Win Antivirus Pro 2006 & Flirt Fever Problem

#0
20.04.2007, 11:43
...neu hier

Beiträge: 2
#1 Hallo, ich habe das problem, dass sich mein internet explorer selbstständig macht und eine seite öffnet die mir rät win antivirus 2006 pro zu kaufen. Das dies nicht ratsam ist konnte ich schon aus dem forum entnehmen, ab und zu öffnet sich auch die seite 'flirt-fever' von selbst, was kann ich dagegen unternehmen?

(Gestern hatte ich auch noch probleme mit error safe und drive cleaner, doch nachdem ich spybot search&destroy laufen lassen hab, sind diese probleme bis jetzt nicht mehr aufgetreten, aber ich beobachte das noch)

Ich hoffe ihr könnt mir weiter helfen, aber bedenkt dass ich nur ein Leihe mit beschränkten Kenntnissen bin.

Logfile of HijackThis v1.99.1
Scan saved at 11:20:41, on 20.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\VMConnect.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\bmctl.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\WLANClient\WlanClient.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\bmop.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Jonas\LOKALE~1\Temp\Rar$EX00.637\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uni-bielefeld.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1C7\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EF4B333-F329-4219-A913-DE97E234EDFD}: NameServer = 139.7.30.125 139.7.30.126
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Vielen Dank schonmal vorab!!!

mfg jonas33
Seitenanfang Seitenende
20.04.2007, 11:54
Moderator

Beiträge: 7805
#2 Wir brauchen das ganze Programm an Reporte: http://board.protecus.de/t23187.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
20.04.2007, 15:27
...neu hier

Themenstarter

Beiträge: 2
#3 okay, hier der rest:

"Jonas" - 07-04-20 14:40:54 Service Pack 2
ComboFix 07-04-20V - Running from: C:\Dokumente und Einstellungen\Jonas\Eigene Dateien\


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\byvww.dll
C:\WINDOWS\system32\byxwxwx.dll
C:\WINDOWS\system32\iifdabc.dll
C:\WINDOWS\system32\wwvyb.ini
C:\WINDOWS\system32\egggh.bak1
C:\WINDOWS\system32\egggh.ini
C:\WINDOWS\system32\hggge.dll
C:\WINDOWS\system32\tuvsrst.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 ))))))))))))))))))))))))))))))))))


