Home » Spyware & Browser Hijacker Support Forum » Win Antivirus Pro 2006 & Flirt Fever Problem » Themenansicht
Win Antivirus Pro 2006 & Flirt Fever Problem |
||
|---|---|---|
| #0
| ||
|
20.04.2007, 11:43
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
20.04.2007, 11:54
Moderator
Beiträge: 7805 |
#2
Wir brauchen das ganze Programm an Reporte: http://board.protecus.de/t23187.htm
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
20.04.2007, 15:27
...neu hier
Themenstarter Beiträge: 2 |
#3
okay, hier der rest:
"Jonas" - 07-04-20 14:40:54 Service Pack 2 ComboFix 07-04-20V - Running from: C:\Dokumente und Einstellungen\Jonas\Eigene Dateien\ (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\byvww.dll C:\WINDOWS\system32\byxwxwx.dll C:\WINDOWS\system32\iifdabc.dll C:\WINDOWS\system32\wwvyb.ini C:\WINDOWS\system32\egggh.bak1 C:\WINDOWS\system32\egggh.ini C:\WINDOWS\system32\hggge.dll C:\WINDOWS\system32\tuvsrst.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 )))))))))))))))))))))))))))))))))) 2007-04-20 00:46 <DIR> d-a------ C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP 2007-04-20 00:46 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Simply Super Software 2007-04-19 23:54 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2007-04-19 21:29 6,560 --a------ C:\WINDOWS\system32\wayay.bak1.ren 2007-04-19 21:27 7,963 --ahs---- C:\WINDOWS\system32\wayay.ini.ren 2007-04-19 21:27 281,172 --a------ C:\WINDOWS\system32\yayaw.dll.ren 2007-04-19 21:08 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-04-19 21:08 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2007-04-19 21:08 <DIR> d-------- C:\Programme\Trojan Remover 2007-04-19 21:08 <DIR> d-------- C:\DOKUME~1\Jonas\ANWEND~1\Simply Super Software 2007-04-19 14:06 <DIR> d-------- C:\WINDOWS\system32\cache329 2007-04-19 14:05 <DIR> d--h----- C:\DBBackup 2007-04-19 14:04 <DIR> d-------- C:\WINDOWS\cdmxtras 2007-04-19 14:00 10 --a------ C:\WINDOWS\smdat32m.sys 2007-04-19 12:50 516,773 --ahs---- C:\WINDOWS\system32\tvuvw.ini.ren 2007-04-19 12:50 483,466 --a------ C:\WINDOWS\system32\tvuvw.bak1.ren 2007-04-19 12:50 281,172 --a------ C:\WINDOWS\system32\wvuvt.dll.ren 2007-04-17 23:32 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\PopCap 2007-04-11 11:49 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-04-11 11:49 42,648 --a------ C:\WINDOWS\zllsputility_loc0407.dll 2007-04-11 11:49 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc0407.dll 2007-04-11 11:49 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc0407.dll 2007-04-11 11:49 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-19 16:16 75392 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-19 16:16 416044 --a------ C:\WINDOWS\system32\perfh007.dat 2007-04-19 14:04 -------- d--h----- C:\Programme\installshield installation information 2007-04-19 12:03 -------- d-------- C:\Programme\mozilla thunderbird 2007-04-19 11:16 -------- d-------- C:\Programme\pokerstars.net 2007-04-17 17:46 -------- d-------- C:\Programme\pokerstars 2007-04-16 23:58 -------- d-------- C:\DOKUME~1\Jonas\ANWEND~1\skype 2007-04-11 11:51 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-20 23:19 -------- d-------- C:\Programme\google 2007-03-18 21:06 -------- d-------- C:\Programme\elaborate bytes 2007-03-18 21:05 -------- d-------- C:\Programme\slysoft 2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-09 01:02 54936 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll 2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-07 23:34 -------- d-------- C:\Programme\icqlite 2007-02-07 05:20 34152 --a------ C:\DOKUME~1\Jonas\ANWEND~1\gdipfontcachev1.dat 2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D} C:\Programme\ICQToolbar\tbu1C7\toolbaru.dll {53707962-6F74-2D53-2644-206D7942484F} C:\Programme\Spybot - Search & Destroy\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.5.0_09\bin\ssv.dll {9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programme\google\googletoolbar3.dll {BDF3E430-B101-42AD-A544-FADC6B084872} C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll {C333CF63-767F-4831-94AC-E683D962C63C} C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll {E54C62B9-BCA4-4514-9A35-7269D5C4F1A2} C:\WINDOWS\system32\yayaw.dll [x] {E837C55E-524E-4746-9335-78EF3BECDD05} C:\WINDOWS\system32\wvuvt.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HKSERV.EXE"="C:\\Programme\\Sony\\HotKey Utility\\HKserv.exe" "TrojanScanner"="C:\\Programme\\Trojan Remover\\Trjscan.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "CursorXP"="C:\\Programme\\CursorXP\\CursorXP.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "NBJ"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\"" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] @="" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\IC_START.EXE /nosplash" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "SystemManager"="C:\\WINDOWS\\System32\\ctsrv.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader Synchronizer.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE " "item"="Adobe Reader Synchronizer" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ISDN Guard.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\ISDN Guard.lnk" "backup"="C:\\WINDOWS\\pss\\ISDN Guard.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AGFEO\\ISDNGU~1\\agfguard.exe " "item"="ISDN Guard" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Photo Loader resident.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Photo Loader resident.lnk" "backup"="C:\\WINDOWS\\pss\\Photo Loader resident.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\CASIO\\PHOTOL~1\\Plauto.exe " "item"="Photo Loader resident" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Programme\\Apoint\\Apoint.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cli" "hkey"="HKLM" "command"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="atiptaxx" "hkey"="HKLM" "command"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgnt" "hkey"="HKLM" "command"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CloneCDTray" "hkey"="HKLM" "command"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ezSP_Px" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\ezSP_Px.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpcmpmgr" "hkey"="HKLM" "command"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="\"C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IC_START" "hkey"="HKCU" "command"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\IC_START.EXE /nosplash" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICO" "hkey"="HKLM" "command"="ICO.