VirusBurster immer noch nicht erledigt

#1 Hallo zusammen.

Im letzten Nivember war mein PC vom Virusburster befallen. Hab ihn mit Eurer Hilfe erledigt, habe ich gedacht.

Als ich heute Abend Spybot laufen liess, kamm zum Vorschein, dass der Virusburtser immer noch in der Registry lauert.

Auch unter Hijackthis wurde ausgewertet, dass dieses Virusburster immer noch auf meinem Pc drauf ist.

Hier die das Combo fix Log File:




((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-08 23:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 21:50 <DIR> d-------- C:\Programme\a-squared HiJackFree
2007-07-24 11:50 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-07-24 11:50 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-07-24 11:50 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-07-24 11:50 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-07-24 11:50 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 23:04 --------- d-------- C:\DOKUME~1\NIKLAU~1\ANWEND~1\Skype
2007-08-08 22:59 3752 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-24 11:52 --------- d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2007-07-24 11:52 --------- d-------- C:\Programme\Gemeinsame Dateien\Nokia
2007-07-24 11:51 --------- d-------- C:\Programme\PC Connectivity Solution
2007-07-24 11:50 --------- d-------- C:\Programme\Nokia
2007-07-22 17:48 --------- d-------- C:\Programme\Picasa2
2007-07-11 10:36 75088 --a------ C:\WINDOWS\system32\perfc007.dat
2007-07-11 10:36 417654 --a------ C:\WINDOWS\system32\perfh007.dat
2007-07-06 16:10 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-07-06 16:10 --------- d-------- C:\Programme\Office-Bibliothek
2007-06-20 23:48 --------- d-------- C:\DOKUME~1\NIKLAU~1\ANWEND~1\LimeWire
2007-06-20 11:43 999 --a------ C:\WINDOWS\mozver.dat
2007-06-20 11:37 --------- d-------- C:\DOKUME~1\NIKLAU~1\ANWEND~1\AdobeUM
2007-06-10 22:46 --------- d-------- C:\DOKUME~1\NIKLAU~1\ANWEND~1\Nokia
2007-06-10 18:41 --------- d-------- C:\Programme\Skype
2007-06-10 18:41 --------- d-------- C:\Programme\Gemeinsame Dateien\Skype
2007-05-16 17:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:11 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:11 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:11 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:11 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 10:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2006-02-07 21:35 5279 --a------ C:\WINDOWS\inf\mo4std3.reg
2005-11-22 19:02 5279 --a------ C:\WINDOWS\inf\om68std3.reg
2005-11-22 19:00 5280 --a------ C:\WINDOWS\inf\mt9vstd3.reg
2005-11-22 19:00 5279 --a------ C:\WINDOWS\inf\o766std3.reg
2005-11-22 19:00 5279 --a------ C:\WINDOWS\inf\o764std3.reg
2005-11-22 19:00 5279 --a------ C:\WINDOWS\inf\o763std3.reg
2005-11-22 18:59 5281 --a------ C:\WINDOWS\inf\i268std3.reg
2005-11-22 18:59 5280 --a------ C:\WINDOWS\inf\m36bstd3.reg
2005-11-22 18:59 5280 --a------ C:\WINDOWS\inf\i105std3.reg
2005-11-22 18:59 5279 --a------ C:\WINDOWS\inf\m036std3.reg
2005-11-22 18:58 5281 --a------ C:\WINDOWS\inf\h71gstd3.reg
2005-11-22 18:58 5280 --a------ C:\WINDOWS\inf\h71rstd3.reg


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 03:50]
"Apoint"="C:\Programme\Apoint\Apoint.exe" [2004-11-17 13:47]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Programme\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 18:24]
"ISBMgr.exe"="C:\Programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-22 13:52]
"VAIO Update 3"="C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" [2006-12-19 18:52]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07]
"VAIOCameraUtility"="C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 13:58]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
"TrueImageMonitor.exe"="C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 16:23]
"AcronisTimounterMonitor"="C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 16:29]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-12-06 02:40]
"Acrobat Assistant 7.0"="C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47]
"Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2006-10-17 12:47]
"Switcher.exe"="C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 12:11]
"VAIO Update 2"="C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"Virus-Bursters"="C:\Programme\Virus-Bursters\virus-bursters.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:09]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Microsoft Office Outlook 2003.lnk - C:\WINDOWS\Installer\{91120407-6000-11D3-8CFE-0150048383C9}\outicon.exe [2006-10-05 06:24:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 14:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Bibliothek-Direktsuche.lnk
backup=C:\WINDOWS\pss\Office-Bibliothek-Direktsuche.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"Virus-Bursters"=C:\Programme\Virus-Bursters\virus-bursters.exe /h