2007-04-20 00:46 <DIR> d-a------ C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
2007-04-20 00:46 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Simply Super Software
2007-04-19 23:54 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-04-19 21:29 6,560 --a------ C:\WINDOWS\system32\wayay.bak1.ren
2007-04-19 21:27 7,963 --ahs---- C:\WINDOWS\system32\wayay.ini.ren
2007-04-19 21:27 281,172 --a------ C:\WINDOWS\system32\yayaw.dll.ren
2007-04-19 21:08 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-04-19 21:08 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-04-19 21:08 <DIR> d-------- C:\Programme\Trojan Remover
2007-04-19 21:08 <DIR> d-------- C:\DOKUME~1\Jonas\ANWEND~1\Simply Super Software
2007-04-19 14:06 <DIR> d-------- C:\WINDOWS\system32\cache329
2007-04-19 14:05 <DIR> d--h----- C:\DBBackup
2007-04-19 14:04 <DIR> d-------- C:\WINDOWS\cdmxtras
2007-04-19 14:00 10 --a------ C:\WINDOWS\smdat32m.sys
2007-04-19 12:50 516,773 --ahs---- C:\WINDOWS\system32\tvuvw.ini.ren
2007-04-19 12:50 483,466 --a------ C:\WINDOWS\system32\tvuvw.bak1.ren
2007-04-19 12:50 281,172 --a------ C:\WINDOWS\system32\wvuvt.dll.ren
2007-04-17 23:32 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\PopCap
2007-04-11 11:49 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-11 11:49 42,648 --a------ C:\WINDOWS\zllsputility_loc0407.dll
2007-04-11 11:49 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc0407.dll
2007-04-11 11:49 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc0407.dll
2007-04-11 11:49 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-19 16:16 75392 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-19 16:16 416044 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-19 14:04 -------- d--h----- C:\Programme\installshield installation information
2007-04-19 12:03 -------- d-------- C:\Programme\mozilla thunderbird
2007-04-19 11:16 -------- d-------- C:\Programme\pokerstars.net
2007-04-17 17:46 -------- d-------- C:\Programme\pokerstars
2007-04-16 23:58 -------- d-------- C:\DOKUME~1\Jonas\ANWEND~1\skype
2007-04-11 11:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-20 23:19 -------- d-------- C:\Programme\google
2007-03-18 21:06 -------- d-------- C:\Programme\elaborate bytes
2007-03-18 21:05 -------- d-------- C:\Programme\slysoft
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 01:02 54936 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 23:34 -------- d-------- C:\Programme\icqlite
2007-02-07 05:20 34152 --a------ C:\DOKUME~1\Jonas\ANWEND~1\gdipfontcachev1.dat
2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D} C:\Programme\ICQToolbar\tbu1C7\toolbaru.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Programme\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programme\google\googletoolbar3.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{C333CF63-767F-4831-94AC-E683D962C63C} C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
{E54C62B9-BCA4-4514-9A35-7269D5C4F1A2} C:\WINDOWS\system32\yayaw.dll [x]
{E837C55E-524E-4746-9335-78EF3BECDD05} C:\WINDOWS\system32\wvuvt.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HKSERV.EXE"="C:\\Programme\\Sony\\HotKey Utility\\HKserv.exe"
"TrojanScanner"="C:\\Programme\\Trojan Remover\\Trjscan.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"CursorXP"="C:\\Programme\\CursorXP\\CursorXP.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"NBJ"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
@=""
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\IC_START.EXE /nosplash"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"SystemManager"="C:\\WINDOWS\\System32\\ctsrv.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ISDN Guard.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\ISDN Guard.lnk"
"backup"="C:\\WINDOWS\\pss\\ISDN Guard.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AGFEO\\ISDNGU~1\\agfguard.exe "
"item"="ISDN Guard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Photo Loader resident.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Photo Loader resident.lnk"
"backup"="C:\\WINDOWS\\pss\\Photo Loader resident.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CASIO\\PHOTOL~1\\Plauto.exe "
"item"="Photo Loader resident"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Programme\\Apoint\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgnt"
"hkey"="HKLM"
"command"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="\"C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IC_START"
"hkey"="HKCU"
"command"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\IC_START.EXE /nosplash"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICO"
"hkey"="HKLM"
"command"="ICO.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ToADiMon"
"hkey"="HKLM"
"command"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="C:\\Programme\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VAIOUpdt"
"hkey"="HKLM"
"command"="\"C:\\Programme\\sony\\vaio update 2\\VAIOUpdt.exe\" /Stationary"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=dword:00000003
"VAIOMediaPlatform-PhotoServer-UPnP"=dword:00000002
"VAIOMediaPlatform-PhotoServer-HTTP"=dword:00000002
"VAIOMediaPlatform-PhotoServer-AppServer"=dword:00000002
"VAIOMediaPlatform-MusicServer-UPnP"=dword:00000002
"VAIOMediaPlatform-MusicServer-HTTP"=dword:00000002
"VAIOMediaPlatform-MusicServer-AppServer"=dword:00000002
"SPTISRV"=dword:00000003
"SNDSrvc"=dword:00000003
"SBService"=dword:00000002
"SAVScan"=dword:00000003
"PACSPTISVR"=dword:00000003
"navapsvc"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
"btwdins"=dword:00000002
"bmwebcfg"=dword:00000002
"AVWUpSrv"=dword:00000002
"ATI Smart"=dword:00000002
"Pml Driver HPZ12"=dword:00000003
"IDriverT"=dword:00000003
"Ati HotKey Poller"=dword:00000002
"MZCCntrl"=dword:00000002
"gusvc"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prfen.job
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************
Datentr„ger in Laufwerk C: ist VAIO
Volumeseriennummer: F4D3-0EAE