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBJ" "hkey"="HKCU" "command"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleToolbarNotifier" "hkey"="HKCU" "command"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ToADiMon" "hkey"="HKLM" "command"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UrlLstCk" "hkey"="HKLM" "command"="C:\\Programme\\Norton Internet Security\\UrlLstCk.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VAIOUpdt" "hkey"="HKLM" "command"="\"C:\\Programme\\sony\\vaio update 2\\VAIOUpdt.exe\" /Stationary" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "vsmon"=dword:00000003 "VAIOMediaPlatform-PhotoServer-UPnP"=dword:00000002 "VAIOMediaPlatform-PhotoServer-HTTP"=dword:00000002 "VAIOMediaPlatform-PhotoServer-AppServer"=dword:00000002 "VAIOMediaPlatform-MusicServer-UPnP"=dword:00000002 "VAIOMediaPlatform-MusicServer-HTTP"=dword:00000002 "VAIOMediaPlatform-MusicServer-AppServer"=dword:00000002 "SPTISRV"=dword:00000003 "SNDSrvc"=dword:00000003 "SBService"=dword:00000002 "SAVScan"=dword:00000003 "PACSPTISVR"=dword:00000003 "navapsvc"=dword:00000003 "ccSetMgr"=dword:00000002 "ccPwdSvc"=dword:00000003 "ccProxy"=dword:00000002 "ccEvtMgr"=dword:00000002 "btwdins"=dword:00000002 "bmwebcfg"=dword:00000002 "AVWUpSrv"=dword:00000002 "ATI Smart"=dword:00000002 "Pml Driver HPZ12"=dword:00000003 "IDriverT"=dword:00000003 "Ati HotKey Poller"=dword:00000002 "MZCCntrl"=dword:00000002 "gusvc"=dword:00000003 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prfen.job C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: F4D3-0EAE Verzeichnis von C:\WINDOWS\system32 07-04-20 14:56 55,081 vsconfig.xml 07-04-20 14:52 1,158 wpa.dbl 07-04-20 00:50 0 mcrh.tmp 07-04-19 23:17 7,963 wayay.ini.ren 07-04-19 21:29 6,560 wayay.bak1.ren 07-04-19 21:27 281,172 yayaw.dll.ren 07-04-19 21:14 516,773 tvuvw.ini.ren 07-04-19 16:16 401,398 perfh009.dat 07-04-19 16:16 62,678 perfc009.dat 07-04-19 16:16 416,044 perfh007.dat 07-04-19 16:16 75,392 perfc007.dat 07-04-19 16:16 965,874 PerfStringBackup.INI 07-04-19 16:10 159,544 FNTCACHE.DAT 07-04-19 12:50 483,466 tvuvw.bak1.ren 07-04-19 12:50 281,172 wvuvt.dll.ren 07-04-11 11:51 4,212 zllictbl.dat 07-04-03 22:48 13,511,640 MRT.exe 07-03-17 15:44 293,376 winsrv.dll 07-03-09 13:51 270,336 xpsp3res.dll 07-03-09 01:02 54,936 vsutil_loc0407.dll 07-03-09 01:02 18,072 imslsp_install_loc0407.dll 07-03-09 01:02 22,168 imsinstall_loc0407.dll 07-03-09 01:02 394,192 vsdatant.sys 07-03-09 01:01 1,087,216 zpeng24.dll 07-03-09 01:01 71,408 zlcommdb.dll 07-03-09 01:01 100,080 vsxml.dll 07-03-09 01:01 46,832 vswmi.dll 07-03-09 01:01 83,696 zlcomm.dll 07-03-09 01:01 472,816 vsutil.dll 07-03-09 01:01 71,408 vsregexp.dll 07-03-09 01:01 276,208 vspubapi.dll 07-03-09 01:01 104,176 vsmonapi.dll 07-03-09 01:01 83,696 vsdata.dll 07-03-09 01:01 157,424 vsinit.dll 07-03-08 17:36 281,600 gdi32.dll 07-03-08 17:36 40,960 mf3216.dll 07-03-08 17:36 579,072 user32.dll 07-03-08 17:32 1,843,712 win32k.sys 07-02-28 18:02 2,182,656 ntoskrnl.exe 07-02-28 18:02 2,059,904 ntkrnlpa.exe 07-02-17 13:19 4,154 ModemLog_ISDN Custom Config.txt 07-02-17 13:19 4,602 ModemLog_ISDN BTX.txt 07-02-17 13:19 4,622 ModemLog_ISDN - ISDN (X.75).txt 07-02-17 13:19 4,624 ModemLog_ISDN Mailbox (X.75).txt 07-02-17 13:19 4,634 ModemLog_ISDN