Toolbar
2007-01-09 18:51 <DIR> d-------- C:\DOKUME~1\XY\Anwendungsdaten\ICQLite
2007-01-09 18:12 <DIR> d-------- C:\DOKUME~1\XY\Contacts
2007-01-09 18:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-09 18:11 <DIR> d-------- C:\Programme\MSN Messenger


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-31 17:51 -------- d-------- C:\Programme\mozilla firefox
2007-01-25 16:46 -------- d--h----- C:\Programme\installshield installation information
2007-01-19 13:55 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-01-11 15:23 -------- d---s---- C:\DOKUME~1\XY\Anwendungsdaten\microsoft
2007-01-10 23:10 -------- d-------- C:\DOKUME~1\XY\Anwendungsdaten\dvdcss
2007-01-10 17:31 -------- d-------- C:\DOKUME~1\XY\Anwendungsdaten\mozilla
2007-01-09 20:22 -------- d-------- C:\Programme\avisynth 2.5
2006-12-22 15:21 15890 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2006-12-16 20:40 -------- d-------- C:\Programme\smartsound software
2006-12-16 20:36 -------- d-------- C:\Programme\windows media-komponenten
2006-12-16 20:34 -------- d-------- C:\Programme\Gemeinsame Dateien\ulead systems
2006-12-16 20:12 -------- d-------- C:\DOKUME~1\XY\Anwendungsdaten\macromedia
2006-12-11 21:02 -------- d-------- C:\Programme\electronic arts
2006-12-10 20:36 1385984 --a------ C:\WINDOWS\system32\telintf.dll
2006-12-10 20:36 -------- d-------- C:\Programme\motec
2006-12-06 21:29 -------- d-------- C:\DOKUME~1\XY\Anwendungsdaten\apple computer
2006-12-03 22:07 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-11-30 22:07 21504 --a------ C:\WINDOWS\jestertb.dll
2006-11-14 23:02 112 --a------ C:\WINDOWS\system32\dsoudd.dll
2006-11-13 22:29 4258 --a------ C:\WINDOWS\system32\dsoud1.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Steam"=""
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="D:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.dll,CMICtrlWnd"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"DAEMON Tools"="\"d:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ICQ Lite"="\"d:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"SpyBlocker"="D:\\Spyblock\\spyblocker.exe"
"RivaTuner"="\"D:\\Programme\\RivaTuner v2.0 Final Release\\RivaTuner.exe\" /T"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgnt"
"hkey"="HKLM"
"command"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"d:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"D:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gain_trickler_3202"
"hkey"="HKLM"
"command"="\"c:\\programme\\divx\\divx pro codec\\gain_trickler_3202.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zango"
"hkey"="HKLM"
"command"="\"c:\\programme\\zango\\zango.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=dword:00000002
"SQLWriter"=dword:00000003
"SLEE_401_SERVICE"=dword:00000002
"MSSQL$SQLEXPRESS"=dword:00000002
"MDM"=dword:00000002
"IDriverT"=dword:00000003
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


Completion time: 07-02-01 11:11:40


MFG@all thx thx

#2 VaTo

1.
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

AntiVerminser

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.


2. http://virus-protect.org/artikel/tools/agentransack.html
kopiere in Suche: AntiVerminser
poste laut anleitung alles, was erscheint

___________

Info: antiverminser
http://virus-protect.org/artikel/spyware/antiverminser.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 erstma danke für die schnelle antwort!!!

so... schritt 1.

; Results at 01.02.2007 23:08:48 for strings:
; 'antiverminser'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_CURRENT_USER\SOFTWARE\Agent_EXE\Agent Ransack\RecentContains]
"1"="AntiVerminser"

[HKEY_CURRENT_USER\SOFTWARE\Agent_EXE\Agent Ransack\RecentFileName]
"1"="AntiVerminser"

; End Of The Log...


...schritt 2.
prog hat nichts gefunden...

und?

THX@Sabina

#4 VaTo

arbeite das avengerscript + smitfraudfix ab
http://virus-protect.org/artikel/spyware/antiverminser.html

so wird geloescht:
2007-01-12 16:46 <DIR> d-------- C:\Programme\AntiVerminser
2007-01-12 16:45 20,992 --a------ C:\WINDOWS\system32\gwquvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"
__________
MfG Sabina

rund um die PC-Sicherheit

#5 hi

nach dem avengerscript :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dvmactrm

*******************

Script file located at: \??\C:\ubweulpb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


File C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url deleted successfully.
File C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url deleted successfully.

----------------------------------------------------------------

aber das Fragezeichen ist weg...


beim SmitFraudFix :

SmitFraudFix v2.137

Scan done at 10:57:46,20, 02.02.2007
Run from C:\Dokumente und Einstellungen\XY\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

.... DANKE jetzt ist das symbol weg!!!

kommt noch was?