ErrorCleaner,PrivacyProtector, Spyware&MalwareProtection, TaskManager blockiert

#0
20.01.2008, 18:45
...neu hier

Beiträge: 6
#1 Hallo,

ich habe (oder hatte) einen Wurm oder ähnliches, der auf dem Desktop die drei obigen Internetlinks einrichtet und sich alle paar Minuten mit einem Alert bzw. Pop-Up-Fenster meldet. Außerdem konnte ich den Task Manager nicht aufrufen.
Ich bin dann auf dieses Forum gestoßen und habe Combofix laufen lassen. Dann kam allerdings mein Antivirenprogramm (das ich vergessen hatte zu deaktivieren) und hat den Prozess angehalten, ohne dass ich ein LOG-File bekommen hätte (auch bei späteren Versuchen).
Seltsamerweise geht mein Rechner jetzt aber genauso wie vorher, dass heißt, die Internetlinks, die bei jedem Neustart immer wieder auf den Desktop kamen, sind verschwunden, die ALERTS und POPUPS haben aufgehört und ich erreiche auch wieder den Task Manager - scheint alles wieder wie vorher zu sein... (Selbstheilung???)

Zur Sicherheit habe ich aber mit "dss" (Vielen Dank Arnold) einen Scan durchgeführt und stelle das Logfile unten an. Ist mein Rechner jetzt wieder OK und ich muss nichts weiter machen, oder ist das alles eine tickende Zeitbombe??? Kann mir da einer Auskunft geben??

Besten Dank im Voraus





Deckard's System Scanner v20071014.68
Run by Karsten on 2008-01-20 17:55:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-01-20 16:55:06 UTC - RP159 - Deckard's System Scanner Restore Point
1: 2008-01-20 16:40:44 UTC - RP158 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.

[color=red]System Drive C: has 5.01 GiB (less than 15%) free.[/color]


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-20 17:56:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Samsung\AVStation premium\Bin\AVStation Agent.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Programme\ltmoh\ltmoh.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Programme\Samsung\MagicKBD\MagicKBD.exe
C:\Programme\OpenOffice.org 2.2\program\soffice.exe
C:\Programme\OpenOffice.org 2.2\program\soffice.bin
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Karsten\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NAVShExt.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [AVStation premium] "C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O21 - SSODL: aslpmqk - {F4B5EBF6-1ECE-4E40-B119-86A5E4D50E95} - C:\WINDOWS\aslpmqk.dll
O21 - SSODL: bxsnvqt - {295ED0E3-7554-4564-A7BE-5B4AA0CF8DA7} - C:\WINDOWS\bxsnvqt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe


--
End of file - 9505 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].js - unable to read key[/COLOR]
[COLOR=red].js - unable to read key[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 RITCPT - c:\windows\system32\drivers\ritcpt.sys
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok(R)>
R2 DOSMEMIO (MEMIO) - c:\windows\system32\memio.sys
R2 FBAPI - c:\windows\system32\drivers\fbapi.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 wowfilter (WOW XT Filter Driver) - c:\windows\system32\drivers\wowfilter.sys <Not Verified; ; SRS WOW XT for Windows XP>

S2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
S3 catchme - c:\dokume~1\karsten\lokale~1\temp\catchme.sys (file missing)
S3 hdsp - c:\windows\system32\drivers\hdsp.sys <Not Verified; RME; Hammerfall DSP>
S3 Powercore - c:\windows\system32\drivers\pcore.sys <Not Verified; TC Electronic A/S; PowerCore>
S3 SUEPD (SUE NDIS Protocol Driver) - c:\windows\system32\drivers\sue_pd.sys <Not Verified; Samsung; Samsung UPnP Explorer>
S3 SynasUSB - c:\windows\system32\drivers\synasusb.sys <Not Verified; Syncrosoft GmbH; USB protection device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\programme\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 SNM WLAN Service - "c:\programme\samsung\samsung network manager\snmwlanservice.exe"

S2 Samsung Update Plus - "c:\programme\samsung\samsung update plus\slubackgroundservice.exe"
S3 FLEXnet Licensing Service - "c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-06-05 09:03:23 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-07-02 20:02:47 352 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2006-06-17 16:54:43 572 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen - Karsten.job


