Werbung
Video ActiveX Object
arbeite das avengerscript ab (videoactive.zip laden -
entpacken und den videoactive.txt anwenden) - danach scanne mit smitfraudfix
Hinweis: falls Windows nicht auf
C:\ installiert ist, muss der Laufwerkbuchstabe im Script verändert werden
Avenger
avenger.zip
lade videaoactive.zip - entpacken auf dem Desktop
videoactive.zip
die videoactive.txt auf dem Desktop entpacken
öffne den Avenger
Load Script from file: - klicke rechts das gelbe Symbol
videoactive.txt - suchen - videoactive.txt anklicken - öffnen klicken
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
smitfrautfix
|
Combofix
2006-11-28 16:59 77,824 --a------ C:\WINDOWS\system32\
dbqlrij.dll
2006-11-28 16:59 -DIR- d-------- C:\Programme\Virus-Bursters
2006-11-28 16:59 -DIR- d-------- C:\Programme\Video ActiveX Object
2006-11-30 20:09 77,824 --a------ C:\WINDOWS\system32\
xxfgmy.dll
2006-11-30 20:08 -DIR- d-------- C:\Programme\Video ActiveX Object
2006-12-04 17:48 17,920 --a------ C:\WINDOWS\system32\
vcehaeb.dll
2006-12-04 17:48 DIR d-------- C:\Programme\Video ActiveX Object
2006-12-07 03:41 18,432 --a------ C:\WINDOWS\system32\
xqpauzx.dll
2006-12-10 14:57 DIR d-------- C:\Programme\SpywareHeal
2006-12-10 14:30 DIR d-------- C:\Programme\Video ActiveX Object
2006-12-02 20:52 77,824 --a------ C:\WINDOWS\system32\
xxfgmy.dll
2006-12-02 20:52 DIR d-------- C:\Programme\Video ActiveX Object
2006-11-18 21:08 DIR d-------- C:\Programme\Perfect Codec
2006-12-18 01:11 20,992 --a------ C:\WINDOWS\system32\
hjpprpu.dll
2006-12-16 15:44 19,456 --a------ C:\WINDOWS\system32\
qrzsyr.dll
2006-12-16 15:44 DIR d-------- C:\Programme\Video ActiveX Object
+
{EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\
nzdd.dll
2006-12-13 22:42 19,456 --a------ C:\WINDOWS\system32\
rosdzop.dll
2006-12-13 22:42 DIR d-------- C:\Programme\Video ActiveX Object
2006-12-22 16:56 DIR d-------- C:\Programme\AntiVermins
2006-12-22 16:32 20,992 --a------ C:\WINDOWS\system32\
vwfps.dll
2006-12-22 16:32 DIR d-------- C:\Programme\Video ActiveX Object
2006-12-26 14:14 DIR d-------- C:\Programme\SpywareHeal
2006-12-25 18:17 DIR d-------- C:\Programme\AntiVermins
2006-12-25 18:15 20,992 --a------ C:\WINDOWS\system32\cthkpcv.dll
2006-12-25 18:15 DIR d-------- C:\Programme\Video ActiveX Object
Download Registry Search by Bobbi Flekman -
regsearch
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)
Video ActiveX Object
in edit und klicke "Ok". Notepad wird sich öffnen
---------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}\InprocServer32]
@="C:\\Programme\\Video ActiveX Object\\isaddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}\InprocServer32]
@="C:\\Programme\\Video ActiveX Object\\iesplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}\InprocServer32]
@="C:\\Programme\\Video ActiveX Object\\isaddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"
"isamini.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"wininet.dll"=""
"none"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006]
"UninstallString"="\"C:\\Programme\\Video ActiveX Object\\iesuninst.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On]
"UninstallString"="\"C:\\Programme\\Video ActiveX Object\\isauninst.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03]
"UninstallString"="\"C:\\Programme\\Video ActiveX Object\\pmuninst.exe\""
[HKEY_USERS\S-1-5-21-1949208750-3513126244-1450059325-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\Video ActiveX Object\\isamonitor.exe"="isamonitor"
"C:\\Programme\\Video ActiveX Object\\pmsngr.exe"="pmsngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object]
"DisplayName"="Video ActiveX Object 2.07"
"UninstallString"="C:\\Programme\\Video ActiveX Object\\uninst.exe"
"DisplayIcon"="C:\\Programme\\Video ActiveX Object\\uninst.exe"
"Publisher"="Video ActiveX Object Software"
Verzeichnis von C:\Programme\Video ActiveX Object
28.11.2006 16:59 25.600 iesplugin.dll
28.11.2006 16:59 13.824 iesuninst.exe
29.11.2006 15:38 12.288 isaddon.dll
29.11.2006 15:38 5.632 isamini.exe
28.11.2006 16:59 30.208 isamonitor.exe
28.11.2006 16:59 14.848 isauninst.exe
28.11.2006 16:59 4.286 ot.ico
29.11.2006 15:38 2.856 pmmon.exe
28.11.2006 16:59 11.600 pmsngr.exe
28.11.2006 16:59 28.672 pmuninst.exe
28.11.2006 16:59 4.286 ts.ico
Verzeichnis von C:\Programme\Virus-Bursters
24.11.2006 04:25 1.372.160 Virus-Bursters.exe
28.11.2006 17:03 356 virusburster.ini
videoactive.txt
Avengerscript
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{18668683-731c-48fa-b1b9-ad013748fb00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|none
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|ISHOST.EXE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|issearch.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|kernel32.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\%s
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|benumbment
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{af4fd984-a939-4c32-82b2-8bae7abe9aec}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|emptins
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{588599f4-de26-4c28-ba14-f4eb17e33481}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|expatriates
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{1a01a98c-4f25-42e1-971a-185cf63569b2}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|flammei
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{9d635a36-6b3c-4146-8625-f3aaf507bbf8}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|blippers
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{f2efa195-4785-4db1-9316-b48c64bb71da}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|gloomily
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|impasse
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{bb720bab-2f75-456b-a850-04d77b20f6b8}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|boob
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{01b55afa-f451-474b-9e91-c35b24d02641}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|astral
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|articulation
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{8dc1f789-e073-4363-b40d-07376bc5ecc5}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|haematobia
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|hydrodictyon
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b166be07-30a4-4d38-b781-44528a630706}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|beeper
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{951a98d0-dad6-4a77-8280-a494279a884b}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|buprestidae
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|Virus-Bursters
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusBurster
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SNM
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|DllRunning
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVermins
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusRescue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SpywareHeal
registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1771E3F7-9819-4C60-A806-ACFDAE55A58B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{951a98d0-dad6-4a77-8280-a494279a884b}
HKLM\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKLM\SOFTWARE\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}
HKLM\SOFTWARE\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}
HKLM\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}
HKLM\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec
HKLM\SOFTWARE\Classes\CLSID\{af4fd984-a939-4c32-82b2-8bae7abe9aec}
HKLM\SOFTWARE\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}
HKLM\SOFTWARE\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}
HKLM\SOFTWARE\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}
HKLM\SOFTWARE\Classes\CLSID\{f2efa195-4785-4db1-9316-b48c64bb71da}
HKLM\SOFTWARE\Classes\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}
HKLM\SOFTWARE\Classes\CLSID\{bb720bab-2f75-456b-a850-04d77b20f6b8}
HKLM\SOFTWARE\Classes\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}
HKLM\SOFTWARE\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}
HKLM\SOFTWARE\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D}
HKLM\SOFTWARE\Classes\CLSID\{f4d74aaa-a178-4463-846b-b4bc87a024e0}
HKLM\SOFTWARE\Classes\CLSID\{18668683-731c-48fa-b1b9-ad013748fb00}
HKLM\SOFTWARE\Classes\CLSID\{EBCDDA60-2A68-11D3-8A43-0060083CFB9C}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Virus-Bursters
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virus-bursters.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6470B552-2B54-4AAB-BFA2-9376A5328AEC}
HKLM\SOFTWARE\VirusBurster
HKLM\SOFTWARE\Virus-Bursters
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Bursters
HKLM\SOFTWARE\Classes\TypeLib\{F83E8F99-AE49-45D6-92B4-59854BF0A759}
HKLM\SOFTWARE\Classes\TypeLib\{C97C3B7C-E022-4FA8-B1A7-1C28270FFAFF}
HKLM\SOFTWARE\Classes\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}
HKLM\SOFTWARE\Classes\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBCDDA60-2A68-11D3-8A43-0060083CFB9C}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1771E3F7-9819-4C60-A806-ACFDAE55A58B}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67270207-b9ee-4d26-9270-860fdb060ca1}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4d74aaa-a178-4463-846b-b4bc87a024e0}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKLM\SOFTWARE\Classes\CLSID\{67270207-b9ee-4d26-9270-860fdb060ca1}
HKLM\software\microsoft\shared tools\msconfig\startupreg\PestTrap
HKLM\software\microsoft\shared tools\msconfig\startupreg\VirusBurster
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Perfect Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560}
HKLM\SOFTWARE\AntiVermins
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFA75D89-F998-4F7C-B1BF-D7BCB85DFB2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\SpywareHeal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareHeal.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareHeal
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareHeal
Files to delete:
C:\WINDOWS\system32\dbqlrij.dll
C:\WINDOWS\system32\xxfgmy.dll
C:\WINDOWS\system32\tpedvf.dll
C:\WINDOWS\system32\vcehaeb.dll
C:\WINDOWS\system32\xqpauzx.dll
C:\WINDOWS\system32\mlraakb.dll
C:\WINDOWS\System32\rosdzop.dll
C:\WINDOWS\system32\qrzsyr.dll
C:\WINDOWS\system32\olnohdw.dll
C:\WINDOWS\system32\hzclqhc.dll
C:\WINDOWS\system32\gqagksr.dll
C:\WINDOWS\system32\hjpprpu.dll
C:\WINDOWS\system32\cwfsoopt.dll
C:\WINDOWS\system32\vwfps.dll
C:\WINDOWS\system32\cthkpcv.dll
C:\WINDOWS\system32\ixt1.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\ts.ico
C:\WINDOWS\System32\res.dll
C:\WINDOWS\system32\nzdd.dll
C:\WINDOWS\system32\pbdev2.dll
C:\WINDOWS\System32\wnafdlyd.dll
C:\Temp\vb_distrib.exe
C:\Temp\vb_distrib(2).exe
C:\Dokumente und Einstellungen\%Username%\run.exe
C:\Dokumente und Einstellungen\%Username%\bearkey.exe
C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url
C:\Dokumente und Einstellungen\%Username%\Favoriten\Online Security Test.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url
C:\Dokumente und Einstellungen\%UserName%\Desktop\Virus-Bursters.lnk
C:\Dokumente und Einstellungen\%UserName%\Desktop\vb_distrib.exe
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\VirusBurster 6.3.lnk
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\AntiVermins 2.1.lnk
C:\Dokumente und Einstellungen\%Username%\Startmenü\AntiVermins 2.1.lnk
C:\Dokumente und Einstellungen\%UserName%\Desktop\AntiVermins.lnk
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\VBLanguage.ini
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\vb49.exe
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\SpywareHeal 2.2.lnk
C:\Dokumente und Einstellungen\%Username%\Desktop\SpywareHeal.lnk
C:\Dokumente und Einstellungen\%Username%\Startmenü\SpywareHeal 2.2.lnk
Folders to delete:
C:\Programme\Video ActiveX Object
C:\Programme\System Alert Popup
C:\Programme\VirusBurster
C:\Programme\Virus-Bursters
C:\Programme\AntiVermins
C:\Programme\DriveCleaner 2006 Free
C:\Programme\IntCodec
C:\WINDOWS\system32\components
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\~nsu.tmp
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\Virus-Bursters
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\VirusBurster
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\AntiVermins
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\VirusRescue
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\DriveCleaner 2006 Free
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\SpywareHeal
C:\Program Files\PestTrap
C:\Programme\SpyNoMore
C:\Programme\Perfect Codec
C:\Programme\iVideoCodec
C:\Programme\SoftCodec
C:\Programme\QualityCodec
C:\Programme\Safety Bar
C:\Programme\VirusRescue
C:\Programme\SpywareHeal
|
HijackThis
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Programme\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programme\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\System32\ixt1.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt0.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Programme\Video ActiveX Object\iesplugin.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Programme\Video ActiveX Object\iesplugin.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Programme\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [VirusBurster] C:\Programme\VirusBurster\virusburster.exe /h
O2 - BHO: PBDEV2 - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - C:\WINDOWS\system32\pbdev2.dll
O3 - Toolbar: PBDEV2 - {4E7BD74F-2B8D-469E-A0E8-FA68B685FA7D} - C:\WINDOWS\system32\pbdev2.dll
O21 - SSODL: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - C:\WINDOWS\system32\dbqlrij.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll
O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - C:\WINDOWS\system32\xqpauzx.dll
O21 - SSODL: gloomily - {9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f} - C:\WINDOWS\system32\mlraakb.dll
O21 - SSODL: beeper - {951a98d0-dad6-4a77-8280-a494279a884b} - C:\WINDOWS\system32\vwfps.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"isamini.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"
2006-12-14 17:51 60,080 --a------ C:\Dokumente und Einstellungen\%Username%\
run.exe
2006-12-14 17:51 233,959 --a------ C:\Dokumente und Einstellungen\%Username%\
bearkey.exe
2006-12-14 17:51 19,456 --a------ C:\WINDOWS\system32\qrzsyr.dll
run.exe - File size: 60080 bytes
AntiVir 7.3.0.19 12.15.2006 DR/Zlob.Gen
AVG 386 12.15.2006 Downloader.Zlob.FWR
BitDefender 7.2 12.16.2006 Trojan.Downloader.Zlob.AEV
CAT-QuickHeal 8.00 12.15.2006 TrojanDownloader.Zlob.gen
ClamAV devel-20060426 12.16.2006 Trojan.Downloader.Zlob-545
DrWeb 4.33 12.16.2006 Trojan.Popuper
Kaspersky 4.0.2.24 12.16.2006 Trojan-Downloader.Win32.Zlob.beg
Norman 5.80.02 12.15.2006 W32/Zlob.XJU
O4 - HKCU\..\RunOnce: [gi429270635] "C:\DOKUME~1\sam\LOKALE~1\Temp\gi33U54I.exe"
/resume:"C:\DOKUME~1\sam\LOKALE~1\Temp\2G33U3I5"
/exename:"C:\Dokumente und Einstellungen\%Username%\Desktop\Free-Spyware-Scanner-Install.exe"
C:\Dokumente und Einstellungen\%Username%\Desktop\Free-Spyware-Scanner-Install.exe
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\gi33U54I.exe