Verzeichnis von C:\WINDOWS\system32

07-04-20 14:56 55,081 vsconfig.xml
07-04-20 14:52 1,158 wpa.dbl
07-04-20 00:50 0 mcrh.tmp
07-04-19 23:17 7,963 wayay.ini.ren
07-04-19 21:29 6,560 wayay.bak1.ren
07-04-19 21:27 281,172 yayaw.dll.ren
07-04-19 21:14 516,773 tvuvw.ini.ren
07-04-19 16:16 401,398 perfh009.dat
07-04-19 16:16 62,678 perfc009.dat
07-04-19 16:16 416,044 perfh007.dat
07-04-19 16:16 75,392 perfc007.dat
07-04-19 16:16 965,874 PerfStringBackup.INI
07-04-19 16:10 159,544 FNTCACHE.DAT
07-04-19 12:50 483,466 tvuvw.bak1.ren
07-04-19 12:50 281,172 wvuvt.dll.ren
07-04-11 11:51 4,212 zllictbl.dat
07-04-03 22:48 13,511,640 MRT.exe
07-03-17 15:44 293,376 winsrv.dll
07-03-09 13:51 270,336 xpsp3res.dll
07-03-09 01:02 54,936 vsutil_loc0407.dll
07-03-09 01:02 18,072 imslsp_install_loc0407.dll
07-03-09 01:02 22,168 imsinstall_loc0407.dll
07-03-09 01:02 394,192 vsdatant.sys
07-03-09 01:01 1,087,216 zpeng24.dll
07-03-09 01:01 71,408 zlcommdb.dll
07-03-09 01:01 100,080 vsxml.dll
07-03-09 01:01 46,832 vswmi.dll
07-03-09 01:01 83,696 zlcomm.dll
07-03-09 01:01 472,816 vsutil.dll
07-03-09 01:01 71,408 vsregexp.dll
07-03-09 01:01 276,208 vspubapi.dll
07-03-09 01:01 104,176 vsmonapi.dll
07-03-09 01:01 83,696 vsdata.dll
07-03-09 01:01 157,424 vsinit.dll
07-03-08 17:36 281,600 gdi32.dll
07-03-08 17:36 40,960 mf3216.dll
07-03-08 17:36 579,072 user32.dll
07-03-08 17:32 1,843,712 win32k.sys
07-02-28 18:02 2,182,656 ntoskrnl.exe
07-02-28 18:02 2,059,904 ntkrnlpa.exe
07-02-17 13:19 4,154 ModemLog_ISDN Custom Config.txt
07-02-17 13:19 4,602 ModemLog_ISDN BTX.txt
07-02-17 13:19 4,622 ModemLog_ISDN - ISDN (X.75).txt
07-02-17 13:19 4,624 ModemLog_ISDN Mailbox (X.75).txt
07-02-17 13:19 4,634 ModemLog_ISDN RAS (PPP over ISDN).txt
07-02-17 13:19 4,644 ModemLog_ISDN Internet (PPP over ISDN).txt
07-02-15 20:24 122,142 TZLog.log
07-02-15 19:00 236,928 SETA.tmp
07-02-05 22:18 185,856 upnphost.dll
07-01-30 21:54 70,343 NULL
07-01-29 10:58 60,416 tzchange.exe
07-01-23 21:30 546,304 hhctrl.ocx
07-01-12 10:27 27,136 jsproxy.dll
07-01-12 10:27 458,752 msfeeds.dll
07-01-12 10:27 3,580,416 mshtml.dll
07-01-12 10:27 51,712 msfeedsbs.dll
07-01-12 10:27 670,720 mstime.dll
07-01-12 10:27 822,784 wininet.dll
07-01-12 10:27 1,149,952 urlmon.dll
07-01-12 10:27 6,054,400 ieframe.dll
07-01-12 10:27 232,960 webcheck.dll
07-01-12 10:27 132,608 extmgr.dll
07-01-12 10:27 477,696 mshtmled.dll
07-01-10 18:42 1,040,384 ieframe.dll.mui
07-01-08 20:04 105,984 url.dll
07-01-08 20:04 102,400 occache.dll
07-01-08 20:03 193,024 msrating.dll
07-01-08 20:02 1,823,744 inetcpl.cpl
07-01-08 20:02 266,752 iertutil.dll
07-01-08 20:02 44,544 iernonce.dll
07-01-08 20:02 153,088 ieakeng.dll
07-01-08 20:02 161,792 ieakui.dll
07-01-08 20:02 384,000 iedkcs32.dll
07-01-08 20:02 383,488 ieapfltr.dll
07-01-08 20:02 230,400 ieaksie.dll
07-01-08 20:01 17,408 corpol.dll
07-01-08 20:00 124,928 advpack.dll
07-01-08 19:08 56,832 ie4uinit.exe
07-01-08 19:08 13,824 ieudinit.exe