RAS (PPP over ISDN).txt 07-02-17 13:19 4,644 ModemLog_ISDN Internet (PPP over ISDN).txt 07-02-15 20:24 122,142 TZLog.log 07-02-15 19:00 236,928 SETA.tmp 07-02-05 22:18 185,856 upnphost.dll 07-01-30 21:54 70,343 NULL 07-01-29 10:58 60,416 tzchange.exe 07-01-23 21:30 546,304 hhctrl.ocx 07-01-12 10:27 27,136 jsproxy.dll 07-01-12 10:27 458,752 msfeeds.dll 07-01-12 10:27 3,580,416 mshtml.dll 07-01-12 10:27 51,712 msfeedsbs.dll 07-01-12 10:27 670,720 mstime.dll 07-01-12 10:27 822,784 wininet.dll 07-01-12 10:27 1,149,952 urlmon.dll 07-01-12 10:27 6,054,400 ieframe.dll 07-01-12 10:27 232,960 webcheck.dll 07-01-12 10:27 132,608 extmgr.dll 07-01-12 10:27 477,696 mshtmled.dll 07-01-10 18:42 1,040,384 ieframe.dll.mui 07-01-08 20:04 105,984 url.dll 07-01-08 20:04 102,400 occache.dll 07-01-08 20:03 193,024 msrating.dll 07-01-08 20:02 1,823,744 inetcpl.cpl 07-01-08 20:02 266,752 iertutil.dll 07-01-08 20:02 44,544 iernonce.dll 07-01-08 20:02 153,088 ieakeng.dll 07-01-08 20:02 161,792 ieakui.dll 07-01-08 20:02 384,000 iedkcs32.dll 07-01-08 20:02 383,488 ieapfltr.dll 07-01-08 20:02 230,400 ieaksie.dll 07-01-08 20:01 17,408 corpol.dll 07-01-08 20:00 124,928 advpack.dll 07-01-08 19:08 56,832 ie4uinit.exe 07-01-08 19:08 13,824 ieudinit.exe Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: F4D3-0EAE Verzeichnis von C:\DOKUME~1\Jonas\LOKALE~1\Temp Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: F4D3-0EAE Verzeichnis von C:\WINDOWS 07-04-20 15:21 9,446 ModemLog_Novatel Wireless UMTS Modem Primary Port.txt 07-04-20 14:52 0 0.log 07-04-20 14:51 159 wiadebug.log 07-04-20 14:51 1,851,505 WindowsUpdate.log 07-04-20 14:51 50 wiaservc.log 07-04-20 14:51 2,048 bootstat.dat 07-04-20 14:44 5,559 wskat.ini 07-04-20 14:25 32,606 SchedLgU.Txt 07-04-19 18:44 202 NeroDigital.ini 07-04-19 18:27 155 winamp.ini 07-04-19 16:16 160,047 iis6.log 07-04-19 16:16 276,410 comsetup.log 07-04-19 16:16 400,051 tsoc.log 07-04-19 16:16 167,749 ntdtcsetup.log 07-04-19 16:16 1,917 imsins.log 07-04-19 16:16 36,912 ocmsn.log 07-04-19 16:16 516,375 ocgen.log 07-04-19 16:16 51,426 msgsocm.log 07-04-19 16:16 1,011,413 FaxSetup.log 07-04-19 16:16 826,365 setupapi.log 07-04-19 15:51 8,096 setupact.log 07-04-19 14:21 10 smdat32m.sys 07-04-12 09:35 1,374 imsins.BAK 07-04-12 09:35 14,543 KB931784.log 07-04-12 09:33 12,599 KB931261.log 07-04-12 09:33 12,907 KB930178.log 07-04-12 09:33 82,505 updspapi.log 07-04-12 09:32 14,665 KB932168.log 07-04-09 12:37 1,119 win.ini 07-04-03 23:48 15,213 KB925902.log 07-03-20 23:22 227 system.ini 07-03-18 12:30 12,235 KB929338.log 07-03-18 11:00 300,986 DirectX.log 07-03-09 01:02 42,648 zllsputility_loc0407.dll 07-03-09 01:02 75,512 zllsputility.exe 07-03-01 11:36 29,524 WgaNotify.log 07-02-17 13:20 6,090 ModemLog_Bluetooth Modem.txt 07-02-17 13:19 3,716 ModemLog_CXT AC-Link Modem for ALi.txt 07-02-16 14:50 12,552 KB928090-IE7.log 07-02-15 20:25 15,573 KB927779.log 07-02-15 20:24 12,574 KB927802.log 07-02-15 20:24 12,213 KB928255.log 07-02-15 20:24 3,921 KB923723.log 07-02-15 20:24 8,940 KB924667.log 07-02-15 20:24 21,215 KB931836.log 07-02-15 20:24 10,717 KB926436.log 07-02-15 20:24 10,928 KB918118.log 07-02-15 20:23 10,801 KB928843.log 07-01-30 23:03 2,902 COM+.log 07-01-30 21:49 211 uno.ini 07-01-17 17:21 252,619 wmsetup.log 07-01-17 10:51 0 setuperr.log 07-01-12 00:35 3,610 KB929969.log Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: F4D3-0EAE Verzeichnis von C:\WINDOWS\Temp 07-04-20 14:56 256 ZLT02852.TMP 07-04-20 14:56 256 ZLT0284f.TMP 07-04-20 14:52 409 WGANotify.settings 07-04-20 14:52 255 WGAErrLog.txt 07-04-20 14:33 256 ZLT0165f.TMP 07-04-20 14:33 256 ZLT0165c.TMP 6 Datei(en) 1,688 Bytes 0 Verzeichnis(se), 10,643,632,128 Bytes frei Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: F4D3-0EAE Verzeichnis von C:\WINDOWS\Downloaded Program Files 06-12-27 18:46 2,557,752 ImageUploader4.ocx 06-12-27 18:45 377 ImageUploader4.inf 06-06-22 11:41 5,032 swflash.inf 04-04-15 11:33 65 desktop.ini 03-12-19 17:02 126,976 popcaploader.dll 03-12-19 15:43 241 popcaploader.inf 6 Datei(en) 2,690,443 Bytes 0 Verzeichnis(se), 10,643,632,128 Bytes frei Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: F4D3-0EAE Verzeichnis von C:\ 07-04-20 15:25 0 sys.txt 07-04-20 15:25 544 down.txt 07-04-20 15:24 513 tmp.txt 07-04-20 15:24 15,858 system.txt 07-04-20 15:24 124 systemtemp.txt 07-04-20 15:24 101,548 system32.txt 07-04-20 14:54 45 TEST.XML 07-04-20 14:51 535,875,584 hiberfil.sys 07-04-20 14:51 805,306,368 pagefile.sys 07-03-20 23:22 194 boot.ini |
|
|
|
|
|
|
20.04.2007, 15:44
Moderator
Beiträge: 7805 |
#4
Da hat copmbofix einiges an Vorarbeit geleistet.
Mache bitte folgendes: Aktualisiere Antivir, stelle dein Antivir ein, wie hier beschrieben: http://board.protecus.de/t23979.htm starte im abgesicherten Modus: http://www.bsi.bund.de/av/texte/wiederher.htm Nutze die Datentraegerbereinigung(ausser alte Dateien komprimieren) Zusaetzlich noch die Systemwiederherstellung uber "weitere Optionen" saeubern. http://support.microsoft.com/default.aspx?scid=kb;de;315246 Lasse Antivir dort deine Festplatten pruefen und alle Funde in die Quarantäne schieben. Zusaetzlich bitte noch Cureit nutzen Anleitung: http://virus-protect.org/cureit.html Aber bitte den Download von hier nutzen http://freedrweb.com/?lng=de Dann den Rechner neu starten, poste den Bericht, den Antivir und Cureit im abgesicherten Modus erstellt haben und dazu noch ein aktuelles Hijackthis log(vor dem Start Hijackthis.exe in test.com umbenennen). __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
(Gestern hatte ich auch noch probleme mit error safe und drive cleaner, doch nachdem ich spybot search&destroy laufen lassen hab, sind diese probleme bis jetzt nicht mehr aufgetreten, aber ich beobachte das noch)
Ich hoffe ihr könnt mir weiter helfen, aber bedenkt dass ich nur ein Leihe mit beschränkten Kenntnissen bin.
Logfile of HijackThis v1.99.1
Scan saved at 11:20:41, on 20.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\VMConnect.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\bmctl.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\WLANClient\WlanClient.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\bmop.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Jonas\LOKALE~1\Temp\Rar$EX00.637\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uni-bielefeld.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1C7\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EF4B333-F329-4219-A913-DE97E234EDFD}: NameServer = 139.7.30.125 139.7.30.126
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Vielen Dank schonmal vorab!!!
mfg jonas33