-- Files created between 2007-12-20 and 2008-01-20 -----------------------------

2008-01-18 20:37:28 90112 --a------ C:\WINDOWS\fknxwqf.exe
2008-01-18 20:37:28 229376 --a------ C:\WINDOWS\bxsnvqt.dll
2008-01-18 20:37:28 196608 --a------ C:\WINDOWS\aslpmqk.dll <Not Verified; ; aslpmqk>


-- Find3M Report ---------------------------------------------------------------

2008-01-20 17:40:28 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-01-20 17:37:25 0 d-------- C:\Dokumente und Einstellungen\Karsten\Anwendungsdaten\OpenOffice.org2
2008-01-18 20:33:11 317168 --a------ C:\WINDOWS\system32\perfh007.dat
2008-01-18 20:33:11 48552 --a------ C:\WINDOWS\system32\perfc007.dat
2008-01-18 09:52:44 0 d-------- C:\Dokumente und Einstellungen\Karsten\Anwendungsdaten\Audacity
2007-12-16 14:13:19 0 d-------- C:\Dokumente und Einstellungen\Karsten\Anwendungsdaten\gtk-2.0
2007-12-10 14:56:57 0 d-------- C:\Dokumente und Einstellungen\Karsten\Anwendungsdaten\Adobe
2007-12-02 01:25:39 0 d-------- C:\Programme\Bonjour
2007-12-02 01:25:34 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2007-12-02 01:12:21 0 d-------- C:\Programme\Gemeinsame Dateien
2007-12-02 01:12:21 0 d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 03:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 03:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 03:10]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 12:48]
"SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 04:12]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 04:11]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 04:01 C:\WINDOWS\AGRSMMSG.exe]
"farstone"="" []
"RestoreIT!"="C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-23 02:27]
"MagicKeyboard"="C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 12:01]
"AVStation premium"="C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe" [2005-07-15 18:42]
"BatteryManager"="C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2005-08-18 09:33]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-03-17 00:06]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2004-08-24 16:33]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 20:05]
"HDSPTray1"="hdsp32.exe" [2001-11-17 13:16 C:\WINDOWS\system32\hdsp32.exe]
"HDSPTray2"="hdspmix.exe" [2001-11-02 16:27 C:\WINDOWS\system32\hdspmix.exe]
"LtMoh"="C:\Programme\ltmoh\Ltmoh.exe" [2004-08-17 02:37]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-05-23 19:58]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 08:41]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16]
"OpwareSE4"="C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 07:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-04 00:11]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"aslpmqk"= {F4B5EBF6-1ECE-4E40-B119-86A5E4D50E95} - C:\WINDOWS\aslpmqk.dll [2008-01-18 20:08 196608]
"bxsnvqt"= {295ED0E3-7554-4564-A7BE-5B4AA0CF8DA7} - C:\WINDOWS\bxsnvqt.dll [2008-01-18 20:08 229376]




-- End of Deckard's System Scanner: finished at 2008-01-20 17:56:55 ------------
Seitenanfang Seitenende
20.01.2008, 19:22
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#2 krentz

Avenger
http://www.virus-protect.org/artikel/tools/avenger.html

Input script manually (anhaken)
die "Lupe" rechts anklicken - View/edit script (wird sich öffnen)

kopiere rein:

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|aslpmqk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|bxsnvqt

Files to delete:
C:\WINDOWS\fknxwqf.exe
C:\WINDOWS\bxsnvqt.dll
C:\WINDOWS\aslpmqk.dll
schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)
- Klicke die grüne Ampel
- das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten

«
Combofix - poste den report
http://www.virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
20.01.2008, 20:19
...neu hier

Themenstarter

Beiträge: 6
#3 ComboFix ging leider nicht - trotz FixPolicies.

Ich habe wieder dss genommen:

Deckard's System Scanner v20071014.68
Run by Karsten on 2008-01-20 20:07:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]System Drive C: has 4.99 GiB (less than 15%) free.[/color]


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-20 20:08:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Samsung\AVStation premium\Bin\AVStation Agent.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Programme\ltmoh\ltmoh.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Programme\Samsung\MagicKBD\MagicKBD.exe
C:\Programme\OpenOffice.org 2.2\program\soffice.exe
C:\Programme\OpenOffice.org 2.2\program\soffice.bin
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Karsten\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NAVShExt.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [AVStation premium] "C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programme\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe


--
End of file - 9329 bytes

-- Files created between 2007-12-20 and 2008-01-20 -----------------------------

Nothing created in this timespan.


-- Find3M Report ---------------------------------------------------------------

2008-01-20 19:42:56 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-01-20 19:42:53 0 d-------- C:\Dokumente und Einstellungen\Karsten\Anwendungsdaten\OpenOffice.org2
2008-01-18 20:33:11 317168 --a------ C:\WINDOWS\system32\perfh007.dat
2008-01-18 20:33:11 48552 --a------ C:\WINDOWS\system32\perfc007.dat
2008-01-18 09:52:44 0 d-------- C:\Dokumente und Einstellungen\Karsten\Anwendungsdaten\Audacity
2007-12-16 14:13:19 0 d-------- C:\Dokumente und Einstellungen\Karsten\Anwendungsdaten\gtk-2.0
2007-12-10 14:56:57 0 d-------- C:\Dokumente und Einstellungen\Karsten\Anwendungsdaten\Adobe
2007-12-02 01:25:39 0 d-------- C:\Programme\Bonjour
2007-12-02 01:25:34 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2007-12-02 01:12:21 0 d-------- C:\Programme\Gemeinsame Dateien
2007-12-02 01:12:21 0 d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 03:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 03:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 03:10]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 12:48]
"SoundMAX"="C:\Programme\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 04:12]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 04:11]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 04:01 C:\WINDOWS\AGRSMMSG.exe]
"farstone"="" []
"RestoreIT!"="C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-09-23 02:27]
"MagicKeyboard"="C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 12:01]
"AVStation premium"="C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe" [2005-07-15 18:42]
"BatteryManager"="C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2005-08-18 09:33]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-03-17 00:06]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2004-08-24 16:33]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 20:05]
"HDSPTray1"="hdsp32.exe" [2001-11-17 13:16 C:\WINDOWS\system32\hdsp32.exe]
"HDSPTray2"="hdspmix.exe" [2001-11-02 16:27 C:\WINDOWS\system32\hdspmix.exe]
"LtMoh"="C:\Programme\ltmoh\Ltmoh.exe" [2004-08-17 02:37]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-05-23 19:58]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 08:41]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16]
"OpwareSE4"="C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 07:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-04 00:11]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]




-- End of Deckard's System Scanner: finished at 2008-01-20 20:08:16 ------------

Gruß

krentz
Seitenanfang Seitenende
20.01.2008, 20:22
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#4 «
wende CCleaner an
http://www.virus-protect.org/ccleaner.html

«
lade complet.bat - poste den report (eventuell als Anhang - sieh unten)
http://www.virus-protect.org/completbat.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
20.01.2008, 20:38
...neu hier

Themenstarter

Beiträge: 6
#5 Ich habe beim Cleaner die Einstellungen aus der Grafik übernommen.
War das richtig???

Gruß

Krentz




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\

2006-08-05 20:36 3,212 4542453.vpc
2005-08-30 09:33 0 AUTOEXEC.BAT
2008-01-20 19:40 1,814 avenger.txt
2006-04-11 20:49 211 boot.ini
2004-08-04 13:00 4,952 bootfont.bin
2005-08-30 09:33 0 CONFIG.SYS
2008-01-20 20:35 0 DC.txt
2008-01-20 19:40 1,071,894,528 hiberfil.sys
2005-08-30 09:33 0 IO.SYS
2007-06-12 20:20 114,711 jahlogfile.txt
2005-08-30 09:33 0 MSDOS.SYS
2004-08-04 13:00 47,564 NTDETECT.COM
2004-08-04 13:00 251,184 ntldr
2008-01-20 19:40 1,610,612,736 pagefile.sys
2007-04-21 14:46 184 Verknpfung (2) mit LACIE (E).lnk
2006-04-19 03:15 184 Verknpfung mit LACIE (E).lnk
16 Datei(en) 2,682,931,280 Bytes
0 Verzeichnis(se), 5,388,414,976 Bytes frei
Seitenanfang Seitenende
20.01.2008, 21:42
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#6 complet.bat - ist, wie der name schon sagt...Komplett ..nicht nur C:\
da gibt es viele Logs, man muss nur richtig lesen, was auf der Site steht...........
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
20.01.2008, 22:13
...neu hier

Themenstarter

Beiträge: 6
#7 Hallo Pinguin,

tut mir leid, wenn ich da was falsch verstanden habe.
Soll ich den letzten Schritt noch einmal durchführen?
In dem Rechner gibt es allerdings nur ein C-Laufwerk.

Gruß

krentz
Seitenanfang Seitenende
20.01.2008, 22:44
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#8 http://www.virus-protect.org/completbat.html
* klicke auf complet.bat

* Der Texteditor wird sich öffnen (kopiere alles mit der rechten Maustaste ab)

* schliesse den Texteditor

* während das Konsolen-Fenster folgendes anzeigt, klicke "enter"

* nun öffnet sich wieder der Texteditor, kopiere wieder alles ab

usw...usw.. usw...

* nun öffnet sich wieder der Texteditor, kopiere wieder alles ab

* nun öffnet sich wieder der Texteditor, kopiere wieder alles ab

* nun öffnet sich wieder der Texteditor, kopiere wieder alles ab

;)

* das wiederholt man, bis alle Logs erhalten wurden (9 Logs)
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
21.01.2008, 10:31
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#9 seufz .. ich hatte vergessen, dir zu schreiben, dass mich die Daten aus dem Mittelalter nicht interessieren - poste von den folgenden logs (die fehlen) nur die letzten 3 Monate ...

«
gleich hinterher, wende Silentrunner an - und poste das log (komplett)
http://www.virus-protect.org/silentrunner.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
23.01.2008, 11:53
...neu hier

Themenstarter

Beiträge: 6
#10 So, ich hoffe, jetzt stimmt's.

Die Complete.bat-Logs und danach das Silent Runners Log.

Gruß

krentz

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\

2006-08-05 20:36 3,212 4542453.vpc
2005-08-30 09:33 0 AUTOEXEC.BAT
2008-01-20 19:40 1,814 avenger.txt
2006-04-11 20:49 211 boot.ini
2004-08-04 13:00 4,952 bootfont.bin
2005-08-30 09:33 0 CONFIG.SYS
2008-01-23 11:31 0 DC.txt
2008-01-20 23:38 114 DP.txt
2008-01-20 23:40 105,508 DSYS32.txt
2008-01-20 23:40 392 Dsystemp.txt
2008-01-20 23:39 4,571 DW.txt
2008-01-20 21:47 223 firstrun3.log
2008-01-23 08:59 1,071,894,528 hiberfil.sys
2005-08-30 09:33 0 IO.SYS
2007-06-12 20:20 114,711 jahlogfile.txt
2005-08-30 09:33 0 MSDOS.SYS
2004-08-04 13:00 47,564 NTDETECT.COM
2004-08-04 13:00 251,184 ntldr
2008-01-20 23:37 885 OC.txt
2008-01-20 23:39 4,398 OP.txt
2008-01-20 23:39 3,305 OW.txt
2008-01-23 08:59 1,610,612,736 pagefile.sys
2008-01-20 23:41 652 prefetch.txt
2008-01-20 21:49 368 RVAXO-results.log
2008-01-20 21:51 1,793 RVAXO-Vfind.log
2007-04-21 14:46 184 Verknpfung (2) mit LACIE (E).lnk
2006-04-19 03:15 184 Verknpfung mit LACIE (E).lnk
27 Datei(en) 2,683,053,489 Bytes
0 Verzeichnis(se), 6,182,293,504 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\

2007-11-11 12:54 <DIR> adaptec
2008-01-20 19:42 <DIR> avenger
2008-01-20 20:05 <DIR> ComboFix
2008-01-20 17:53 <DIR> Deckard
2008-01-19 17:47 <DIR> Dokumente und Einstellungen
2006-04-11 21:14 <DIR> MAGIX
2006-12-02 21:10 <DIR> msdn
2008-01-20 19:39 <DIR> Program Files
2008-01-20 23:18 <DIR> Programme
2008-01-20 17:47 <DIR> QooBox
2006-11-23 09:51 <DIR> RECYCLER
2008-01-20 21:49 <DIR> RVAXO
2008-01-20 17:40 <DIR> System Volume Information
2008-01-23 11:31 <DIR> WINDOWS
0 Datei(en) 0 Bytes
14 Verzeichnis(se), 6,182,293,504 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\Programme



