Home » Spyware & Browser Hijacker Support Forum » kein internet aufgrund "newdot~1.dll" » Themenansicht

kein internet aufgrund "newdot~1.dll"

Thema ist geschlossen!
Thema ist geschlossen!
#0
16.10.2005, 21:07
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#61 peppinoweb

fixe mit dem HijackThis:

O4 - HKLM\..\Run: [Sin Espias] C:\Programme\SinEspias\No-Spy.exe /autorun

PC neustarten

C:\Programme\SinEspias deinstallieren/loeschen

Onlinescan Panda (wenn der antivirus "meckert" nicht beachten"
poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.10.2005, 21:55
peppinoweb
Member

Beiträge: 12
#62 Neustart hat nichts gebracht. Jetzt habe ich die Systemwiederherstelllung gestartet.
Seitenanfang Seitenende
16.10.2005, 21:58
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#63 wieso die Wiederherstellung ????? gab es denn noch probleme?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.10.2005, 22:00
peppinoweb
Member

Beiträge: 12
#64 Ja, ich konnte wieder keine Verbindung zum Internet herstellen...
Seitenanfang Seitenende
16.10.2005, 22:01
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#65 na gut, mache eine Systemwiederherstellung...weit weit zurueck und dann poste das neue Log vom HijackThis (dann beginnt wieder alles von vorn)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.10.2005, 22:09
peppinoweb
Member

Beiträge: 12
#66 Ich habe die Systemwiederherstellung auf 12:10 Uhr gesetzt. Können wir den Scan nicht ab da fortführen?
Seitenanfang Seitenende
16.10.2005, 22:10
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#67 wieso auf 12.10 uhr ????

keine Internetverbindung mehr ????
WinsockFix (Fuer alle Betriebssysteme)
http://www.winsockfix.nl/
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.10.2005, 22:14
peppinoweb
Member

Beiträge: 12
#68 Seit der Wiederherstellung klappt es wieder.
Seitenanfang Seitenende
16.10.2005, 22:30
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#69 Aber NewDotNet ist noch immer da ;)
__________
MfG Argus
Seitenanfang Seitenende
16.10.2005, 22:37
peppinoweb
Member

Beiträge: 12
#70 NewDotNet nicht, aber stoolbar kann ich nicht entfernen.
Seitenanfang Seitenende
16.10.2005, 23:41
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#71 dann alles von vorn, HijackThis, alles fixen, ewido und Counterspy
http://virus-protect.org/counterspy.html
+ scanreporte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.10.2005, 00:03
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#72 Noch zum CounterSpy,nach der scan muss man sich entscheiden fuer
Ignore,Remove oder Quarantaine.Ich waehle immer Remove ;)
__________
MfG Argus
Seitenanfang Seitenende
17.10.2005, 07:12
peppinoweb
Member

Beiträge: 12
#73 ---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 07:07:56, 17.10.2005
+ Report-Checksumme: 7CB0B971

+ Scanergebnis:

C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\6BBD0EB7-0498-4998-9ECC-34F4FC -> Spyware.NewDotNet : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\4E06315A-4866-4142-874E-9E56E2 -> Spyware.NewDotNet : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\613BD4DC-1303-4C9E-A34C-36D047 -> Spyware.NewDotNet : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\18D42DB2-7BBF-4105-97E8-37B6E1 -> Spyware.NewDotNet : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\12D9E8F0-166D-42A1-8A70-3E4F48 -> Spyware.NewDotNet : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\82A6F5FB-6439-4BB8-9357-7F0264\A99AAF8E-8282-4DFD-90C1-A9A36F -> Spyware.Downloadware : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\82A6F5FB-6439-4BB8-9357-7F0264\8E05368C-4B3C-497D-8CEC-65B5FE -> Spyware.MediaPops : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\720BA13A-7DEC-4358-9105-6BCA9F\C5C201AB-7B9C-4DFD-9AAB-C228BC -> Dialer.Generic : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Cookies\marco hampel@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Cookies\marco hampel@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Marco Hampel\Cookies\marco hampel@axa.addcontrol[1].txt -> Spyware.Cookie.Addcontrol : Gesäubert mit Backup
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033317.ex_ -> Heuristic.Win32.Dialer : Gesäubert mit Backup


::Report Ende




Spyware Scan Details
Start Date: 16.10.2005 22:12:20
End Date: 16.10.2005 22:43:47
Total Time: 31 mins 27 secs

Detected spyware

BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Ignored

Infected files detected
c:\programme\bearshare\bearshare.exe
c:\programme\bearshare\bsidle.dll
c:\programme\bearshare\webstats.bat
c:\programme\bearshare\history.txt
c:\programme\bearshare\install.log
c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\unwise.exe
c:\programme\bearshare\unwise.ini
c:\programme\bearshare\webstats.ini
c:\programme\bearshare\runmsc.dll
c:\programme\bearshare\webstats.exe
c:\programme\bearshare\sounds\notify.wav
c:\programme\bearshare\installer\bsinstallde.exe
c:\programme\bearshare\db\hbcache.dat
c:\programme\bearshare\db\gnucache.dat
c:\programme\bearshare\db\connect.txt
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.dat
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella
HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8
HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 4.6.1.2DE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare


IEPlugin Spyware more information...
Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
Status: Deleted


NetworkEssentials Browser Plug-in more information...
Details: Network Essentials is an IE Browser Helper Object which monitors URLs being viewed in the web browser.
Status: Quarantined


AntiLeech Plugin Adware more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Quarantined

Infected files detected
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\setup2.exe
C:\Programme\Mozilla Firefox\plugins\al2np.dll
C:\Programme\Mozilla Firefox\plugins\npalnn.dll
C:\Programme\Mozilla Firefox\plugins\alhlp.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033358.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033359.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033360.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033361.dll
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033362.dll
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033363.dll
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033364.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0 C:\Programme\Mozilla Firefox\Plugins
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\Suffixes
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Path C:\Programme\Anti-Leech\ALNN\npalnn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Description Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Version 1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Vendor Anti-Leech
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 ProductName Anti-Leech Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


PriceBandit Low Risk Adware more information...
Details: It is an adware program that creates advertisments on your PC.
Status: Ignored


Delfin Media Viewer 2.11 Adware more information...
Details: DelFin Media Viewer 2.11 is a program which creates advertisement on user's PC.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer Changed 0


Cydoor Adware more information...
Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer.
Status: Quarantined

Infected files detected
c:\windows\system32\cd_clint.dll


WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Quarantined

Infected files detected
C:\Programme\BearShare\Webstats.ini
C:\Programme\BearShare\RunMSC.dll
C:\Programme\BearShare\Webstats.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033366.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033367.dll
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033368.ini

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Quarantined

Infected files detected
C:\WINDOWS\NDNuninstall4_94.exe
C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033369.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\tldctl2.urllink.1
HKEY_CLASSES_ROOT\tldctl2.urllink.1 URLLink Class
HKEY_CLASSES_ROOT\tldctl2.urllink
HKEY_CLASSES_ROOT\tldctl2.urllink\CurVer Tldctl2.URLLink.1
HKEY_CLASSES_ROOT\tldctl2.urllink URLLink Class
HKEY_LOCAL_MACHINE\software\classes\tldctl2.urllink\clsid
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source
HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag
HKEY_LOCAL_MACHINE\SOFTWARE\New.net InstalledVersion 393254
HKEY_LOCAL_MACHINE\software\new.net
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 393254
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet6_38.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=9dd38d1b6984185722da27efe72e5e08
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source kazaa_336
HKEY_LOCAL_MACHINE\software\new.net Prt NN100
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29738217
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1926096592
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 393254
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet6_38.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=9dd38d1b6984185722da27efe72e5e08
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source kazaa_336
HKEY_LOCAL_MACHINE\software\new.net Prt NN100
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29738217
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1926096592
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag


EverAd Trojan Adware more information...
Status: Quarantined

Infected registry entries detected
HKEY_CURRENT_USER\software\everad
HKEY_CURRENT_USER\software\everad\PlayJ Player Base Priority 32
HKEY_CURRENT_USER\software\everad\PlayJ Player String1 0
HKEY_CURRENT_USER\software\everad\PlayJ Player String2 1
HKEY_CURRENT_USER\software\everad\PlayJ Player Preset -1
HKEY_CURRENT_USER\software\everad\PlayJ Player Equalizer On 0
HKEY_CURRENT_USER\software\everad\PlayJ Player Last EQ Values
HKEY_CURRENT_USER\software\everad\PlayJ Player Loop 1
HKEY_CURRENT_USER\software\everad\PlayJ Player Shuffle 0
HKEY_CURRENT_USER\software\everad\PlayJ Player Volume
HKEY_CURRENT_USER\software\everad\PlayJ Player Balance
HKEY_CURRENT_USER\software\everad\PlayJ Player StayBig 0
HKEY_CURRENT_USER\software\everad\PlayJ Player MainTop 315
HKEY_CURRENT_USER\software\everad\PlayJ Player MainLeft 392
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListTop 548
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListLeft 86
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListHeight 138
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListWidth 241
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListSticky 4
HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListStickyTo 0
HKEY_CURRENT_USER\software\everad\PlayJ Player EQTop 453
HKEY_CURRENT_USER\software\everad\PlayJ Player EQLeft 392
HKEY_CURRENT_USER\software\everad\PlayJ Player EQSticky 3
HKEY_CURRENT_USER\software\everad\PlayJ Player EQStickyTo 1
HKEY_CURRENT_USER\software\everad\PlayJ Player ShowEqualizer 1


DownloadWare Adware more information...
Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\mlh
HKEY_LOCAL_MACHINE\software\mlh\dating RunCount 1
HKEY_LOCAL_MACHINE\software\mlh Guid 6A21071796F249A9BB93E8636E115289
HKEY_LOCAL_MACHINE\software\mlh Version 9
HKEY_LOCAL_MACHINE\software\mlh InstallTime 1049823751
HKEY_LOCAL_MACHINE\software\mlh Country --
HKEY_LOCAL_MACHINE\software\mlh PrevTime 1020042767
HKEY_LOCAL_MACHINE\software\mlh PrevApp 2
HKEY_CURRENT_USER\software\medialoads
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params paramversion 1
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params poprate 7200
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params popdelay 30
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params updateinterval 345600
HKEY_CURRENT_USER\software\medialoads\Enhanced\Params retryrate 86400
HKEY_CURRENT_USER\software\medialoads\Enhanced Guid 5C2AE80FFC874036B4752560D30C4F8D
HKEY_CURRENT_USER\software\medialoads\Enhanced Version 2
HKEY_CURRENT_USER\software\medialoads\Enhanced Register 0
HKEY_CURRENT_USER\software\medialoads\Enhanced PrevTime 1104768900
HKEY_CURRENT_USER\software\medialoads\Enhanced Cookie RF*TR_RF_SPMEDIAPOP|SU*#145:1104615370:1104615370:1104615370|PU*#145-1:1104615370:1104615370:1104615370|LU*#145-1-46:1104615370:1104615370:1104615370|AT*A:21189:2:1101750477_A:16471:10:1104615370_A:21
Seitenanfang Seitenende
17.10.2005, 12:40
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#74 LSPfix.exe http://www.spychecker.com/program/lspfix.html
hake an: "I know what Im doing"--Remove
und loesche die newdotnet6_38.dll
(eventuell musst du die dll von links nach rechts bringen)

setze vor alle Infos bei Counterspy "remove" und starte den PC neu.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.10.2005, 17:33
peppinoweb
Member

Beiträge: 12
#75 Hallo Sabina,

ich bin die newdotnet6_38.dll losgeworden. Seit gestern 23 Uhr läuft mein Rechner wieder ohne Probleme und die scans finden newdotnet6_38.dll auch nicht mehr.

Vielen Dank für deine Hilfe. Wie kann ich meinen Rechner speziell vor diesem Virus schützen?


Marco
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: