msn plus ad ware entfernen

#0
23.04.2005, 13:24
Member

Beiträge: 16
#1 hallo, ich habe das msn plus update durchgefuehrt und ausversehen auf supporten geklickt -.-

jetzt habe ich die laestige werbung, die ich mittlerweile schon wegbekommen habe, das einzige, was mich noch stoert sind die eintraege, die sich in den favs festgesetzt haben
habe mir ein hijack this logfile angelegt, aber blick da nicht so ganz durch

vielleicht kann mir ja jemand helfen

Logfile of HijackThis v1.99.1
Scan saved at 13:15:26, on 23.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\programme\softwin\bitdefender8\bdnagent.exe
C:\WINDOWS\Mixer.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Diet K\DietK.exe
C:\Programme\Kazaa-Lite\KazaaLite.kpp
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\downloads\HijackThis.exe

F3 - REG:win.ini: run=
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_3_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_3_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinFast Schedule] C:\Programme\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\programme\softwin\bitdefender8\bdnagent.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [basebat] C:\DOKUME~1\RAYNE_~1\ANWEND~1\BENDNA~1\SOFTWAREPLUS4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: MSI Media Center Deluxe II.lnk = C:\Programme\MSI\Media Center Deluxe II\Projector.exe
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinIRXHelper.lnk = C:\Programme\MSI\Media Center Deluxe II\WinIRXHelper.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {11F44F56-0B88-41E6-BA33-A86E5E216F1E} (bilder_vobis_de_bilduebertragung) - http://www.bilder.vobis.de/upload/bilder_vobis_bilduebertragung.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104282085671
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned41.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta_reg/de/soesysinfo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Programme\Gemeinsame Dateien\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
Seitenanfang Seitenende
23.04.2005, 16:11
Moderator

Beiträge: 7805
#2 Updaate dein Windows auf SP2 und fix das:

F3 - REG:win.ini: run=
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [basebat] C:\DOKUME~1\RAYNE_~1\ANWEND~1\BENDNA~1\SOFTWAREPLUS4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE

Sowie alle "O16" Eintraege. Du weisst was das ist?
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Programme\Gemeinsame Dateien\Groove Games Shared\Service\ggameslicsvc.exe
Im Zweifelsfalle auch raus damit...


Du koenntest zur Sicherheit deine Temp. Verzeichnisse mit der [URL=http://support.microsoft.com/default.aspx?scid=kb;de;315246]Datentraegerbereinigung[/URL] oder [URL=http://www.ccleaner.com/]anderen[/URL] [URL=http://www.clearprog.de/programme/clearprog/index.php]Programmen[/URL]
leeren und die [URL=http://www.bsi.bund.de/av/texte/wiederher_xp.htm]Systemwiederherstellung[/URL] deaktivieren, neu starten und wieder aktivieren.
Pruefe den Rechner bitte noch mit [URL=http://www.trojaner-info.de/hijacker/escan.shtml]eScan[/URL] und sag, wenn es etwas gefunden haben sollte. Ein Update ist nicht noetig, nur solltest du den Scan im abgesicherten Modus machen.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
23.04.2005, 22:42
Member

Themenstarter

Beiträge: 16
#3 ne, was sind O16 eintraege?

groove games ist von der pariah demo
Seitenanfang Seitenende
23.04.2005, 22:59
Moderator

Beiträge: 7805
#4 ;) Die "O16" Eintraege solltst du fixen! Zu Den einzelnen Punkten bei Hijackthis findest du hier informatioenen:
http://www.trojaner-info.de/anleitungen/hijackthis/htlogtutorial.html
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
23.04.2005, 23:09
Member

Themenstarter

Beiträge: 16
#5 die werbung ist wieder da und die favs sind immer noch nicht sauber ;)
Seitenanfang Seitenende
24.04.2005, 08:51
Moderator

Beiträge: 7805
#6 Die Favoriten musst du auch selber loeschen, ueber Favorieten/verwalten im IE. Mache das aber erst, wenn der Rechner sonst sauber ist.

Bitte poste nun folgendes: Ein hijackthis log, eine uninstall liste und einen scan mit Escan und sag, was alles als "infected" oder "tagged as" gefunden wurde.

Fuer das uninstall.log bitte Hijackthis starten, dann auf "Open misc tools section"/Open uninstallmanager/Save list/ Diese Speichern und den Inhalt des Aufpoppenden Editors hier ebenfalls posten.

[Nachtrag: Du kannst es auch mit dem offiziellen Cleaner dafuer versuchen. Garantie gibt es dafuer nicht!;) http://lop.com/new_uninstall.exe ]
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
24.04.2005, 10:32
Member

Themenstarter

Beiträge: 16
#7 das offiezielle tool ist ein trojaner :p

hijack this logfile

Logfile of HijackThis v1.99.1
Scan saved at 10:26:38, on 24.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\programme\softwin\bitdefender8\bdnagent.exe
C:\WINDOWS\Mixer.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Outlook Express\msimn.exe
C:\Program Files\mIRC\mirc.exe
C:\Programme\teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\downloads\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_3_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\ycomp5_5_3_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\programme\softwin\bitdefender8\bdnagent.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [basebat] C:\DOKUME~1\RAYNE_~1\ANWEND~1\BENDNA~1\SOFTWAREPLUS4.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: MSI Media Center Deluxe II.lnk = C:\Programme\MSI\Media Center Deluxe II\Projector.exe
O4 - Global Startup: WinIRXHelper.lnk = C:\Programme\MSI\Media Center Deluxe II\WinIRXHelper.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Programme\Gemeinsame Dateien\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe




uninstall list

3DMark05
ACE-HIGH MP3 WAV WMA OGG Converter
Ad-aware 6 Personal
Adobe Download Manager 1.2 (Nur entfernen)
Adobe MPEG Encoder
Adobe Premiere 6.5
Adobe Reader 6.0.1
Advanced Networking Pack fur Windows XP
Alcohol 120% (Trial Version)
BitDefender 8 Professional Plus
BitTorrent 3.4.2
Codec Pack - All In 1 5.0.4.8
Diet K
DivX Player
DivX Pro Codec Adware
eMule
EVEREST Home Edition v1.10
Far Cry
Fraps (remove only)
HighMAT-Erweiterung fur den Microsoft Windows XP-Assistenten zum Schreiben von CDs
HijackThis 1.99.1
ICQ 5
InstallRTC
Intel A/V Codecs V2.0
Intel(R) PRO Network Adapters and Drivers
Internet Explorer Q831167
Ipswitch WS_FTP Pro
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Kazaa Lite K++ v2.4.3
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft Word 97
mIRC
MSI Media Center Deluxe II
MSN Add-In fur Windows Messenger
MSN Messenger 6.2
Nero 6 Ultra Edition
Netscape (7.1)
NVIDIA Drivers
Outlook Express Q837009
Pariah Multiplayer Demo
Pariah Multiplayer Demo [Try&Die] (Shared Components)
PCI Audio Driver
PowerDVD
PowerQuest PartitionMagic 8.0
QuickTime
SpeechRedist
Spybot - Search & Destroy 1.3
TeamSpeak 2 RC2
Totalidea RAM-Disk Driver
Unreal Tournament 2004
Viewpoint Media Player (Remove Only)
Winamp (remove only)
Windows Media Encoder 7.1
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player-Hotfix [Weitere Informationen finden Sie in KB837272]
Windows Media Player-Hotfix [Weitere Informationen finden Sie in Q828026]
Windows XP-Hotfix - KB820291
Windows XP-Hotfix - KB821253
Windows XP-Hotfix - KB822603
Windows XP-Hotfix - KB823182
Windows XP-Hotfix - KB824105
Windows XP-Hotfix - KB824141
Windows XP-Hotfix - KB825119
Windows XP-Hotfix - KB826939
Windows XP-Hotfix - KB826942
Windows XP-Hotfix - KB828028
Windows XP-Hotfix - KB828035
Windows XP-Hotfix - KB828741
Windows XP-Hotfix - KB833998
Windows XP-Hotfix - KB835732
Windows XP-Hotfix - KB837001
Windows XP-Hotfix - KB840374
Windows XP-Hotfix - KB842773
Windows XP-Hotfix (SP2) Q322011
Windows XP-Hotfix (SP2) Q327979
Windows XP-Hotfix (SP2) Q814995
Windows XP-Hotfix (SP2) Q819696
WinRAR Archivierer
Yahoo! Anti-Spy (BETA)
Yahoo! Messenger
Yahoo! Toolbar





eScan

File c:\dokume~1\rayne_~1\lokale~1\temp\sfwglcjl.exe infected by "not-a-virus:AdWare.Lop.m" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.
File C:\DOKUME~1\RAYNE_~1\ANWEND~1\BENDNA~1\SOFTWAREPLUS4.exe infected by "not-a-virus:AdWare.Lop.m" Virus. Action Taken: No Action Taken.
Seitenanfang Seitenende
25.04.2005, 17:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 Hallo@rayne

Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren


#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [basebat] C:\DOKUME~1\RAYNE_~1\ANWENDUNGSDATEN\BENDNA~1\SOFTWAREPLUS4.exe

PC neustarten

MessengerPlus3<---deinstallieren

Loeschen:
C:\Dokumente und Einstellungen\rayne_~1\Lokale Einstellungen\Temp\sfwglcjl.exe
C:\Dokumente und Einstellungen\RAYNE_~1\ANWENDUNGSDATEN\BENDNA~1\SOFTWAREPLUS4.exe

CCleaner--> loesche alle *temp-Datein
http://www.ccleaner.com/ccdownload.asp



#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.04.2005, 16:05
Member

Themenstarter

Beiträge: 16
#9 Ad-Aware SE Build 1.05
Logfile Created on;)ienstag, 26. April 2005 07:03:41
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


26.04.2005 07:03:41 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Rayne_2004\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 668
ThreadCreationTime : 26.04.2005 04:59:39
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 26.04.2005 04:59:40
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 26.04.2005 04:59:42
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 26.04.2005 04:59:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 796
ThreadCreationTime : 26.04.2005 04:59:42
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 976
ThreadCreationTime : 26.04.2005 04:59:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1104
ThreadCreationTime : 26.04.2005 04:59:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 26.04.2005 04:59:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1396
ThreadCreationTime : 26.04.2005 04:59:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1584
ThreadCreationTime : 26.04.2005 04:59:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [btwdins.exe]
FilePath : C:\Programme\WIDCOMM\Bluetooth Software\bin\
ProcessID : 1792
ThreadCreationTime : 26.04.2005 04:59:53
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTWDIns.EXE

#:12 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1836
ThreadCreationTime : 26.04.2005 04:59:53
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:13 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1916
ThreadCreationTime : 26.04.2005 04:59:53
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:14 [xcommsvr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\
ProcessID : 180
ThreadCreationTime : 26.04.2005 04:59:53
BasePriority : Normal
FileVersion : 1, 7, 0, 6
ProductVersion : 1, 7, 0, 6
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components

#:15 [bdss.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\
ProcessID : 232
ThreadCreationTime : 26.04.2005 04:59:53
BasePriority : Normal


#:16 [vsserv.exe]
FilePath : C:\Programme\Softwin\BitDefender8\
ProcessID : 428
ThreadCreationTime : 26.04.2005 05:00:01
BasePriority : Normal


#:17 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 524
ThreadCreationTime : 26.04.2005 05:00:39
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1080
ThreadCreationTime : 26.04.2005 05:00:45
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:19 [icqlite.exe]
FilePath : C:\Programme\ICQLite\
ProcessID : 1292
ThreadCreationTime : 26.04.2005 05:00:49
BasePriority : Normal
FileVersion : 20, 32, 2315, 0
ProductVersion : 20, 32, 2315, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe

#:20 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1716
ThreadCreationTime : 26.04.2005 05:00:50
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:21 [bdmcon.exe]
FilePath : C:\PROGRA~1\softwin\BITDEF~1\
ProcessID : 1956
ThreadCreationTime : 26.04.2005 05:00:50
BasePriority : Normal
FileVersion : 8.1.0.0
ProductVersion : 8.1.0.0
ProductName : BitDefender 8
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Management Console
InternalName : Management Console
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : bdmcon.exe

#:22 [bdoesrv.exe]
FilePath : C:\Programme\Softwin\BitDefender8\
ProcessID : 276
ThreadCreationTime : 26.04.2005 05:00:52
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : Bitdefender 8
CompanyName : SOFTWIN SRL
FileDescription : bdoesrv application
InternalName : bdoesrv
LegalCopyright : © 2005 SOFTWIN S.R.L.
OriginalFilename : bdoesrv.exe

#:23 [bdnagent.exe]
FilePath : C:\programme\softwin\bitdefender8\
ProcessID : 612
ThreadCreationTime : 26.04.2005 05:00:53
BasePriority : Normal


#:24 [mixer.exe]
FilePath : C:\WINDOWS\
ProcessID : 636
ThreadCreationTime : 26.04.2005 05:00:53
BasePriority : Normal
FileVersion : 1.58
ProductVersion : 1.58
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright (C) 1997-2002
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih (min_chih@cmedia.com.tw)

#:25 [ypager.exe]
FilePath : C:\Programme\Yahoo!\Messenger\
ProcessID : 656
ThreadCreationTime : 26.04.2005 05:00:53
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:26 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 568
ThreadCreationTime : 26.04.2005 05:00:53
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:27 [msnmsgr.exe]
FilePath : C:\Programme\MSN Messenger\
ProcessID : 1412
ThreadCreationTime : 26.04.2005 05:00:53
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:28 [bttray.exe]
FilePath : C:\Programme\WIDCOMM\Bluetooth Software\
ProcessID : 840
ThreadCreationTime : 26.04.2005 05:00:55
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTTray.exe

#:29 [btstac~1.exe]
FilePath : C:\PROGRA~1\WIDCOMM\BLUETO~1\
ProcessID : 1352
ThreadCreationTime : 26.04.2005 05:00:58
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Stack COM Server
InternalName : BTStackServer
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTStackServer.exe

#:30 [msimn.exe]
FilePath : C:\Programme\Outlook Express\
ProcessID : 2532
ThreadCreationTime : 26.04.2005 05:01:58
BasePriority : Normal
FileVersion : 6.00.2800.1123
ProductVersion : 6.00.2800.1123
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : MSIMN.EXE

#:31 [mirc.exe]
FilePath : C:\Program Files\mIRC\
ProcessID : 2552
ThreadCreationTime : 26.04.2005 05:02:00
BasePriority : Normal
FileVersion : 6.14
ProductVersion : 6.14
ProductName : mIRC
CompanyName : mIRC Co. Ltd.
FileDescription : mIRC
InternalName : mIRC
LegalCopyright : Copyright © 1995-2004 mIRC Co. Ltd.
LegalTrademarks : mIRC® is a Registered Trademark of mIRC Co. Ltd.
OriginalFilename : mirc.exe

#:32 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 2580
ThreadCreationTime : 26.04.2005 05:02:00
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:33 [teamspeak.exe]
FilePath : C:\Programme\teamspeak2_RC2\
ProcessID : 2588
ThreadCreationTime : 26.04.2005 05:02:01
BasePriority : Normal
FileVersion : 2.0.32.60
ProductVersion : 2.0.32.60
ProductName : TeamSpeak 2 Client
CompanyName : Dominating Bytes Design
FileDescription : The TeamSpeak 2 client
InternalName : TeamSpeak.exe
LegalCopyright : (c) 2002-2003 Dominating Bytes Design
OriginalFilename : TeamSpeak.exe

#:34 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3048
ThreadCreationTime : 26.04.2005 05:03:33
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1229272821-299502267-725345543-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 21


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rayne_2004@adtech[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:rayne_2004@adtech.de/
Expires : 23.04.2015 22:18:42
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rayne_2004@as1.falkag[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:rayne_2004@as1.falkag.de/
Expires : 25.05.2005 22:21:20
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rayne_2004@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:rayne_2004@tradedoubler.com/
Expires : 26.04.2005 10:19:52
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rayne_2004@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:rayne_2004@2o7.net/
Expires : 25.04.2010 07:01:44
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rayne_2004@serving-sys[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:rayne_2004@serving-sys.com/
Expires : 01.01.2038 07:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rayne_2004@weborama[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:rayne_2004@weborama.fr/
Expires : 26.04.2007 07:01:38
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 27



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>


ad awar bleibt immer bei einer datei haengen
Seitenanfang Seitenende
27.04.2005, 12:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 poste bitte das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.04.2005, 19:58
Member

Themenstarter

Beiträge: 16
#11 problem erfolgreich geloerst!!
DANKE fuer die hilfe
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: