Virenmeldungen sind nicht wegzukriegen

#0
28.07.2007, 19:12
...neu hier

Beiträge: 1
#1 Hallo:
Ich bekomme mehrere Virenmeldungen mit verschiedenen Antivirenprogrammen. Die koennen sie aber nicht aus meinem Computer entfernen. Die (angeblichen) Viren zeigen aber kein Wirken auf mein Computer.
Dennoch, ich bin besorgt, dass sie doch eine Gefahr darstellen. Kann mich bitte jemand orientieren? Danke

Die Virenmeldungen und Antivirenprogramme sind folgende:

Spyware Doctor

Trojan.Downloader.Small.CML
will attempt to connect to a pre-determined website and download additional malware. It will also download a list of commands to execute.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winkve32

CWS
Tipo - Favourite
Infección - http://www.terra.es/television/ : C:\Documents and Settings\Mi ordenador\Datos de programa\Mozilla\Firefox\Profiles/e59h9z39.default\bookmarks.htmlTELEVISION · Canal Televisión · Terra


Trojan PWS. Tanspy
Will install itself on to an infected computer as a Browser Helper Object. This Trojan will then be activated each time an instance of Internet Explorer
is launched
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load

Ad-Aware

Name:Adware.CDN
Category:Malware
Object Type:Regkey
Size:8 Bytes
Location:HKEY_LOCAL_MACHINE\
software\microsoft\internet explorer\activex compatibility\{9a578c98-3c2f-4630-890b-fc04196ef420}
Last Activity:28-07-2007
Relevance:Low
TAC index:8
Comment:
Description:Adware.CDN is malware which can cause heavy downloading. Adware.CDN causes a lot of pop-ups and can make the system unstable.

Name:Adware.CDN
Category:Malware
Object Type:RegValue
Size:4 Bytes
Location:HKEY_LOCAL_MACHINE\
software\microsoft\internet explorer\activex compatibility\{9a578c98-3c2f-4630-890b-fc04196ef420} "Pst"
Last Activity:28-07-2007
Relevance:Low
TAC index:8
Comment:
Description:Adware.CDN is malware which can cause heavy downloading. Adware.CDN causes a lot of pop-ups and can make the system unstable.

Name:Adware.CDN
Category:Malware
Object Type:Regkey
Size:0 Bytes
Location:software\microsoft\internet explorer\menuext\
Last Activity:28-07-2007
Relevance:Low
TAC index:8
Comment:
Description:Adware.CDN is malware which can cause heavy downloading. Adware.CDN causes a lot of pop-ups and can make the system unstable.


Spybot

Virtumonde: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winkve32


Jetzt meine Logdaten:


Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 14:03:50, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Antivirus\bin\OPT_SecS.exe
C:\Archivos de programa\Antivirus\bin\kavss.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Seguridad\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\COMUNI~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\Antivirus\bin\OPT_GUI.exe
C:\Seguridad\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Comunicacion\Spybot\TeaTimer.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Archivos de programa\Antivirus\bin\OPT_PMON.exe
C:\WINDOWS\explorer.exe
C:\ARCHIV~1\COMUNI~1\FIREFOX\FIREFOX.EXE
C:\Seguridad\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - {24870D7E-9CE4-B64E-9D9C-9FFC2F80E1C1} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\COMUNI~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\COMUNI~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\Comunicacion\iTunes\iTunesHelper.ese"
O4 - HKLM\..\Run: [OPTENET_OPTGUI_AV_TDE] C:\Archivos de programa\Antivirus\bin\OPT_GUI.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Seguridad\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Comunicacion\Spybot\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_03) -
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{577B15C9-FCFF-43D1-A9F7-E68860D41469}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Antivirus - Telefónica de España - C:\Archivos de programa\Antivirus\bin\OPT_SecS.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Seguridad\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\Comunicacion\iPod\bin\iPodService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Seguridad\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Seguridad\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



ComboFix Log:

"Mi ordenador" - 2007-07-28 13:54:05 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))


2007-07-28 13:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 23:22 <DIR> d-------- C:\WINDOWS\system32\es-es
2007-07-25 23:17 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-25 16:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-23 17:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DATOSD~1\DivX
2007-07-18 20:43 <DIR> dr------- C:\DOCUME~1\LOCALS~1\Favoritos
2007-07-18 20:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATOSD~1\Talkback
2007-07-18 20:27 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-18 20:27 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-18 20:27 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-18 20:27 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-18 20:27 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-18 20:27 <DIR> d-------- C:\DOCUME~1\MIORDE~1\DATOSD~1\PC Tools
2007-07-18 20:26 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-11 22:48 <DIR> d-------- C:\DOCUME~1\Lorenzo\DATOSD~1\DivX
2007-07-11 16:35 <DIR> d-------- C:\DOCUME~1\MIORDE~1\DATOSD~1\DivX
2007-07-11 16:34 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-11 16:34 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-11 16:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-11 16:21 323,144 --a------ C:\WINDOWS\OptCheck.exe
2007-07-11 16:21 183,752 --a------ C:\WINDOWS\OptErase.exe
2007-07-06 13:01 <DIR> d-------- C:\Archivos de programa\Windows Media Connect 2
2007-07-06 12:59 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-06 12:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-02 21:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 21:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 21:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 21:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 21:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 21:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 21:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 21:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 21:37 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 21:37 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 21:37 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 21:37 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 21:37 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 21:37 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 21:37 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-02 21:37 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-02 21:36 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 21:36 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-06-30 13:07 <DIR> d-------- C:\Archivos de programa\Antivirus


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-27 15:49:39 69,112 ----a-w C:\WINDOWS\system32\perfc00A.dat
2007-07-27 15:49:39 440,278 ----a-w C:\WINDOWS\system32\perfh00A.dat
2007-07-02 19:41:10 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 19:41:10 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 19:41:10 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-06-30 22:28:33 -------- d-----w C:\Archivos de programa\Comunicacion
2007-06-20 14:29:12 -------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2007-06-09 21:23:43 -------- d--h--w C:\Archivos de programa\InstallShield Installation Information


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 16:49 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 13:48 C:\WINDOWS\system32\TPSMain.exe]
"Zone Labs Client"="C:\ARCHIV~1\COMUNI~1\ZONEAL~1\zlclient.exe" [2003-11-15 17:20]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Archivos de programa\Comunicacion\iTunes\iTunesHelper.ese" []
"OPTENET_OPTGUI_AV_TDE"="C:\Archivos de programa\Antivirus\bin\OPT_GUI.exe" [2007-07-11 16:20]
"!AVG Anti-Spyware"="C:\Seguridad\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 12:00]
"@"="" []
"SpybotSD TeaTimer"="C:\Archivos de programa\Comunicacion\Spybot\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Microsoft Office.lnk - C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R2 Antivirus;Antivirus;C:\Archivos de programa\Antivirus\bin\OPT_SecS.exe
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\netdevio.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 ApfiltrService;Alps Pointing-device Filter Driver;C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
R3 w29n51;Controlador de la Conexi¢n de red Intel(R) PRO/Wireless 2200BG para Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 Tvs;Toshiba Virtual Sound with SRS technologies;C:\WINDOWS\system32\DRIVERS\Tvs.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 13:55:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-28 13:56:32
C:\ComboFix-quarantined-files.txt ... 2007-07-28 13:56

--- E O F ---

datfind. txt:

El volumen de la unidad C es Disco local
El n£mero de serie del volumen es: 44FC-80D5

Directorio de C:\WINDOWS\system32

28/07/2007 13:53 526 vsconfig.xml
28/07/2007 11:50 189.792 FNTCACHE.DAT
27/07/2007 20:36 28.714 iklog.log
27/07/2007 17:49 69.112 perfc00A.dat
27/07/2007 17:49 380.684 perfh009.dat
27/07/2007 17:49 440.278 perfh00A.dat
27/07/2007 17:49 53.098 perfc009.dat
27/07/2007 17:49 950.924 PerfStringBackup.INI
26/07/2007 15:46 1.158 wpa.dbl
22/07/2007 18:39 279.552 swreg.exe
06/07/2007 13:06 23.392 nscompat.tlb
06/07/2007 13:06 16.832 amcompat.tlb
02/07/2007 21:41 4.816 divxsm.tlb
02/07/2007 21:41 524.288 DivXsm.exe
02/07/2007 21:41 3.596.288 qt-dx331.dll
02/07/2007 21:41 183.032 PxMas.dll
02/07/2007 21:41 72.440 pxhpinst.exe
02/07/2007 21:41 379.640 PxWave.dll
02/07/2007 21:41 502.520 pxdrv.dll
02/07/2007 21:41 1.329.912 pxsfs.dll
02/07/2007 21:41 116.472 pxcpyi64.exe
02/07/2007 21:41 118.520 pxinsi64.exe
02/07/2007 21:41 527.096 Px.dll
02/07/2007 21:41 64.760 pxcpya64.exe
02/07/2007 21:41 64.760 pxinsa64.exe
02/07/2007 21:41 129.784 pxafs.dll
02/07/2007 21:41 39.672 vxblock.dll
02/07/2007 21:41 1.044.480 libdivx.dll
02/07/2007 21:41 200.704 ssldivx.dll
02/07/2007 21:37 73.728 dpl100.dll
02/07/2007 21:37 196.608 dtu100.dll
02/07/2007 21:37 53.248 dpuGUI10.dll
02/07/2007 21:37 593.920 dpuGUI11.dll
02/07/2007 21:37 344.064 dpus11.dll
02/07/2007 21:37 57.344 dpv11.dll
02/07/2007 21:37 294.912 dpu10.dll
02/07/2007 21:37 294.912 dpu11.dll
02/07/2007 21:37 823.296 divx_xx07.dll
02/07/2007 21:37 823.296 divx_xx0c.dll
02/07/2007 21:37 802.816 divx_xx11.dll
02/07/2007 21:37 740.442 DivX.dll
02/07/2007 21:37 638.976 divxdec.ax
02/07/2007 21:37 352.401 DivXMedia.ax
02/07/2007 21:36 12.288 DivXWMPExtType.dll
02/07/2007 21:36 124.472 DivXCodecUpdateChecker.exe
28/06/2007 09:57 16.256.984 MRT.exe
25/06/2007 00:37 74 ProcessMonitor.log
25/06/2007 00:37 0 Threads.log
08/05/2007 10:59 3.583.488 mshtml.dll


Directorio de C:\DOCUME~1\MIORDE~1\CONFIG~1\Temp

28/07/2007 14:06 105.510 datfind.txt
1 archivos 105.510 bytes
0 dirs 24.775.143.424 bytes libres
.

Directorio de C:\WINDOWS

28/07/2007 13:53 0 0.log
28/07/2007 13:52 1.700.936 WindowsUpdate.log
28/07/2007 13:52 2.048 bootstat.dat
28/07/2007 13:51 32.654 SchedLgU.Txt
28/07/2007 12:22 206.627 setupact.log
27/07/2007 18:03 379 ODBC.INI
27/07/2007 17:49 196.874 ntdtcsetup.log
27/07/2007 17:49 140.251 iis6.log
27/07/2007 17:49 315.435 comsetup.log
27/07/2007 17:49 500.421 ocgen.log
27/07/2007 17:49 51.966 ocmsn.log
27/07/2007 17:49 368.612 tsoc.log
27/07/2007 17:49 1.917 imsins.log
27/07/2007 17:49 899.081 FaxSetup.log
27/07/2007 17:49 54.905 msgsocm.log
27/07/2007 17:49 106.312 setupapi.log
27/07/2007 17:49 4.566 imsins.BAK
27/07/2007 17:46 61.188 wmsetup.log
26/07/2007 17:38 5.107.174 ntbtlog.txt
26/07/2007 16:16 27.065 KB933566-IE7.log
26/07/2007 16:16 97.092 updspapi.log
26/07/2007 16:15 16.149 KB929969.log
25/07/2007 23:29 57.053 spupdsvc.log
25/07/2007 23:24 22.620 ie7_main.log
25/07/2007 23:23 47.318 ie7.log
25/07/2007 23:19 8.449 IDNMitigationAPIs.log
25/07/2007 23:19 8.152 NLSDownlevelMapping.log
25/07/2007 23:18 7.285 KB915865.log
25/07/2007 23:17 6.185 KB914440.log
25/07/2007 23:16 14.892 KB904942.log
23/07/2007 17:45 69 NeroDigital.ini
20/07/2007 00:47 109.056 catchme.exe
18/07/2007 20:27 62 SpywareDoctor5Install.log
17/07/2007 17:44 15.272 KB936357.log
11/07/2007 23:20 20.178 EventSystem.log
09/07/2007 17:46 216 wiadebug.log
09/07/2007 17:24 930.963 setuplog.txt
09/07/2007 14:29 50 wiaservc.log
06/07/2007 13:04 893 wmsetup10.log
06/07/2007 13:03 7.989 KB926239.log
06/07/2007 13:02 5.452 MSCompPackV1.log
06/07/2007 13:02 17.846 wmp11.log
06/07/2007 13:02 899 win.ini
06/07/2007 13:00 25.824 WMFDist11.log
06/07/2007 13:00 316.640 WMSysPr9.prx
06/07/2007 12:59 12.891 Wudf01000Inst.log
01/07/2007 00:30 183.752 OptErase.exe
01/07/2007 00:30 323.144 OptCheck.exe
30/06/2007 17:56 1.037.724 setupapi.log.0.old
30/06/2007 17:51 6.587 WgaNotify.log
20/06/2007 16:30 21.274 KB935839.log
20/06/2007 16:29 20.908 KB935840.log
20/06/2007 16:29 39.969 KB933566.log
20/06/2007 16:29 8.837 KB927891.log
20/06/2007 16:29 13.583 KB930916.log
20/06/2007 16:24 8.247 KB892130.log
17/06/2007 00:11 51.200 nircmd.exe
03/05/2007 11:31 19.751 KB932168.log
03/05/2007 11:30 13.388 KB931261.log
03/05/2007 11:30 13.647 KB930178.log
03/05/2007 11:30 15.109 KB931784.log


Directorio de C:\WINDOWS\temp

28/07/2007 13:52 256 ZLT02e66.TMP
1 archivos 256 bytes
0 dirs 24.775.131.136 bytes libres


Directorio de C:\WINDOWS\Downloaded Program Files

09/06/2007 23:23 282.756 Setup.dll
Seitenanfang Seitenende
28.07.2007, 23:49
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

R3 - URLSearchHook: (no name) - {24870D7E-9CE4-B64E-9D9C-9FFC2F80E1C1} - blank (file missing)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} –
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} –
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\

klicke: Fix checked

Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Vielleicht hilft zuerst ein Online Scan mit NOD32
Nod32 Onlinescanner Bèta
www.eset.com/threat-center/cac.php
Klicke Start
Haacke an “accept the terms of Use”
Klicke Start
Installiere “OnlineScanner.cab
Setze ein häckchen bei “Remove found threats”
Starte

Scanne mit DrWeb http://board.protecus.de/t29350.htm

Der rest ist alles Spanisch für mich,du kannst besser zu http://www.forospyware.com/
gehen ;)

Ich kann leider keinen Response mehr geben (Ferien)
__________
MfG Argus
Dieser Beitrag wurde am 29.07.2007 um 00:29 Uhr von Arnold editiert.
Seitenanfang Seitenende