kein internet aufgrund "newdot~1.dll"Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
16.10.2005, 21:07
Ehrenmitglied
Beiträge: 29434 |
||
|
||
16.10.2005, 21:55
Member
Beiträge: 12 |
#62
Neustart hat nichts gebracht. Jetzt habe ich die Systemwiederherstelllung gestartet.
|
|
|
||
16.10.2005, 21:58
Ehrenmitglied
Beiträge: 29434 |
#63
wieso die Wiederherstellung ????? gab es denn noch probleme?
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.10.2005, 22:00
Member
Beiträge: 12 |
#64
Ja, ich konnte wieder keine Verbindung zum Internet herstellen...
|
|
|
||
16.10.2005, 22:01
Ehrenmitglied
Beiträge: 29434 |
#65
na gut, mache eine Systemwiederherstellung...weit weit zurueck und dann poste das neue Log vom HijackThis (dann beginnt wieder alles von vorn)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.10.2005, 22:09
Member
Beiträge: 12 |
#66
Ich habe die Systemwiederherstellung auf 12:10 Uhr gesetzt. Können wir den Scan nicht ab da fortführen?
|
|
|
||
16.10.2005, 22:10
Ehrenmitglied
Beiträge: 29434 |
#67
wieso auf 12.10 uhr ????
keine Internetverbindung mehr ???? WinsockFix (Fuer alle Betriebssysteme) http://www.winsockfix.nl/ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.10.2005, 22:14
Member
Beiträge: 12 |
#68
Seit der Wiederherstellung klappt es wieder.
|
|
|
||
16.10.2005, 22:30
Ehrenmitglied
Beiträge: 6028 |
||
|
||
16.10.2005, 22:37
Member
Beiträge: 12 |
#70
NewDotNet nicht, aber stoolbar kann ich nicht entfernen.
|
|
|
||
16.10.2005, 23:41
Ehrenmitglied
Beiträge: 29434 |
#71
dann alles von vorn, HijackThis, alles fixen, ewido und Counterspy
http://virus-protect.org/counterspy.html + scanreporte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.10.2005, 00:03
Ehrenmitglied
Beiträge: 6028 |
#72
Noch zum CounterSpy,nach der scan muss man sich entscheiden fuer
Ignore,Remove oder Quarantaine.Ich waehle immer Remove __________ MfG Argus |
|
|
||
17.10.2005, 07:12
Member
Beiträge: 12 |
#73
---------------------------------------------------------
ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 07:07:56, 17.10.2005 + Report-Checksumme: 7CB0B971 + Scanergebnis: C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\6BBD0EB7-0498-4998-9ECC-34F4FC -> Spyware.NewDotNet : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\4E06315A-4866-4142-874E-9E56E2 -> Spyware.NewDotNet : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\613BD4DC-1303-4C9E-A34C-36D047 -> Spyware.NewDotNet : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\18D42DB2-7BBF-4105-97E8-37B6E1 -> Spyware.NewDotNet : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\616BDEDC-8A13-4683-B35C-6475C3\12D9E8F0-166D-42A1-8A70-3E4F48 -> Spyware.NewDotNet : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\82A6F5FB-6439-4BB8-9357-7F0264\A99AAF8E-8282-4DFD-90C1-A9A36F -> Spyware.Downloadware : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\82A6F5FB-6439-4BB8-9357-7F0264\8E05368C-4B3C-497D-8CEC-65B5FE -> Spyware.MediaPops : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\720BA13A-7DEC-4358-9105-6BCA9F\C5C201AB-7B9C-4DFD-9AAB-C228BC -> Dialer.Generic : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Cookies\marco hampel@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Cookies\marco hampel@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup C:\Dokumente und Einstellungen\Marco Hampel\Cookies\marco hampel@axa.addcontrol[1].txt -> Spyware.Cookie.Addcontrol : Gesäubert mit Backup C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP139\A0033317.ex_ -> Heuristic.Win32.Dialer : Gesäubert mit Backup ::Report Ende Spyware Scan Details Start Date: 16.10.2005 22:12:20 End Date: 16.10.2005 22:43:47 Total Time: 31 mins 27 secs Detected spyware BearShare P2P more information... Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs. Status: Ignored Infected files detected c:\programme\bearshare\bearshare.exe c:\programme\bearshare\bsidle.dll c:\programme\bearshare\webstats.bat c:\programme\bearshare\history.txt c:\programme\bearshare\install.log c:\programme\bearshare\bearshare.dat c:\programme\bearshare\freepeers.ini c:\programme\bearshare\unwise.exe c:\programme\bearshare\unwise.ini c:\programme\bearshare\webstats.ini c:\programme\bearshare\runmsc.dll c:\programme\bearshare\webstats.exe c:\programme\bearshare\sounds\notify.wav c:\programme\bearshare\installer\bsinstallde.exe c:\programme\bearshare\db\hbcache.dat c:\programme\bearshare\db\gnucache.dat c:\programme\bearshare\db\connect.txt c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\hostiles.txt c:\programme\bearshare\db\library.dat c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt Infected registry entries detected HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare HKEY_LOCAL_MACHINE\software\classes\gnufile HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8 HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536 HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 4.6.1.2DE HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare IEPlugin Spyware more information... Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword. Status: Deleted NetworkEssentials Browser Plug-in more information... Details: Network Essentials is an IE Browser Helper Object which monitors URLs being viewed in the web browser. Status: Quarantined AntiLeech Plugin Adware more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Quarantined Infected files detected c:\programme\anti-leech\alnn\al2np.dll c:\programme\anti-leech\alnn\npalnn.dll c:\programme\anti-leech\alnn\alhlp.exe c:\programme\anti-leech\alnn\setup2.exe C:\Programme\Mozilla Firefox\plugins\al2np.dll C:\Programme\Mozilla Firefox\plugins\npalnn.dll C:\Programme\Mozilla Firefox\plugins\alhlp.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033358.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033359.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033360.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033361.dll C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033362.dll C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033363.dll C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033364.dll Infected registry entries detected HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0 C:\Programme\Mozilla Firefox\Plugins HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\Suffixes HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Path C:\Programme\Anti-Leech\ALNN\npalnn.dll HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Description Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Version 1.0.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Vendor Anti-Leech HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 ProductName Anti-Leech Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u PriceBandit Low Risk Adware more information... Details: It is an adware program that creates advertisments on your PC. Status: Ignored Delfin Media Viewer 2.11 Adware more information... Details: DelFin Media Viewer 2.11 is a program which creates advertisement on user's PC. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer Changed 0 Cydoor Adware more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Quarantined Infected files detected c:\windows\system32\cd_clint.dll WhenU.SaveNow Adware more information... Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior. Status: Quarantined Infected files detected C:\Programme\BearShare\Webstats.ini C:\Programme\BearShare\RunMSC.dll C:\Programme\BearShare\Webstats.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033366.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033367.dll C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033368.ini Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1 NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Quarantined Infected files detected C:\WINDOWS\NDNuninstall4_94.exe C:\System Volume Information\_restore{97EF4881-7250-4D5D-87FF-F97ED4AF409C}\RP143\A0033369.exe Infected registry entries detected HKEY_CLASSES_ROOT\tldctl2.urllink.1 HKEY_CLASSES_ROOT\tldctl2.urllink.1 URLLink Class HKEY_CLASSES_ROOT\tldctl2.urllink HKEY_CLASSES_ROOT\tldctl2.urllink\CurVer Tldctl2.URLLink.1 HKEY_CLASSES_ROOT\tldctl2.urllink URLLink Class HKEY_LOCAL_MACHINE\software\classes\tldctl2.urllink\clsid HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1 HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag HKEY_LOCAL_MACHINE\SOFTWARE\New.net InstalledVersion 393254 HKEY_LOCAL_MACHINE\software\new.net HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 393254 HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet6_38.dll HKEY_LOCAL_MACHINE\software\new.net Tag id=9dd38d1b6984185722da27efe72e5e08 HKEY_LOCAL_MACHINE\software\new.net DiscardTag HKEY_LOCAL_MACHINE\software\new.net FirstTime HKEY_LOCAL_MACHINE\software\new.net Source kazaa_336 HKEY_LOCAL_MACHINE\software\new.net Prt NN100 HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29738217 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1926096592 HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2 HKEY_LOCAL_MACHINE\software\new.net Search 1 HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 393254 HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet6_38.dll HKEY_LOCAL_MACHINE\software\new.net Tag id=9dd38d1b6984185722da27efe72e5e08 HKEY_LOCAL_MACHINE\software\new.net DiscardTag HKEY_LOCAL_MACHINE\software\new.net FirstTime HKEY_LOCAL_MACHINE\software\new.net Source kazaa_336 HKEY_LOCAL_MACHINE\software\new.net Prt NN100 HKEY_LOCAL_MACHINE\software\new.net LSPStatus 4 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29738217 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1926096592 HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2 HKEY_LOCAL_MACHINE\software\new.net Search 1 HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag EverAd Trojan Adware more information... Status: Quarantined Infected registry entries detected HKEY_CURRENT_USER\software\everad HKEY_CURRENT_USER\software\everad\PlayJ Player Base Priority 32 HKEY_CURRENT_USER\software\everad\PlayJ Player String1 0 HKEY_CURRENT_USER\software\everad\PlayJ Player String2 1 HKEY_CURRENT_USER\software\everad\PlayJ Player Preset -1 HKEY_CURRENT_USER\software\everad\PlayJ Player Equalizer On 0 HKEY_CURRENT_USER\software\everad\PlayJ Player Last EQ Values HKEY_CURRENT_USER\software\everad\PlayJ Player Loop 1 HKEY_CURRENT_USER\software\everad\PlayJ Player Shuffle 0 HKEY_CURRENT_USER\software\everad\PlayJ Player Volume HKEY_CURRENT_USER\software\everad\PlayJ Player Balance HKEY_CURRENT_USER\software\everad\PlayJ Player StayBig 0 HKEY_CURRENT_USER\software\everad\PlayJ Player MainTop 315 HKEY_CURRENT_USER\software\everad\PlayJ Player MainLeft 392 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListTop 548 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListLeft 86 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListHeight 138 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListWidth 241 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListSticky 4 HKEY_CURRENT_USER\software\everad\PlayJ Player PlayListStickyTo 0 HKEY_CURRENT_USER\software\everad\PlayJ Player EQTop 453 HKEY_CURRENT_USER\software\everad\PlayJ Player EQLeft 392 HKEY_CURRENT_USER\software\everad\PlayJ Player EQSticky 3 HKEY_CURRENT_USER\software\everad\PlayJ Player EQStickyTo 1 HKEY_CURRENT_USER\software\everad\PlayJ Player ShowEqualizer 1 DownloadWare Adware more information... Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\software\mlh HKEY_LOCAL_MACHINE\software\mlh\dating RunCount 1 HKEY_LOCAL_MACHINE\software\mlh Guid 6A21071796F249A9BB93E8636E115289 HKEY_LOCAL_MACHINE\software\mlh Version 9 HKEY_LOCAL_MACHINE\software\mlh InstallTime 1049823751 HKEY_LOCAL_MACHINE\software\mlh Country -- HKEY_LOCAL_MACHINE\software\mlh PrevTime 1020042767 HKEY_LOCAL_MACHINE\software\mlh PrevApp 2 HKEY_CURRENT_USER\software\medialoads HKEY_CURRENT_USER\software\medialoads\Enhanced\Params paramversion 1 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params poprate 7200 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params popdelay 30 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params updateinterval 345600 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params retryrate 86400 HKEY_CURRENT_USER\software\medialoads\Enhanced Guid 5C2AE80FFC874036B4752560D30C4F8D HKEY_CURRENT_USER\software\medialoads\Enhanced Version 2 HKEY_CURRENT_USER\software\medialoads\Enhanced Register 0 HKEY_CURRENT_USER\software\medialoads\Enhanced PrevTime 1104768900 HKEY_CURRENT_USER\software\medialoads\Enhanced Cookie RF*TR_RF_SPMEDIAPOP|SU*#145:1104615370:1104615370:1104615370|PU*#145-1:1104615370:1104615370:1104615370|LU*#145-1-46:1104615370:1104615370:1104615370|AT*A:21189:2:1101750477_A:16471:10:1104615370_A:21 |
|
|
||
17.10.2005, 12:40
Ehrenmitglied
Beiträge: 29434 |
#74
LSPfix.exe http://www.spychecker.com/program/lspfix.html
hake an: "I know what Im doing"--Remove und loesche die newdotnet6_38.dll (eventuell musst du die dll von links nach rechts bringen) setze vor alle Infos bei Counterspy "remove" und starte den PC neu. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.10.2005, 17:33
Member
Beiträge: 12 |
#75
Hallo Sabina,
ich bin die newdotnet6_38.dll losgeworden. Seit gestern 23 Uhr läuft mein Rechner wieder ohne Probleme und die scans finden newdotnet6_38.dll auch nicht mehr. Vielen Dank für deine Hilfe. Wie kann ich meinen Rechner speziell vor diesem Virus schützen? Marco |
|
|
||
fixe mit dem HijackThis:
O4 - HKLM\..\Run: [Sin Espias] C:\Programme\SinEspias\No-Spy.exe /autorun
PC neustarten
C:\Programme\SinEspias deinstallieren/loeschen
Onlinescan Panda (wenn der antivirus "meckert" nicht beachten"
poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina
rund um die PC-Sicherheit