Datentr„ger in Laufwerk C: ist VAIO
Volumeseriennummer: F4D3-0EAE

Verzeichnis von C:\DOKUME~1\Jonas\LOKALE~1\Temp

Datentr„ger in Laufwerk C: ist VAIO
Volumeseriennummer: F4D3-0EAE

Verzeichnis von C:\WINDOWS

07-04-20 15:21 9,446 ModemLog_Novatel Wireless UMTS Modem Primary Port.txt
07-04-20 14:52 0 0.log
07-04-20 14:51 159 wiadebug.log
07-04-20 14:51 1,851,505 WindowsUpdate.log
07-04-20 14:51 50 wiaservc.log
07-04-20 14:51 2,048 bootstat.dat
07-04-20 14:44 5,559 wskat.ini
07-04-20 14:25 32,606 SchedLgU.Txt
07-04-19 18:44 202 NeroDigital.ini
07-04-19 18:27 155 winamp.ini
07-04-19 16:16 160,047 iis6.log
07-04-19 16:16 276,410 comsetup.log
07-04-19 16:16 400,051 tsoc.log
07-04-19 16:16 167,749 ntdtcsetup.log
07-04-19 16:16 1,917 imsins.log
07-04-19 16:16 36,912 ocmsn.log
07-04-19 16:16 516,375 ocgen.log
07-04-19 16:16 51,426 msgsocm.log
07-04-19 16:16 1,011,413 FaxSetup.log
07-04-19 16:16 826,365 setupapi.log
07-04-19 15:51 8,096 setupact.log
07-04-19 14:21 10 smdat32m.sys
07-04-12 09:35 1,374 imsins.BAK
07-04-12 09:35 14,543 KB931784.log
07-04-12 09:33 12,599 KB931261.log
07-04-12 09:33 12,907 KB930178.log
07-04-12 09:33 82,505 updspapi.log
07-04-12 09:32 14,665 KB932168.log
07-04-09 12:37 1,119 win.ini
07-04-03 23:48 15,213 KB925902.log
07-03-20 23:22 227 system.ini
07-03-18 12:30 12,235 KB929338.log
07-03-18 11:00 300,986 DirectX.log
07-03-09 01:02 42,648 zllsputility_loc0407.dll
07-03-09 01:02 75,512 zllsputility.exe
07-03-01 11:36 29,524 WgaNotify.log
07-02-17 13:20 6,090 ModemLog_Bluetooth Modem.txt
07-02-17 13:19 3,716 ModemLog_CXT AC-Link Modem for ALi.txt
07-02-16 14:50 12,552 KB928090-IE7.log
07-02-15 20:25 15,573 KB927779.log
07-02-15 20:24 12,574 KB927802.log
07-02-15 20:24 12,213 KB928255.log
07-02-15 20:24 3,921 KB923723.log
07-02-15 20:24 8,940 KB924667.log
07-02-15 20:24 21,215 KB931836.log
07-02-15 20:24 10,717 KB926436.log
07-02-15 20:24 10,928 KB918118.log
07-02-15 20:23 10,801 KB928843.log
07-01-30 23:03 2,902 COM+.log
07-01-30 21:49 211 uno.ini
07-01-17 17:21 252,619 wmsetup.log
07-01-17 10:51 0 setuperr.log
07-01-12 00:35 3,610 KB929969.log


Datentr„ger in Laufwerk C: ist VAIO
Volumeseriennummer: F4D3-0EAE

Verzeichnis von C:\WINDOWS\Temp

07-04-20 14:56 256 ZLT02852.TMP
07-04-20 14:56 256 ZLT0284f.TMP
07-04-20 14:52 409 WGANotify.settings
07-04-20 14:52 255 WGAErrLog.txt
07-04-20 14:33 256 ZLT0165f.TMP
07-04-20 14:33 256 ZLT0165c.TMP
6 Datei(en) 1,688 Bytes
0 Verzeichnis(se), 10,643,632,128 Bytes frei
Datentr„ger in Laufwerk C: ist VAIO
Volumeseriennummer: F4D3-0EAE

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06-12-27 18:46 2,557,752 ImageUploader4.ocx
06-12-27 18:45 377 ImageUploader4.inf
06-06-22 11:41 5,032 swflash.inf
04-04-15 11:33 65 desktop.ini
03-12-19 17:02 126,976 popcaploader.dll
03-12-19 15:43 241 popcaploader.inf
6 Datei(en) 2,690,443 Bytes
0 Verzeichnis(se), 10,643,632,128 Bytes frei

Datentr„ger in Laufwerk C: ist VAIO
Volumeseriennummer: F4D3-0EAE

Verzeichnis von C:\

07-04-20 15:25 0 sys.txt
07-04-20 15:25 544 down.txt
07-04-20 15:24 513 tmp.txt
07-04-20 15:24 15,858 system.txt
07-04-20 15:24 124 systemtemp.txt
07-04-20 15:24 101,548 system32.txt
07-04-20 14:54 45 TEST.XML
07-04-20 14:51 535,875,584 hiberfil.sys
07-04-20 14:51 805,306,368 pagefile.sys
07-03-20 23:22 194 boot.ini
Seitenanfang Seitenende
20.04.2007, 15:44
Moderator

Beiträge: 7805
#4 Da hat copmbofix einiges an Vorarbeit geleistet.

Mache bitte folgendes:
Aktualisiere Antivir, stelle dein Antivir ein, wie hier beschrieben:
http://board.protecus.de/t23979.htm

starte im abgesicherten Modus:
http://www.bsi.bund.de/av/texte/wiederher.htm

Nutze die Datentraegerbereinigung(ausser alte Dateien komprimieren) Zusaetzlich noch die Systemwiederherstellung uber "weitere Optionen" saeubern.
http://support.microsoft.com/default.aspx?scid=kb;de;315246

Lasse Antivir dort deine Festplatten pruefen und alle Funde in die Quarantäne schieben.

Zusaetzlich bitte noch Cureit nutzen Anleitung: http://virus-protect.org/cureit.html
Aber bitte den Download von hier nutzen http://freedrweb.com/?lng=de
Dann den Rechner neu starten, poste den Bericht, den Antivir und Cureit im abgesicherten Modus erstellt haben und dazu noch ein aktuelles Hijackthis log(vor dem Start Hijackthis.exe in test.com umbenennen).
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: