kein internet aufgrund "newdot~1.dll"

Thema ist geschlossen!
Thema ist geschlossen!
#0
27.09.2005, 23:19
Member

Beiträge: 11
#46 juchu!!
danke danke danke sabina!
Seitenanfang Seitenende
29.09.2005, 18:28
...neu hier

Beiträge: 2
#47 hallo, ich habe das gleiche problem.
habe nun alles gemacht wie gesagt wurde.
bittet helft mir nun.



Logfile of HijackThis v1.99.0
Scan saved at 18:11:16, on 29.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
c:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\ICQ\ICQNet.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\phonostar\ps_timer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\AOL 9.0a\aoltray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\PrecisionTime\PrecisionTime.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\ZyAIR G-200\OdHost.exe
C:\Programme\ZyAIR G-200\WLUSBCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Dokumente und Einstellungen\Tobias\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll (file missing)
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll (file missing)
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Programme\Starware\bin\Starware.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Programme\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int159606.exe -auto
O4 - HKLM\..\Run: [SExplorer] C:\Programme\SexExplorer\sexexplorer.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Programme\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZyAIR G-200 Wireless LAN Utility.lnk = C:\Programme\ZyAIR G-200\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_38.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106846579843
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.download-url.de/install/StarInstall.ocx
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.stardialer.de/InstallationsAssistent.ocx
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA License Client - Computer Associates International Inc. - c:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates International Inc. - c:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch - Computer Associates - c:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee.com Personal Firewall Service - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Seitenanfang Seitenende
29.09.2005, 18:34
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#48 Hallo@ tobig

Falls ein Virenscanner die newdotnet6_38.dll (oder eine andere dll) schon gelöscht hat und keine Internetverbindung mehr zustande kommt, bringe WinsockFix auf den PC und wende das Tool an:

WinsockFix
http://www.tacktech.com/display.cfm?ttid=257

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll (file missing)
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\WINDOWS\system32\lmf32v.dll (file missing)
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Programme\Starware\bin\Starware.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\Programme\quickbar\quickbar.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Programme\Starware\bin\Starware.dll (file missing)

O4 - HKLM\..\Run: [websx] C:\Programme\websx\int159606.exe -auto
O4 - HKLM\..\Run: [SExplorer] C:\Programme\SexExplorer\sexexplorer.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [I/O Controllers] svcnet.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe

O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.download-url.de/install/StarInstall.ocx
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.stardialer.de/InstallationsAssistent.ocx

O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\lmf32v.dll

PC neustarten

HijackThis (Uninstall Manager)
*öffne HijackThis
*click Config - Misc Tools - "Open Uninstall Manager" - "Save List" (generates uninstall_list.txt)
*click - Save - *nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

alle 4 Logs abkopieren
http://virus-protect.org/datfindbat.html

HijackThis (StartupListe)
Starte den Rechner bitte im abgesicherten Modus und erstelle dort ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lassen.

*HijackThis - Config
*List also minor sections (full) -- Häkchen setzen
*List empty sections (complete) -- Häkchen setzen
*HijackThis - Config - MiscTools -- Generate StartupListlog
*(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten)


danach beginnt die Reinigung
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.09.2005, 14:39
...neu hier

Beiträge: 2
#49 bis zum uninstall manager habe ich alles gemacht.
ich habe misc tools gedrückt und nach "open uninstall manager" gesucht.
diesen buttan gibt es bei mir aber nicht also habe ich "unistall hijackthis & exit" gedrückt.
war das ein fehler?
den danach wurde kein log gerufen den ich hätte speichern können.
Seitenanfang Seitenende
30.09.2005, 18:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#50 installiere das HijackThis neu, denn du hast es geloescht.....
ich sage dir heute Abend, wie es weiter geht...jetzt nicht (keine Zeit)
Vielleicht schaffst du es bis dahin,
click Config - Misc Tools - "Open Uninstall Manager" - "Save List"
zu finden.

Gruss
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.09.2005, 20:49
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#51 Hallo@ tobig

LSPfix.exe
http://www.spychecker.com/program/lspfix.html

hake an: "I know what Im doing"-->Remove
und loesche die newdotnet6_38.dll
(eventuell musst du die dll von links nach rechts bringen)

ist die dll nicht vorhanden:
WinsockFix
http://www.tacktech.com/display.cfm?ttid=257

fixe mit dem HijackThis, was ich oben gwschrieben habe und starte den PC neu

deinstallieren:
New.net
MyWay\myBar
quickbar
Starware
P2P Networking
Kazaa
Date Manager
Web Offer

(im abgesicherten modus, dazu drueckst du F8, wenn der PC hochfaehrt und meldest dich als Administrator an)

loeschen
C:\Programme\websx
C:\Programme\Kazaa
C:\WINDOWS\System32\P2P Networking
c:\program files\altnet\
C:\Programme\Gemeinsame Dateien\CMEII
C:\Programme\Date Manager
C:\PROGRA~1\Web Offer
C:\Programme\Gemeinsame Dateien\GMT
C:\WINDOWS\system32\lmf32v.dll

scane mit ewido und poste den scanreport
http://virus-protect.org/ewido.html

scanne mit escan und erstelle den Scanreport
http://virus-protect.org/escan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.10.2005, 23:45
Member

Beiträge: 12
#52 Hallo zusammen,

seit gestern ich mein Rechner auch befallen. Ich habe auch schon einiges ausprobiert aber komme nicht so wirklich weiter. Bin auch nicht so fit in diesem Bereich.

Vielleicht kann mir hier jemand weiterhelfen.


Logfile of HijackThis v1.99.1
Scan saved at 22:54:54, on 15.10.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\McAfee\McAfee Firewall\CPD.EXE
C:\Programme\McAfee\McAfee Firewall\CPD.EXE
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Dokumente und Einstellungen\Marco Hampel\Eigene Dateien\Viren Scan\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westline.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.com/b1redirect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.ath.cx/x_sidesearch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1&1 Internet AG
R3 - URLSearchHook: stoolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ToolHelper - {AAAE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: stoolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Name of App] C:\Programme\Samsung\FW LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Sin Espias] C:\Programme\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.com/b1redirect
O16 - DPF: {00000000-DCCD-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {4C26E1A7-5C92-4D48-A098-921005ED55C5} - ms-its:mhtml:file://c:\nosuxyz.mht!http://213.158.119.18/auto/stoolbar.chm::/stoolbar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/011044a54099d746a120/netzip/RdxIE601_de.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.power-url.de/StarInstall.ocx
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5672987D-F75E-4E74-9473-A425FCC83209}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C5F2E3-29A1-48C8-9858-9E980C1F0B1D}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: McAfee Firewall - Unknown owner - C:\Programme\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Seitenanfang Seitenende
15.10.2005, 23:58
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#53 Hallo@peppinoweb

wenn man im Windows Explorer in den Windows-Ordner schaut, dann findet man darin die Ordner Downloaded Program Files und Downloaded Installations.
kopiere bitte hier , was du dort findest .


öffne das HijackThis-- Button "scan" -- Häkchen setzen -- Button "Fix checked" -- PC neustarten

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.ath.cx/x_sidesearch/
R3 - URLSearchHook: stoolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll (file missing)
O2 - BHO: ToolHelper - {AAAE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: stoolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\DOWNLO~1\tbu6\stoolbar.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O16 - DPF: {00000000-DCCD-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {4C26E1A7-5C92-4D48-A098-921005ED55C5} - ms-its:mhtml:file://c:\nosuxyz.mht!http://213.158.119.18/auto/stoolbar.chm::/stoolbar.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.power-url.de/StarInstall.ocx
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab

PC neustarten

deinstallieren: New.net ,stoolbar

CCleaner -- loesche alle *temp-Datein
http://virus-protect.org/temp.html

Ewido (scannen)-->poste den scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.10.2005, 12:08
Member

Beiträge: 12
#54 Hallo,

das habe ich dort gefunden:

Downloaded Program Files:

{9BFAD254-E7B8-42FC-B34D-DEDAB4C0D17D}
{825D4AA5-DED8-4F99-8F3E-98ABEA13A3B0}
Powertoys For Windows XP
{04B60750-B794-11D7-9210-003054004C01}


Downloaded Installations:

{00000000-DCCD-0704-0B53-2C8830E9FAEC}
{11111111-1111-1111-1111-111111111123}
{4C26E1A7-5C92-4D48-A098-921005ED55C5}
{E0B795B4-FD95-4ABD-A375-27962EFCE8CF}
{F57D17AE-CE37-4BC8-B232-EA57747BE5E7}
HouseCall-Button.setup
HouseCall-Kontrol
Java Runtime Environment 1.3.3_06
Java Runtime Environment 1.4.2
Java Runtime Environment 1.4.2
RdxIE Class
Shockwave Flash Object
Update Class



Scanreport:

---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 12:03:59, 16.10.2005
+ Report-Checksumme: 2CB117A2

+ Scanergebnis:

HKLM\SOFTWARE\Classes\.b3dini -> Spyware.BrilliantDigital : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\.s3d -> Spyware.BrilliantDigital : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\CLSID\{00000000-CDDC-0704-0B53-2C8830E9FAEC} -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6} -> Spyware.BrilliantDigital : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE} -> Spyware.NetworkEssentials : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE}\TypeLib\\ -> Spyware.NetworkEssentials : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{B0CE21C5-6A79-45B7-AB9C-0008E75F2DBF} -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{B0CE21C5-6A79-45B7-AB9C-0008E75F2DBF}\TypeLib\\ -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{CD6B926C-903F-46A4-9C7D-F3839F081788} -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{CD6B926C-903F-46A4-9C7D-F3839F081788}\TypeLib\\ -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Interface\{FACCC49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\MP.MediaPops -> Spyware.NetworkEssentials : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Spyware.NetworkEssentials : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID\\ -> Spyware.Medialoads : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Spyware.NetworkEssentials : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Spyware.NetworkEssentials : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\MP.MediaPops.1\CLSID\\ -> Spyware.Medialoads : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID\\ -> Spyware.NewDotNet : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID\\ -> Spyware.NewDotNet : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\ToolBand.ToolHelper\CLSID\\ -> Spyware.CoolWebSearch : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\ToolBand.ToolHelper.1\CLSID\\ -> Spyware.CoolWebSearch : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1} -> Spyware.NetworkEssentials : Gesäubert mit Backup
HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Gesäubert mit Backup
HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StarInstall.ocx\\.Owner -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StarInstall.ocx\\{E0B795B4-FD95-4ABD-A375-27962EFCE8CF} -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/EPlugin.ocx\\.Owner -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/EPlugin.ocx\\{F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -> Dialer.Generic : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Spyware.Delfin : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Gesäubert mit Backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup
HKU\S-1-5-21-343818398-839522115-1343024091-1003\Software\DelFin -> Spyware.Delfin : Gesäubert mit Backup
HKU\S-1-5-21-343818398-839522115-1343024091-1003\Software\DelFin\PromulGate -> Spyware.Delfin : Gesäubert mit Backup
HKU\S-1-5-21-343818398-839522115-1343024091-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Fehler beim Säubern
C:\Programme\cbild\Warn0190.ex_ -> Heuristic.Win32.Dialer : Gesäubert mit Backup
C:\Programme\MediaLoads Enhanced\ME1.DLL -> Spyware.MediaPops : Gesäubert mit Backup
C:\Programme\MediaLoads Enhanced\install.exe -> Spyware.Downloadware : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\WINDOWS\EPlugin.ocx -> Dialer.Generic : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall5_40.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031471.ex_ -> Heuristic.Win32.Dialer : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031472.exe -> Spyware.Downloadware : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031473.DLL -> Spyware.MediaPops : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031474.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031475.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031476.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031477.ocx -> Dialer.Generic : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031478.exe -> Spyware.NewDotNet : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP138\A0031479.exe -> Spyware.NewDotNet : Gesäubert mit Backup


::Report Ende
Seitenanfang Seitenende
16.10.2005, 13:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#55 Downloaded Installations:

loeschen:

{00000000-DCCD-0704-0B53-2C8830E9FAEC}
{11111111-1111-1111-1111-111111111123}
{4C26E1A7-5C92-4D48-A098-921005ED55C5}
{E0B795B4-FD95-4ABD-A375-27962EFCE8CF} --> ist wahrscheinlich schon geloescht
{F57D17AE-CE37-4BC8-B232-EA57747BE5E7}

counterspy (lade, scanne und poste den scanreport)
http://virus-protect.org/counterspy.html

dann poste das neue Log vom HijackTHIS
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.10.2005, 13:48
Member

Beiträge: 12
#56 Die waren alle schon gelöscht. Ich werde jetzt mal deine Anweisungen folgen

Bis gleich...
Seitenanfang Seitenende
16.10.2005, 13:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#57 gut, dann warte ich auf den scanreport ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.10.2005, 14:28
Member

Beiträge: 12
#58 Spyware Scan Details
Start Date: 16.10.2005 13:53:13
End Date: 16.10.2005 14:21:35
Total Time: 28 mins 22 secs

Detected spyware

BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Ignored

Infected files detected
c:\programme\bearshare\bearshare.exe
c:\programme\bearshare\bsidle.dll
c:\programme\bearshare\runmsc.dll
c:\programme\bearshare\webstats.bat
c:\programme\bearshare\webstats.exe
c:\programme\bearshare\webstats.ini
c:\programme\bearshare\history.txt
c:\programme\bearshare\install.log
c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\unwise.exe
c:\programme\bearshare\unwise.ini
c:\programme\bearshare\sounds\notify.wav
c:\programme\bearshare\installer\bsinstallde.exe
c:\programme\bearshare\db\hbcache.dat
c:\programme\bearshare\db\gnucache.dat
c:\programme\bearshare\db\connect.txt
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.dat
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella
HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8
HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 4.6.1.2DE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare


IEPlugin Spyware more information...
Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
Status: Deleted

Infected files detected
c:\programme\se\data\app.dat
c:\programme\se\data\bm.dat


NetworkEssentials Browser Plug-in more information...
Details: Network Essentials is an IE Browser Helper Object which monitors URLs being viewed in the web browser.
Status: Quarantined


AntiLeech Plugin Adware more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Quarantined

Infected files detected
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\setup2.exe
c:\programme\anti-leech\alnn\alhlp.exe
C:\Programme\Mozilla Firefox\plugins\npalnn.dll
C:\Programme\Mozilla Firefox\plugins\al2np.dll
C:\Programme\Mozilla Firefox\plugins\alhlp.exe

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0 C:\Programme\Mozilla Firefox\Plugins
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\Suffixes
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Path C:\Programme\Anti-Leech\ALNN\npalnn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Description Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Version 1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Vendor Anti-Leech
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 ProductName Anti-Leech Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


PriceBandit Low Risk Adware more information...
Details: It is an adware program that creates advertisments on your PC.
Status: Ignored


Delfin Media Viewer 2.11 Adware more information...
Details: DelFin Media Viewer 2.11 is a program which creates advertisement on user's PC.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer Changed 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DelFin Media Viewer


Cydoor Adware more information...
Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer.
Status: Quarantined

Infected files detected
c:\windows\system32\cd_clint.dll


WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Quarantined

Infected files detected
C:\Programme\BearShare\RunMSC.dll
C:\Programme\BearShare\Webstats.exe
C:\Programme\BearShare\Webstats.ini

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1


SearchExe Hijacker Adware more information...
Details: SearchExe changes the Internet Explorer SearchUrl to search-exe.com and displays ads on your desktop using popups.
Status: Deleted

Infected files detected
C:\Programme\se\Data\app.dat
C:\Programme\se\Data\bm.dat


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Quarantined

Infected files detected
C:\WINDOWS\NDNuninstall4_94.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033320.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033321.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033323.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033324.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033325.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\tldctl2.urllink.1
HKEY_CLASSES_ROOT\tldctl2.urllink.1 URLLink Class
HKEY_CLASSES_ROOT\tldctl2.urllink
HKEY_CLASSES_ROOT\tldctl2.urllink\CurVer Tldctl2.URLLink.1
HKEY_CLASSES_ROOT\tldctl2.urllink URLLink Class
HKEY_LOCAL_MACHINE\software\classes\tldctl2.urllink\clsid
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source
HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag
HKEY_LOCAL_MACHINE\SOFTWARE\New.net InstalledVersion 393254
HKEY_LOCAL_MACHINE\software\new.net
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 393254
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet6_38.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=9dd38d1b6984185722da27efe72e5e08
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source kazaa_336
HKEY_LOCAL_MACHINE\software\new.net Prt NN100
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29738217
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1926096592
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 393254
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet6_38.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=9dd38d1b6984185722da27efe72e5e08
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source kazaa_336
HKEY_LOCAL_MACHINE\software\new.net Prt NN100
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29738217
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1926096592
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag


Adw.Anquiro.Toolbar Adware more information...
Details: Anquiro is an Adware Toolbar which changes the IE homepage and adds a Toolbar.
Status: Quarantined

Infected files detected
C:\WINDOWS\Downloaded Program Files\nav.bmp
C:\WINDOWS\Downloaded Program Files\tbu2CF\nav.bmp
C:\WINDOWS\Downloaded Program Files\tbu2C9\nav.bmp


DownloadWare MediaLoads Browser Plug-in more information...
Details: DownloadWare MediaLoads, a Downloadware variant will connect to its servers, which can direct it to download and install software from advertisers.
Status: Quarantined

Infected files detected
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033318.DLL
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033319.exe


PornDialer.EPlugin Dialer more information...
Details: PornDialer.IO is an ActiveX component, to download dialer programs. The dialer program may be used to access premium-rate services.
Status: Quarantined

Infected files detected
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033322.ocx


EverAd Trojan Adware more information...
Status: Quarantined

Infected registry entries detected
HKEY_CURRENT_USER\software\everad
HKEY_CURRENT_USER\software\everad\PlayJ Player Base Priority 32
HKEY_CURRENT_USER\software\everad\PlayJ Player String1 0
HKEY_CURRENT_USER\software\everad\PlayJ Player String2 1
HKEY_CURRENT_USER\software\everad\PlayJ Player Preset -1
HKEY_CURRENT_USER\software\everad\PlayJ Player Equalizer On 0
HKEY_CURRENT_USER\software\everad\PlayJ Player Last EQ Values
HKEY_CURRENT_USER\software\everad\PlayJ Player Loop 1
HKEY_CURRENT_USER\software\everad\PlayJ Player Shuffle 0
HKEY_CURRENT_USER\software\everad\PlayJ Player Volume
HKEY_CURRENT_USER\software\everad\PlayJ Player Balance
HKEY_CURRENT_USER\software\everad\PlayJ Player StayBig 0
HKEY_CURRENT_USER\software\everad\PlayJ Player MainTop 315
HKEY_CURRENT_USER\software\everad\PlayJ Player MainLeft 392
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListTop 548
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListLeft 86
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListHeight 138
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListWidth 241
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListSticky 4
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListStickyTo 0
HKEY_CURRENT_USER\software\everad\PlayJ Player EQTop 453
HKEY_CURRENT_USER\software\everad\PlayJ Player EQLeft 392
HKEY_CURRENT_USER\software\everad\PlayJ Player EQSticky 3
HKEY_CURRENT_USER\software\everad\PlayJ Player EQStickyTo 1
HKEY_CURRENT_USER\software\everad\PlayJ Player ShowEqualizer 1


WhenU.WeatherCast Low Risk Adware more information...
Details: a local weather information program that sits in the desktop tray and offers current weather data, forecasts, and other weather information. Weathercast is often bundled with the Save advertising program and/or the WhenUSearch desktop toolbar.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VVSN C:\Programme\VVSN\VVSN.exe


DownloadWare Adware more information...
Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\mlh
HKEY_LOCAL_MACHINE\software\mlh\dating RunCount 1
HKEY_LOCAL_MACHINE\software\mlh Guid 6A21071796F249A9BB93E8636E115289
HKEY_LOCAL_MACHINE\software\mlh Version 9
HKEY_LOCAL_MACHINE\software\mlh InstallTime 1049823751
HKEY_LOCAL_MACHINE\software\mlh Country --
HKEY_LOCAL_MACHINE\software\mlh PrevTime 1020042767
HKEY_LOCAL_MACHINE\software\mlh PrevApp 2
HKEY_CURRENT_USER\software\medialoads
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params paramversion 1
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params poprate 7200
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params popdelay 30
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params updateinterval 345600
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params retryrate 86400
HKEY_CURRENT_USER\software\medialoads\Enhanced Guid 5C2AE80FFC874036B4752560D30C4F8D
HKEY_CURRENT_USER\software\medialoads\Enhanced Version 2
HKEY_CURRENT_USER\software\medialoads\Enhanced Register 0
HKEY_CURRENT_USER\software\medialoads\Enhanced PrevTime 1104768900
HKEY_CURRENT_USER\software\medialoads\Enhanced Cookie RF*TR_RF_SPMEDIAPOP|SU*#145:1104615370:1104615370:1104615370|PU*#145-1:1104615370:1104615370:1104615370|LU*#145-1-46:1104615370:1104615370:1104615370|AT*A:21189:2:1101750477_A:16471:10:1104615370_A:21




Logfile of HijackThis v1.99.1
Scan saved at 14:27:10, on 16.10.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\McAfee\McAfee Firewall\CPD.EXE
C:\Programme\McAfee\McAfee Firewall\CPD.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Programme\Sitecom\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe
C:\Dokumente und Einstellungen\Marco Hampel\Eigene Dateien\Viren Scan\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westline.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.com/b1redirect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1&1 Internet AG
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Name of App] C:\Programme\Samsung\FW LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [VVSN] C:\Programme\VVSN\VVSN.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Sin Espias] C:\Programme\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_38.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.com/b1redirect
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/011044a54099d746a120/netzip/RdxIE601_de.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5672987D-F75E-4E74-9473-A425FCC83209}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3C5F2E3-29A1-48C8-9858-9E980C1F0B1D}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: McAfee Firewall - Unknown owner - C:\Programme\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Seitenanfang Seitenende
16.10.2005, 15:20
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#59 deinstalliere:
PlayJ Player
medialoads

C:\Programme\se<--loeschen

TuneUp 2006 (30 Tage free) Shareware
http://virus-protect.org/reinigungstoolsregistry.html
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner

dann berichte, wie es laeuft ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.10.2005, 20:54
Member

Beiträge: 12
#60 Hallo,

die Programme finde ich nicht. C:\Programme\se gibt es bei mir auch nicht.

TuneUp 2006 führe ich jetzt mal aus.

Was muss ich dann machen?
Seitenanfang Seitenende