R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys
R0 SiFilter;SATALink driver accelerator;C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R0 SiRemFil;SATALink External Device Filter;C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 avgio;avgio;\??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 DMICall;Sony DMI Call service;C:\WINDOWS\system32\DRIVERS\DMICall.sys
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
R2 s24trans;WLAN-Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 avgntflt;avgntflt;\??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
R3 SNC;Sony Notebook Control Device;C:\WINDOWS\system32\Drivers\SonyNC.sys
R3 SNPSTD3;USB PC Camera (SNPSTD3);C:\WINDOWS\system32\DRIVERS\snpstd3.sys
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys
R3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programme\Sony\Image Converter 2\IcVzMon.exe
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;\??\C:\Magix\SAMPLI~1\mxasio.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN-Treiber;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
S3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S3 toshidpt;TOSHIBA Bluetooth HID port driver;C:\WINDOWS\system32\drivers\Toshidpt.sys
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;C:\WINDOWS\system32\drivers\TosRfSnd.sys
S3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
S3 usbvm321;Sony Visual Communication Camera VGP-VCC1;C:\WINDOWS\system32\Drivers\usbvm321.sys
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 23:16:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000063d

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 23:17:45
C:\ComboFix-quarantined-files.txt ... 2007-08-08 23:17
C:\ComboFix2.txt ... 2006-12-03 16:43

--- E O F ---
















Hier das Hijackthis LogFile:





Logfile of HijackThis v1.99.1
Scan saved at 22:49:44, on 08.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\NIKLAU~1\LOKALE~1\Temp\Rar$EX00.125\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu.asp?l=de&u=a&h=0407
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Virus-Bursters] C:\Programme\Virus-Bursters\virus-bursters.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163207926515
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe







Vielen Dank für Eure Hilfe.

#2 Hi,
heute faul, daher einfach:
http://siri.urz.free.fr/Fix/SmitfraudFix_De.php
Anwenden!

Chris

#3 Hi Chris

Danke für den Link. Hab das ausgeführt, aber laut Spybot ist der Virusb. immernoch drauf.


SmitFraudFix v2.210

Scan done at 9:20:58.35, 09.08.2007
Run from C:\Dokumente und Einstellungen\Niklaus Gehring\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6AB82226-09ED-4E3C-9943-D6B5C7B1D190}: DhcpNameServer=62.2.17.61 62.2.24.158 62.2.17.60
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6AB82226-09ED-4E3C-9943-D6B5C7B1D190}: DhcpNameServer=62.2.17.61 62.2.24.158 62.2.17.60
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.2.17.61 62.2.24.158 62.2.17.60
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.2.17.61 62.2.24.158 62.2.17.60


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 Hi,

was sagt den Spybot (genaue Meldung)?
Smithi findet jedenfalls nichts...

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
reinkopieren:
C:\Programme\Virus-Bursters\virus-bursters.exe

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke "yes"

Rechner neu booten, folgendes mit HJ-fixen:
O4 - HKLM\..\Run: [Virus-Bursters] C:\Programme\Virus-Bursters\virus-bursters.exe /h
O21 - SSODL: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - (no file)

Chris

#5 Der einzige Eintrag, den Spybot noch findet:


VirusBurst: Autorun-Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Virus-Bursters


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-08 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-08 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-08 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-08 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-08 Includes\MalwareC.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-08-08 Includes\PUPSC.sbi (*)
2007-08-08 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-08 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-08 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-08 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

#6 Hi,

ja, das ist der oben angegebene Key;
Gehe wie beschrieben vor, dann sollte das "Phantom" verschwunden sein...

chris

#7 Ok. Alles bestens jetzt.

Vielen Dank!!!!