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\Programme

2008-01-20 23:18 <DIR> .
2008-01-20 23:18 <DIR> ..
2007-12-02 01:32 <DIR> Adobe
2005-08-30 09:41 <DIR> Analog Devices
2007-06-02 11:41 <DIR> Apple Software Update
2005-09-03 14:43 <DIR> ATI Technologies
2007-07-10 21:09 <DIR> Audacity
2007-11-11 12:45 <DIR> Audacity 1.3 Beta (Unicode)
2007-12-02 01:25 <DIR> Bonjour
2007-03-03 16:16 <DIR> CamStudio
2007-08-04 11:10 <DIR> Canon
2007-08-04 11:08 <DIR> CanonBJ
2008-01-20 20:26 <DIR> CCleaner
2008-01-20 23:18 <DIR> CleanUp!
2005-08-30 09:30 <DIR> ComPlus Applications
2007-11-11 12:50 <DIR> Csound
2005-08-30 09:49 <DIR> CyberLink
2007-08-16 21:26 <DIR> DivX
2007-07-10 21:10 <DIR> FreeMind
2007-12-02 01:12 <DIR> Gemeinsame Dateien
2007-03-03 16:01 <DIR> GIMP-2.0
2007-06-03 22:00 <DIR> gtk2
2005-08-30 13:47 <DIR> IEEE 802.11 WIRELESS LAN
2007-06-03 00:01 <DIR> Image-Line
2007-06-04 08:25 <DIR> InfraRecorder
2007-10-04 13:04 <DIR> Inkscape
2007-08-04 12:11 <DIR> InstallShield Installation Information
2005-08-30 14:23 <DIR> Intel
2005-08-30 09:33 <DIR> Internet Explorer
2007-06-03 22:01 <DIR> Jahplayer
2007-06-03 22:05 <DIR> Jahshaka
2007-11-02 12:54 <DIR> Java
2007-10-31 15:46 <DIR> Kopie von Messenger
2007-09-19 09:02 <DIR> Lame
2005-08-30 09:42 <DIR> ltmoh
2005-08-30 09:29 <DIR> Messenger
2005-08-30 09:34 <DIR> microsoft frontpage
2007-06-03 22:00 <DIR> mlt
2005-08-30 09:30 <DIR> Movie Maker
2008-01-23 09:10 <DIR> Mozilla Firefox
2007-08-16 21:26 <DIR> Mozilla Thunderbird
2005-08-30 09:29 <DIR> MSN
2005-08-30 09:29 <DIR> MSN Gaming Zone
2005-08-30 09:43 <DIR> MSXML 4.0
2007-10-22 20:03 <DIR> NCH Swift Sound
2005-08-30 09:31 <DIR> NetMeeting
2007-08-04 12:10 <DIR> NewSoft
2006-07-02 20:00 <DIR> Norton AntiVirus
2007-03-03 16:05 <DIR> Onepoint
2005-08-30 09:29 <DIR> Online Services
2005-08-30 09:31 <DIR> Online-Dienste
2007-06-03 22:01 <DIR> OpenLibraries
2007-07-10 21:17 <DIR> OpenOffice.org 2.0
2007-07-10 21:18 <DIR> OpenOffice.org 2.2
2005-08-30 09:30 <DIR> Outlook Express
2007-11-11 12:52 <DIR> pd
2007-05-24 13:32 <DIR> PDFCreator
2007-05-24 13:31 <DIR> PDFCreator Toolbar
2005-08-30 09:44 <DIR> Phoenix Technologies Ltd
2005-08-30 09:45 <DIR> PIC
2007-01-24 19:50 <DIR> Pinnacle
2007-11-15 19:31 <DIR> PokerTH
2007-06-05 11:07 <DIR> QuickTime
2007-05-23 19:58 <DIR> Real
2005-08-30 09:54 <DIR> Samsung
2007-08-04 12:08 <DIR> ScanSoft
2007-07-10 22:04 <DIR> Scribus 1.3.3.8
2006-07-07 09:44 <DIR> Sequoia
2007-07-10 22:10 <DIR> Songbird
2007-11-11 13:14 <DIR> Sonic_visualizer
2007-01-24 16:04 <DIR> Spiele
2005-08-30 09:42 <DIR> SRS Labs
2007-01-24 19:50 <DIR> Steinberg
2005-08-30 09:52 <DIR> Symantec
2005-08-30 09:42 <DIR> Synaptics
2007-01-24 19:40 <DIR> Syncrosoft
2007-08-06 18:23 <DIR> TCWorks
2007-11-11 12:53 <DIR> Traverso
2005-08-30 09:38 <DIR> Uninstall Information
2007-08-09 18:32 <DIR> VstPlugins
2006-12-02 20:59 <DIR> Windows Media Connect 2
2006-12-02 20:59 <DIR> Windows Media Player
2005-08-30 09:29 <DIR> Windows NT
2005-08-30 09:31 <DIR> WindowsUpdate
2005-08-30 09:34 <DIR> xerox
0 Datei(en) 0 Bytes
85 Verzeichnis(se), 6,182,285,312 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\WINDOWS

2008-01-23 09:05 335,606 WindowsUpdate.log
2008-01-23 09:00 50 wiaservc.log
2008-01-23 08:59 159 wiadebug.log
2008-01-23 08:59 2,048 bootstat.dat
2008-01-22 23:25 32,622 SchedLgU.Txt
2008-01-20 20:05 227 system.ini
2008-01-20 16:20 282 Sequoia.INI
2008-01-18 11:29 54,156 QTFont.qfn
2008-01-08 23:34 1,409 QTFont.for
2007-11-25 15:38 44 SMWizard.INI
2007-10-21 12:52 71 PPTVIEW.INI
2007-10-13 06:53 782 Sam6_D.INI


86 Datei(en) 6,365,035 Bytes
0 Verzeichnis(se), 6,182,285,312 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\WINDOWS

2008-01-23 11:31 <DIR> .
2008-01-23 11:31 <DIR> ..
2005-08-30 09:48 <DIR> $hf_mig$
2007-12-02 00:06 <DIR> $MSI31Uninstall_KB893803v2$
2005-08-30 09:46 <DIR> $NtUninstallKB834707$
2005-08-30 09:47 <DIR> $NtUninstallKB867282$
2005-08-30 09:45 <DIR> $NtUninstallKB883523$
2005-08-30 09:48 <DIR> $NtUninstallKB884575$
2005-08-30 09:47 <DIR> $NtUninstallKB885250$
2005-08-30 09:47 <DIR> $NtUninstallKB885835$
2005-08-30 09:48 <DIR> $NtUninstallKB888113$
2005-08-30 09:47 <DIR> $NtUninstallKB890175$
2006-12-02 20:59 <DIR> $NtUninstallKB926239$
2006-12-02 20:59 <DIR> $NtUninstallMSCompPackV1$
2006-12-02 20:58 <DIR> $NtUninstallWMFDist11$
2006-12-02 20:59 <DIR> $NtUninstallwmp11$
2006-12-02 20:57 <DIR> $NtUninstallWudf01000$
2005-08-30 11:20 <DIR> addins
2006-12-02 21:20 <DIR> AppPatch
2005-08-30 11:20 <DIR> Config
2005-08-30 11:20 <DIR> Connection Wizard
2005-08-30 09:29 <DIR> Cursors
2008-01-20 20:31 <DIR> Debug
2007-03-03 14:56 <DIR> Downloaded Installations
2007-08-04 12:09 <DIR> Downloaded Program Files
2005-08-30 09:42 <DIR> Driver Cache
2008-01-20 17:40 <DIR> erdnt
2007-12-02 01:22 <DIR> Fonts
2007-01-24 19:10 <DIR> ftpcache
2007-10-02 14:01 <DIR> Help
2005-08-30 18:18 <DIR> I386
2005-08-30 09:34 <DIR> ime
2007-12-02 00:06 <DIR> inf
2007-12-21 20:33 <DIR> Installer
2005-08-30 11:20 <DIR> java
2007-08-04 12:14 <DIR> Media
2005-08-30 11:23 <DIR> msagent
2005-08-30 11:20 <DIR> msapps
2005-08-30 11:20 <DIR> mui
2005-08-30 09:31 <DIR> Offline Web Pages
2005-08-30 09:42 <DIR> Options
2005-08-30 09:30 <DIR> pchealth
2005-08-30 11:23 <DIR> PeerNet
2008-01-23 11:29 <DIR> Prefetch
2005-08-30 11:20 <DIR> Provisioning
2006-12-02 20:46 <DIR> RegisteredPackages
2006-04-11 20:47 <DIR> Registration
2006-04-11 20:43 <DIR> repair
2005-08-30 11:20 <DIR> Resources
2005-08-30 09:48 <DIR> SBM
2005-08-30 11:24 <DIR> SEC
2007-10-14 22:01 <DIR> security
2006-04-11 22:47 <DIR> SoftwareDistribution
2005-08-30 09:31 <DIR> srchasst
2007-07-07 18:31 <DIR> StartHtmico
2006-11-09 00:17 <DIR> Sun
2007-01-24 19:50 <DIR> system
2008-01-20 21:49 <DIR> system32
2008-01-20 15:16 <DIR> Tasks
2008-01-23 09:00 <DIR> TEMP
2007-08-04 11:08 <DIR> twain_32
2005-08-30 09:31 <DIR> Web
2007-12-02 01:28 <DIR> WinSxS
0 Datei(en) 0 Bytes
63 Verzeichnis(se), 6,182,293,504 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\WINDOWS\system32

2008-01-23 09:00 1,543 Karsten_KBD.ini
2008-01-20 23:30 1,543 Ulli_KBD.ini
2008-01-20 20:44 617,567 RVAXO.bat
2008-01-18 20:33 40,326 perfc009.dat
2008-01-18 20:33 311,938 perfh009.dat
2008-01-18 20:33 317,168 perfh007.dat
2008-01-18 20:33 48,552 perfc007.dat
2008-01-18 20:33 722,932 PerfStringBackup.INI
2008-01-11 14:04 1,158 wpa.dbl
2008-01-03 19:47 49,152 VFind.exe
2007-12-02 11:03 1,404,128 FNTCACHE.DAT
2007-11-02 12:54 5,686 jupdate-1.6.0_03-b05.log
2007-10-16 06:43 30,049 cyclist.exe
2007-10-16 06:06 13,412 pdreceive.exe
2007-10-16 06:06 9,181 pdsend.exe

2153 Datei(en) 433,183,183 Bytes
0 Verzeichnis(se), 6,182,268,928 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\DOKUME~1\Karsten\LOKALE~1\Temp

2008-01-23 09:05 1,530 jusched.log
2008-01-23 09:00 0 JETA7F8.tmp
2008-01-23 09:00 0 JETA4BB.tmp
3 Datei(en) 1,530 Bytes
0 Verzeichnis(se), 6,182,293,504 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 884F-5EB4

Verzeichnis von C:\WINDOWS\Prefetch

2008-01-23 11:34 16,564 NOTEPAD.EXE-336351A9.pf
2008-01-23 11:32 15,226 CMD.EXE-087B4001.pf
2008-01-23 11:29 15,660 CCleaner.EXE-065E2F3F.pf
2008-01-23 11:09 15,846 SNDVOL32.EXE-383480B7.pf
2008-01-23 09:01 31,424 WUAUCLT.EXE-399A8E72.pf
2008-01-23 09:01 957,634 NTOSBOOT-B00DFAAD.pf
2008-01-22 23:23 11,478 REALSCHED.EXE-0A2A7558.pf
2008-01-22 23:23 34,322 REALPLAY.EXE-39F79CBD.pf
2008-01-22 22:46 32,776 LUCOMS~1.EXE-02DB5950.pf
2008-01-22 22:18 61,170 LOGONUI.EXE-0AF22957.pf
2008-01-22 19:34 46,800 POKERTH.EXE-1772A43E.pf
2008-01-21 20:58 16,414 MAKEADHOC.EXE-02FE5DB4.pf
2008-01-21 18:08 15,938 RUNDLL32.EXE-2513C83B.pf
2008-01-21 18:07 11,990 RUNDLL32.EXE-451FC2C0.pf
2008-01-21 18:02 30,384 ACRORD32INFO.EXE-30CEC19C.pf
2008-01-21 07:13 23,000 WORDPAD.EXE-1EFCC5C1.pf
2008-01-21 07:13 8,676 SOFFICE.EXE-08302903.pf
2008-01-21 07:13 43,432 SOFFICE.BIN-101FBE2A.pf
2008-01-21 01:07 106,788 FIREFOX.EXE-1D57670A.pf
2008-01-20 23:33 10,624 TASKMGR.EXE-20256C55.pf
20 Datei(en) 1,506,146 Bytes
0 Verzeichnis(se), 6,182,289,408 Bytes frei





"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"updateMgr" = "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SoundMAXPnP" = "C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]
"SoundMAX" = "C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray" ["Analog Devices, Inc."]
"SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"farstone" = (empty string) [file not found]
"RestoreIT!" = ""C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart" ["FarStone Tech. Inc."]
"MagicKeyboard" = "C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe" [empty string]
"AVStation premium" = ""C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe"" [empty string]
"BatteryManager" = "C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [empty string]
"RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ATIPTA" = ""C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"HDSPTray1" = "hdsp32.exe" ["RME"]
"HDSPTray2" = "hdspmix.exe" ["RME"]
"LtMoh" = "C:\Programme\ltmoh\Ltmoh.exe" ["Agere Systems"]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"SSBkgdUpdate" = ""C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Nuance Communications, Inc."]
"OpwareSE4" = ""C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"" ["ScanSoft, Inc."]
"WrtMon.exe" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = "Canon Easy Web Print Helper"
-> {HKLM...CLSID} = "EWPBrowseObject Class"
\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PDFCreator Toolbar Helper"
\InProcServer32\(Default) = "C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{E3575A69-CBCB-42D4-89F1-49CF96A26654}" = "Samsung Screen Manager"
-> {HKLM...CLSID} = "ExtConMenu Class"
\InProcServer32\(Default) = "C:\Programme\Samsung\Samsung Smart Screen\Extcon.dll" [empty string]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.2\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
CopyLocationShl\(Default) = "{E3575A69-CBCB-42D4-89F1-49CF96A26654}"
-> {HKLM...CLSID} = "ExtConMenu Class"
\InProcServer32\(Default) = "C:\Programme\Samsung\Samsung Smart Screen\Extcon.dll" [empty string]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
CopyLocationShl\(Default) = "{E3575A69-CBCB-42D4-89F1-49CF96A26654}"
-> {HKLM...CLSID} = "ExtConMenu Class"
\InProcServer32\(Default) = "C:\Programme\Samsung\Samsung Smart Screen\Extcon.dll" [empty string]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "Karsten" & "All Users" startup folders:
---------------------------------------------------------

C:\Dokumente und Einstellungen\Karsten\Startmenü\Programme\Autostart
"OpenOffice.org 2.0" -> shortcut to: "C:\Programme\OpenOffice.org 2.0\program\quickstart.exe" [file not found]
"OpenOffice.org 2.2" -> shortcut to: "C:\Programme\OpenOffice.org 2.2\program\quickstart.exe" [null data]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}"
-> {HKLM...CLSID} = "PDFCreator Toolbar"
\InProcServer32\(Default) = "C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" = "PDFCreator Toolbar"
-> {HKLM...CLSID} = "PDFCreator Toolbar"
\InProcServer32\(Default) = "C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data]
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [null data]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programme\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
SNM WLAN Service, SNM WLAN Service, ""C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe"" [null data]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Programme\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP530\Driver = "CNMLM7R.DLL" ["CANON INC."]
Canon MP FAX Language Monitor MP530\Driver = "CNCF2La.DLL" ["Canon Inc."]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]


---------- (launch time: 2008-01-23 11:38:58)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 145 seconds.
---------- (total run time: 198 seconds)
Seitenanfang Seitenende
23.01.2008, 13:04
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#11 krentz

mit dem Anwenden von avenger, scheine ich alle viren "erwischt" zu haben ..
scanne mit Bitdefender + poste den Report hier
http://board.protecus.de/t8642.htm
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
23.01.2008, 20:53
...neu hier

Themenstarter

Beiträge: 6
#12 So, ich hoffe, es war korrekt, die html-Datei anzuhängen.
Ich musste allerdings vorher das Suffix in *.txt ändern, sonst ging's nicht
Da schien noch ein Virus drin zu sein?!

Bis hierhin schon einmal vielen, vielen Dank.
Seit dem avanger spielt der Rechner so, wie früher.

Beste Grüße

krentz

Zitat

C:\avenger\backup.zip=>avenger/fknxwqf.exe - Infected with: Trojan.Downloader.Zlob.ABIJ

C:\Deckard\System Scanner\20080120200614\backup\DOKUME~1\Karsten\LOKALE~1\Temp\BIT5.tmp - Infected with: Trojan.Downloader.Zlob.ABIJ

>C:\System Volume Information\_restore{4CDC47E0-F463-419A-B29E-003C0D69DDF8}\RP159\A0027342.exe - Infected with: Trojan.Downloader.Zlob.ABIJ


Seitenanfang Seitenende
26.01.2008, 11:57
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#13 krentz

lösche bitte: C:\avenger\backup.zip + leere den Papierkorb, dann sollte wieder alles o.k. sein ;)
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende